diff --git a/docs/zh/docs/edge-computing/K3s/_toc.yaml b/docs/zh/docs/edge-computing/K3s/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..2f650354560b6e930979b4ee7a4efcd54a9cc40e --- /dev/null +++ b/docs/zh/docs/edge-computing/K3s/_toc.yaml @@ -0,0 +1,6 @@ +label: K3s部署指南 +isManual: true +description: K3s 是一个轻量级的 Kubernetes 发行版。 +sections: + - label: K3s部署指南 + href: ./k3s-deployment-guide.md diff --git a/docs/zh/docs/K3s/figures/agent-install.png b/docs/zh/docs/edge-computing/K3s/figures/agent-install.png similarity index 100% rename from docs/zh/docs/K3s/figures/agent-install.png rename to docs/zh/docs/edge-computing/K3s/figures/agent-install.png diff --git a/docs/zh/docs/K3s/figures/check-agent.png b/docs/zh/docs/edge-computing/K3s/figures/check-agent.png similarity index 100% rename from docs/zh/docs/K3s/figures/check-agent.png rename to docs/zh/docs/edge-computing/K3s/figures/check-agent.png diff --git a/docs/zh/docs/K3s/figures/check-server.png b/docs/zh/docs/edge-computing/K3s/figures/check-server.png similarity index 100% rename from docs/zh/docs/K3s/figures/check-server.png rename to docs/zh/docs/edge-computing/K3s/figures/check-server.png diff --git a/docs/zh/docs/K3s/figures/server-install.png b/docs/zh/docs/edge-computing/K3s/figures/server-install.png similarity index 100% rename from docs/zh/docs/K3s/figures/server-install.png rename to docs/zh/docs/edge-computing/K3s/figures/server-install.png diff --git a/docs/zh/docs/K3s/figures/set-hostname.png b/docs/zh/docs/edge-computing/K3s/figures/set-hostname.png similarity index 100% rename from docs/zh/docs/K3s/figures/set-hostname.png rename to docs/zh/docs/edge-computing/K3s/figures/set-hostname.png diff --git a/docs/zh/docs/K3s/figures/token.png b/docs/zh/docs/edge-computing/K3s/figures/token.png similarity index 100% rename from docs/zh/docs/K3s/figures/token.png rename to docs/zh/docs/edge-computing/K3s/figures/token.png diff --git a/docs/zh/docs/K3s/figures/yum-install.png b/docs/zh/docs/edge-computing/K3s/figures/yum-install.png similarity index 100% rename from docs/zh/docs/K3s/figures/yum-install.png rename to docs/zh/docs/edge-computing/K3s/figures/yum-install.png diff --git "a/docs/zh/docs/K3s/K3s\351\203\250\347\275\262\346\214\207\345\215\227.md" b/docs/zh/docs/edge-computing/K3s/k3s-deployment-guide.md similarity index 100% rename from "docs/zh/docs/K3s/K3s\351\203\250\347\275\262\346\214\207\345\215\227.md" rename to docs/zh/docs/edge-computing/K3s/k3s-deployment-guide.md diff --git "a/docs/zh/docs/KubeEdge/KubeEdge\351\203\250\347\275\262\346\214\207\345\215\227.md" b/docs/zh/docs/edge-computing/KubeEdge/KubeEdge-deployment-guide.md similarity index 100% rename from "docs/zh/docs/KubeEdge/KubeEdge\351\203\250\347\275\262\346\214\207\345\215\227.md" rename to docs/zh/docs/edge-computing/KubeEdge/KubeEdge-deployment-guide.md diff --git "a/docs/zh/docs/KubeEdge/KubeEdge\344\275\277\347\224\250\346\226\207\346\241\243.md" b/docs/zh/docs/edge-computing/KubeEdge/KubeEdge-user-document.md similarity index 100% rename from "docs/zh/docs/KubeEdge/KubeEdge\344\275\277\347\224\250\346\226\207\346\241\243.md" rename to docs/zh/docs/edge-computing/KubeEdge/KubeEdge-user-document.md diff --git a/docs/zh/docs/edge-computing/KubeEdge/_toc.yaml b/docs/zh/docs/edge-computing/KubeEdge/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..95715c34e42ed81a6317f9bc7fd84aee22e256f7 --- /dev/null +++ b/docs/zh/docs/edge-computing/KubeEdge/_toc.yaml @@ -0,0 +1,11 @@ +label: KubeEdge 边缘计算平台用户指南 +isManual: true +description: 主要介绍了边缘计算平台 KubeEdge 的部署与使用。 +sections: + - label: KubeEdge 边缘计算平台用户指南 + href: ./overview.md + sections: + - label: KubeEdge 使用文档 + href: ./KubeEdge-user-document.md + - label: KubeEdge 部署指南 + href: ./KubeEdge-deployment-guide.md \ No newline at end of file diff --git a/docs/zh/docs/KubeEdge/overview.md b/docs/zh/docs/edge-computing/KubeEdge/overview.md similarity index 100% rename from docs/zh/docs/KubeEdge/overview.md rename to docs/zh/docs/edge-computing/KubeEdge/overview.md diff --git a/docs/zh/docs/edge-computing/ROS/_toc.yaml b/docs/zh/docs/edge-computing/ROS/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..62b43ecd5a8809f1d94e55fb594f1684b7e58e23 --- /dev/null +++ b/docs/zh/docs/edge-computing/ROS/_toc.yaml @@ -0,0 +1,17 @@ +label: ROS 用户指南 +isManual: true +description: 主要介绍了 openEuler 系统上 ROS 的安装0部署与使用方法。 +sections: + - label: ROS 用户指南 + href: ./ros-user-guide.md + sections: + - label: 认识ROS + href: ./getting-to-know-ros.md + - label: 安装与部署 + href: ./installation-and-deployment.md + - label: 使用方法 + href: ./usage-guide.md + - label: 常见问题与解决方法 + href: ./faqs-and-solutions.md + - label: 附录 + href: ./appendix.md diff --git "a/docs/zh/docs/ROS/\351\231\204\345\275\225.md" b/docs/zh/docs/edge-computing/ROS/appendix.md similarity index 100% rename from "docs/zh/docs/ROS/\351\231\204\345\275\225.md" rename to docs/zh/docs/edge-computing/ROS/appendix.md diff --git "a/docs/zh/docs/ROS/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/docs/edge-computing/ROS/faqs-and-solutions.md similarity index 100% rename from "docs/zh/docs/ROS/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/docs/edge-computing/ROS/faqs-and-solutions.md diff --git a/docs/zh/docs/ROS/figures/ROS-ROS2.png b/docs/zh/docs/edge-computing/ROS/figures/ROS-ROS2.png similarity index 100% rename from docs/zh/docs/ROS/figures/ROS-ROS2.png rename to docs/zh/docs/edge-computing/ROS/figures/ROS-ROS2.png diff --git a/docs/zh/docs/ROS/figures/ROS-demo.png b/docs/zh/docs/edge-computing/ROS/figures/ROS-demo.png similarity index 100% rename from docs/zh/docs/ROS/figures/ROS-demo.png rename to docs/zh/docs/edge-computing/ROS/figures/ROS-demo.png diff --git a/docs/zh/docs/ROS/figures/ROS-release.png b/docs/zh/docs/edge-computing/ROS/figures/ROS-release.png similarity index 100% rename from docs/zh/docs/ROS/figures/ROS-release.png rename to docs/zh/docs/edge-computing/ROS/figures/ROS-release.png diff --git a/docs/zh/docs/ROS/figures/ROS2-release.png b/docs/zh/docs/edge-computing/ROS/figures/ROS2-release.png similarity index 100% rename from docs/zh/docs/ROS/figures/ROS2-release.png rename to docs/zh/docs/edge-computing/ROS/figures/ROS2-release.png diff --git a/docs/zh/docs/ROS/figures/problem.png b/docs/zh/docs/edge-computing/ROS/figures/problem.png similarity index 100% rename from docs/zh/docs/ROS/figures/problem.png rename to docs/zh/docs/edge-computing/ROS/figures/problem.png diff --git a/docs/zh/docs/ROS/figures/ros-humble.png b/docs/zh/docs/edge-computing/ROS/figures/ros-humble.png similarity index 100% rename from docs/zh/docs/ROS/figures/ros-humble.png rename to docs/zh/docs/edge-computing/ROS/figures/ros-humble.png diff --git a/docs/zh/docs/ROS/figures/turtlesim.png b/docs/zh/docs/edge-computing/ROS/figures/turtlesim.png similarity index 100% rename from docs/zh/docs/ROS/figures/turtlesim.png rename to docs/zh/docs/edge-computing/ROS/figures/turtlesim.png diff --git "a/docs/zh/docs/ROS/\350\256\244\350\257\206ROS.md" b/docs/zh/docs/edge-computing/ROS/getting-to-know-ros.md similarity index 100% rename from "docs/zh/docs/ROS/\350\256\244\350\257\206ROS.md" rename to docs/zh/docs/edge-computing/ROS/getting-to-know-ros.md diff --git "a/docs/zh/docs/ROS/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" b/docs/zh/docs/edge-computing/ROS/installation-and-deployment.md similarity index 100% rename from "docs/zh/docs/ROS/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" rename to docs/zh/docs/edge-computing/ROS/installation-and-deployment.md diff --git "a/docs/zh/docs/ROS/ROS\347\224\250\346\210\267\346\214\207\345\215\227.md" b/docs/zh/docs/edge-computing/ROS/ros-user-guide.md similarity index 100% rename from "docs/zh/docs/ROS/ROS\347\224\250\346\210\267\346\214\207\345\215\227.md" rename to docs/zh/docs/edge-computing/ROS/ros-user-guide.md diff --git "a/docs/zh/docs/ROS/\344\275\277\347\224\250\346\226\271\346\263\225.md" b/docs/zh/docs/edge-computing/ROS/usage-guide.md similarity index 100% rename from "docs/zh/docs/ROS/\344\275\277\347\224\250\346\226\271\346\263\225.md" rename to docs/zh/docs/edge-computing/ROS/usage-guide.md diff --git a/docs/zh/docs/server/_toc.yaml b/docs/zh/docs/server/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b1dcf949040a3c468417a097db11bd4a53d29ef9 --- /dev/null +++ b/docs/zh/docs/server/_toc.yaml @@ -0,0 +1,75 @@ +label: 服务器 +sections: + - label: 从这里开始 + sections: + - href: ./releasenotes/releasenotes/_toc.yaml + - href: ./quickstart/quickstart/_toc.yaml + - label: 安装升级 + sections: + - href: ./installation_upgrade/installation/_toc.yaml + - href: ./installation_upgrade/upgrade/_toc.yaml + - label: 系统管理 + sections: + - href: ./administration/administrator/_toc.yaml + - href: ./administration/sysmaster/_toc.yaml + - href: ./administration/compa_command/_toc.yaml + - label: 系统运维 + sections: + - href: ./maintenance/aops/_toc.yaml + - href: ./maintenance/gala/_toc.yaml + - href: ./maintenance/sysmonitor/_toc.yaml + - href: ./maintenance/kernel_live_upgrade/_toc.yaml + - href: ./maintenance/syscare/_toc.yaml + - href: ./maintenance/common_skills/_toc.yaml + - href: ./maintenance/common_tools/_toc.yaml + - href: ./maintenance/troubleshooting/_toc.yaml + - label: 安全 + sections: + - href: ./security/secharden/_toc.yaml + - href: ./security/trusted_computing/_toc.yaml + - href: ./security/secgear/_toc.yaml + - href: ./security/cve-ease/_toc.yaml + - href: ./security/cert_signature/_toc.yaml + - href: ./security/sbom/_toc.yaml + - href: ./security/shangmi/_toc.yaml + - label: 内存与存储 + sections: + - href: ./memory_storage/lvm/_toc.yaml + - href: ./memory_storage/etmem/_toc.yaml + - href: ./memory_storage/gmem/_toc.yaml + - href: ./memory_storage/hsak/_toc.yaml + - label: 网络 + sections: + - href: ./network/network_config/_toc.yaml + - href: ./network/gazelle/_toc.yaml + - label: 性能调优 + sections: + - label: 概述 + sections: + - href: ./performance/overall/system_resource/_toc.yaml + - label: 调优框架 + sections: + - href: ./performance/tuning_framework/oeaware/_toc.yaml + - label: CPU调优 + sections: + - href: ./performance/cpu_optimization/sysboost/_toc.yaml + - href: ./performance/cpu_optimization/kae/_toc.yaml + - label: 系统调优 + sections: + - href: ./performance/system_optimization/atune/_toc.yaml + - label: 内存调优 + sections: + - href: ./performance/tlbi/_toc.yaml + - label: 应用开发 + sections: + - href: ./development/application_dev/_toc.yaml + - href: ./development/BiSheng-Autotuner/_toc.yaml + - href: ./development/gcc/_toc.yaml + - href: ./development/llvm/_toc.yaml + - label: HA高可用 + sections: + - href: ./high_availability/ha/_toc.yaml + - label: 多样性算力 + sections: + - href: ./diversified_computing/dpu_offload/_toc.yaml + - href: ./diversified_computing/dpu_os/_toc.yaml diff --git a/docs/zh/docs/server/administration/administrator/_toc.yaml b/docs/zh/docs/server/administration/administrator/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..58d9a4674c44e920704a492c568f82954bccbe78 --- /dev/null +++ b/docs/zh/docs/server/administration/administrator/_toc.yaml @@ -0,0 +1,30 @@ +label: 管理员指南 +isManual: true +description: openEuler 系统常用的管理员操作 +sections: + - label: 查看系统信息 + href: ./viewing-system-information.md + - label: 基础配置 + href: ./basic-configuration.md + - label: 管理用户和用户组 + href: ./user-and-user-group-management.md + - label: 使用DNF管理软件包 + href: ./using-dnf-to-manage-software-packages.md + - label: 管理服务 + href: ./service-management.md + - label: 管理进程 + href: ./process-management.md + - label: 搭建服务 + href: ./configuring-services.md + sections: + - label: 搭建repo服务器 + href: ./configuring-the-repo-server.md + - label: 搭建FTP服务器 + href: ./configuring-the-ftp-server.md + - label: 搭建web服务器 + href: ./configuring-the-web-server.md + - label: 搭建数据库服务器 + href: ./setting-up-the-database-server.md + - label: 常见问题与解决方法 + href: ./configuring-services.md + \ No newline at end of file diff --git a/docs/zh/docs/Administration/administration.md b/docs/zh/docs/server/administration/administrator/administration.md similarity index 100% rename from docs/zh/docs/Administration/administration.md rename to docs/zh/docs/server/administration/administrator/administration.md diff --git "a/docs/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" b/docs/zh/docs/server/administration/administrator/basic-configuration.md similarity index 100% rename from "docs/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" rename to docs/zh/docs/server/administration/administrator/basic-configuration.md diff --git "a/docs/zh/docs/Administration/\346\220\255\345\273\272\346\234\215\345\212\241.md" b/docs/zh/docs/server/administration/administrator/configuring-services.md similarity index 100% rename from "docs/zh/docs/Administration/\346\220\255\345\273\272\346\234\215\345\212\241.md" rename to docs/zh/docs/server/administration/administrator/configuring-services.md diff --git "a/docs/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" b/docs/zh/docs/server/administration/administrator/configuring-the-ftp-server.md similarity index 100% rename from "docs/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" rename to docs/zh/docs/server/administration/administrator/configuring-the-ftp-server.md diff --git "a/docs/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" b/docs/zh/docs/server/administration/administrator/configuring-the-repo-server.md similarity index 100% rename from "docs/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" rename to docs/zh/docs/server/administration/administrator/configuring-the-repo-server.md diff --git "a/docs/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" b/docs/zh/docs/server/administration/administrator/configuring-the-web-server.md similarity index 100% rename from "docs/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" rename to docs/zh/docs/server/administration/administrator/configuring-the-web-server.md diff --git "a/docs/zh/docs/Administration/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/docs/server/administration/administrator/faq-and-solutions.md similarity index 100% rename from "docs/zh/docs/Administration/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/docs/server/administration/administrator/faq-and-solutions.md diff --git a/docs/zh/docs/Administration/figures/1665628542704.png b/docs/zh/docs/server/administration/administrator/figures/1665628542704.png similarity index 100% rename from docs/zh/docs/Administration/figures/1665628542704.png rename to docs/zh/docs/server/administration/administrator/figures/1665628542704.png diff --git a/docs/zh/docs/Administration/figures/AT_CHECK_Process.png b/docs/zh/docs/server/administration/administrator/figures/AT_CHECK_Process.png similarity index 100% rename from docs/zh/docs/Administration/figures/AT_CHECK_Process.png rename to docs/zh/docs/server/administration/administrator/figures/AT_CHECK_Process.png diff --git a/docs/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png b/docs/zh/docs/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png similarity index 100% rename from docs/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png rename to docs/zh/docs/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png diff --git a/docs/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png b/docs/zh/docs/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png similarity index 100% rename from docs/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png rename to docs/zh/docs/server/administration/administrator/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png diff --git a/docs/zh/docs/Administration/figures/PostgreSql_architecture.png b/docs/zh/docs/server/administration/administrator/figures/PostgreSql_architecture.png similarity index 100% rename from docs/zh/docs/Administration/figures/PostgreSql_architecture.png rename to docs/zh/docs/server/administration/administrator/figures/PostgreSql_architecture.png diff --git a/docs/zh/docs/Administration/figures/Process_Of_EXECVAT_ATCHECK.png b/docs/zh/docs/server/administration/administrator/figures/Process_Of_EXECVAT_ATCHECK.png similarity index 100% rename from docs/zh/docs/Administration/figures/Process_Of_EXECVAT_ATCHECK.png rename to docs/zh/docs/server/administration/administrator/figures/Process_Of_EXECVAT_ATCHECK.png diff --git a/docs/zh/docs/Administration/figures/RA-arch-1.png b/docs/zh/docs/server/administration/administrator/figures/RA-arch-1.png similarity index 100% rename from docs/zh/docs/Administration/figures/RA-arch-1.png rename to docs/zh/docs/server/administration/administrator/figures/RA-arch-1.png diff --git a/docs/zh/docs/Administration/figures/RA-arch-2.png b/docs/zh/docs/server/administration/administrator/figures/RA-arch-2.png similarity index 100% rename from docs/zh/docs/Administration/figures/RA-arch-2.png rename to docs/zh/docs/server/administration/administrator/figures/RA-arch-2.png diff --git a/docs/zh/docs/Administration/figures/TPCM.png b/docs/zh/docs/server/administration/administrator/figures/TPCM.png similarity index 100% rename from docs/zh/docs/Administration/figures/TPCM.png rename to docs/zh/docs/server/administration/administrator/figures/TPCM.png diff --git a/docs/zh/docs/Administration/figures/creat_datadisk.png b/docs/zh/docs/server/administration/administrator/figures/creat_datadisk.png similarity index 100% rename from docs/zh/docs/Administration/figures/creat_datadisk.png rename to docs/zh/docs/server/administration/administrator/figures/creat_datadisk.png diff --git a/docs/zh/docs/Administration/figures/creat_datadisk1.png b/docs/zh/docs/server/administration/administrator/figures/creat_datadisk1.png similarity index 100% rename from docs/zh/docs/Administration/figures/creat_datadisk1.png rename to docs/zh/docs/server/administration/administrator/figures/creat_datadisk1.png diff --git a/docs/zh/docs/Administration/figures/dim_architecture.jpg b/docs/zh/docs/server/administration/administrator/figures/dim_architecture.jpg similarity index 100% rename from docs/zh/docs/Administration/figures/dim_architecture.jpg rename to docs/zh/docs/server/administration/administrator/figures/dim_architecture.jpg diff --git a/docs/zh/docs/Administration/figures/etmem-system-architecture.png b/docs/zh/docs/server/administration/administrator/figures/etmem-system-architecture.png similarity index 100% rename from docs/zh/docs/Administration/figures/etmem-system-architecture.png rename to docs/zh/docs/server/administration/administrator/figures/etmem-system-architecture.png diff --git a/docs/zh/docs/Administration/figures/ima_digest_list_update.png b/docs/zh/docs/server/administration/administrator/figures/ima_digest_list_update.png similarity index 100% rename from docs/zh/docs/Administration/figures/ima_digest_list_update.png rename to docs/zh/docs/server/administration/administrator/figures/ima_digest_list_update.png diff --git a/docs/zh/docs/Administration/figures/ima_performance.gif b/docs/zh/docs/server/administration/administrator/figures/ima_performance.gif similarity index 100% rename from docs/zh/docs/Administration/figures/ima_performance.gif rename to docs/zh/docs/server/administration/administrator/figures/ima_performance.gif diff --git a/docs/zh/docs/Administration/figures/ima_verification.png b/docs/zh/docs/server/administration/administrator/figures/ima_verification.png similarity index 100% rename from docs/zh/docs/Administration/figures/ima_verification.png rename to docs/zh/docs/server/administration/administrator/figures/ima_verification.png diff --git a/docs/zh/docs/Administration/figures/logical_architectureofMariaDB.png b/docs/zh/docs/server/administration/administrator/figures/logical_architectureofMariaDB.png similarity index 100% rename from docs/zh/docs/Administration/figures/logical_architectureofMariaDB.png rename to docs/zh/docs/server/administration/administrator/figures/logical_architectureofMariaDB.png diff --git a/docs/zh/docs/Administration/figures/login.png b/docs/zh/docs/server/administration/administrator/figures/login.png similarity index 100% rename from docs/zh/docs/Administration/figures/login.png rename to docs/zh/docs/server/administration/administrator/figures/login.png diff --git a/docs/zh/docs/Administration/figures/nginx_deployed_success.png b/docs/zh/docs/server/administration/administrator/figures/nginx_deployed_success.png similarity index 100% rename from docs/zh/docs/Administration/figures/nginx_deployed_success.png rename to docs/zh/docs/server/administration/administrator/figures/nginx_deployed_success.png diff --git a/docs/zh/docs/Administration/figures/nginx_start_failed.png b/docs/zh/docs/server/administration/administrator/figures/nginx_start_failed.png similarity index 100% rename from docs/zh/docs/Administration/figures/nginx_start_failed.png rename to docs/zh/docs/server/administration/administrator/figures/nginx_start_failed.png diff --git a/docs/zh/docs/Administration/figures/nginx_start_success.png b/docs/zh/docs/server/administration/administrator/figures/nginx_start_success.png similarity index 100% rename from docs/zh/docs/Administration/figures/nginx_start_success.png rename to docs/zh/docs/server/administration/administrator/figures/nginx_start_success.png diff --git a/docs/zh/docs/Administration/figures/postgres.png b/docs/zh/docs/server/administration/administrator/figures/postgres.png similarity index 100% rename from docs/zh/docs/Administration/figures/postgres.png rename to docs/zh/docs/server/administration/administrator/figures/postgres.png diff --git a/docs/zh/docs/Administration/figures/root_of_trust_framework.png b/docs/zh/docs/server/administration/administrator/figures/root_of_trust_framework.png similarity index 100% rename from docs/zh/docs/Administration/figures/root_of_trust_framework.png rename to docs/zh/docs/server/administration/administrator/figures/root_of_trust_framework.png diff --git a/docs/zh/docs/Administration/figures/top_display.png b/docs/zh/docs/server/administration/administrator/figures/top_display.png similarity index 100% rename from docs/zh/docs/Administration/figures/top_display.png rename to docs/zh/docs/server/administration/administrator/figures/top_display.png diff --git a/docs/zh/docs/Administration/figures/trusted_chain.png b/docs/zh/docs/server/administration/administrator/figures/trusted_chain.png similarity index 100% rename from docs/zh/docs/Administration/figures/trusted_chain.png rename to docs/zh/docs/server/administration/administrator/figures/trusted_chain.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0229622729.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0229622729.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0229622729.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0229622729.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0229622789.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0229622789.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0229622789.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0229622789.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0230050789.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0230050789.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0230050789.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0230050789.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143176.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143176.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143176.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143176.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143177.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143177.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143177.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143177.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143178.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143178.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143178.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143178.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143180.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143180.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143180.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143180.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143181.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143181.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143181.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143181.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143183.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143183.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143183.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143183.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143185.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143185.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143185.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143185.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143187.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143187.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143187.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143187.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143189.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143189.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143189.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143189.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143191.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143191.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143191.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143191.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143193.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143193.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143193.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143193.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143195.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143195.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143195.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143195.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143196.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143196.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143196.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143196.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143197.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143197.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143197.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143197.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231143198.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143198.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231143198.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231143198.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231563132.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231563132.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231563132.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231563132.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231563134.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231563134.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231563134.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231563134.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231563135.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231563135.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231563135.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231563135.png diff --git a/docs/zh/docs/Administration/figures/zh-cn_image_0231563136.png b/docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231563136.png similarity index 100% rename from docs/zh/docs/Administration/figures/zh-cn_image_0231563136.png rename to docs/zh/docs/server/administration/administrator/figures/zh-cn_image_0231563136.png diff --git "a/docs/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" b/docs/zh/docs/server/administration/administrator/process-management.md similarity index 100% rename from "docs/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" rename to docs/zh/docs/server/administration/administrator/process-management.md diff --git a/docs/zh/docs/A-Tune/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/administration/administrator/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/A-Tune/public_sys-resources/icon-caution.gif rename to docs/zh/docs/server/administration/administrator/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/A-Tune/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/administration/administrator/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/A-Tune/public_sys-resources/icon-danger.gif rename to docs/zh/docs/server/administration/administrator/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/A-Ops/figures/icon-note.gif b/docs/zh/docs/server/administration/administrator/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/A-Ops/figures/icon-note.gif rename to docs/zh/docs/server/administration/administrator/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/A-Tune/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/administration/administrator/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/A-Tune/public_sys-resources/icon-notice.gif rename to docs/zh/docs/server/administration/administrator/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/A-Tune/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/administration/administrator/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/A-Tune/public_sys-resources/icon-tip.gif rename to docs/zh/docs/server/administration/administrator/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/A-Tune/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/administration/administrator/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/A-Tune/public_sys-resources/icon-warning.gif rename to docs/zh/docs/server/administration/administrator/public_sys-resources/icon-warning.gif diff --git "a/docs/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" b/docs/zh/docs/server/administration/administrator/service-management.md similarity index 100% rename from "docs/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" rename to docs/zh/docs/server/administration/administrator/service-management.md diff --git "a/docs/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" b/docs/zh/docs/server/administration/administrator/setting-up-the-database-server.md similarity index 100% rename from "docs/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" rename to docs/zh/docs/server/administration/administrator/setting-up-the-database-server.md diff --git "a/docs/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" b/docs/zh/docs/server/administration/administrator/user-and-user-group-management.md similarity index 100% rename from "docs/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" rename to docs/zh/docs/server/administration/administrator/user-and-user-group-management.md diff --git "a/docs/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" b/docs/zh/docs/server/administration/administrator/using-dnf-to-manage-software-packages.md similarity index 100% rename from "docs/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" rename to docs/zh/docs/server/administration/administrator/using-dnf-to-manage-software-packages.md diff --git "a/docs/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" b/docs/zh/docs/server/administration/administrator/viewing-system-information.md similarity index 100% rename from "docs/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" rename to docs/zh/docs/server/administration/administrator/viewing-system-information.md diff --git a/docs/zh/docs/server/administration/compa_command/_toc.yaml b/docs/zh/docs/server/administration/compa_command/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..eda11b6d713bff417d94f7214158762d05a330b5 --- /dev/null +++ b/docs/zh/docs/server/administration/compa_command/_toc.yaml @@ -0,0 +1,11 @@ +label: 兼容性命令 +isManual: true +description: 基于 Rust 语言重构的 shell 及 Linux 命令,与 Linux 原生命令兼容 +sections: + - label: 兼容性命令 + href: ./overview.md + sections: + - label: utshell用户指南 + href: ./utshell-guide.md + - label: utsudo用户指南 + href: ./utsudo-user-guide.md diff --git a/docs/zh/docs/memsafety/utsudo/figures/image-20230828094539717.png b/docs/zh/docs/server/administration/compa_command/figures/image-20230828094539717.png similarity index 100% rename from docs/zh/docs/memsafety/utsudo/figures/image-20230828094539717.png rename to docs/zh/docs/server/administration/compa_command/figures/image-20230828094539717.png diff --git a/docs/zh/docs/memsafety/utsudo/figures/image-20230828094723153.png b/docs/zh/docs/server/administration/compa_command/figures/image-20230828094723153.png similarity index 100% rename from docs/zh/docs/memsafety/utsudo/figures/image-20230828094723153.png rename to docs/zh/docs/server/administration/compa_command/figures/image-20230828094723153.png diff --git a/docs/zh/docs/memsafety/utsudo/figures/image-20230828135001624.png b/docs/zh/docs/server/administration/compa_command/figures/image-20230828135001624.png similarity index 100% rename from docs/zh/docs/memsafety/utsudo/figures/image-20230828135001624.png rename to docs/zh/docs/server/administration/compa_command/figures/image-20230828135001624.png diff --git a/docs/zh/docs/memsafety/utsudo/figures/image-20230828140355863.png b/docs/zh/docs/server/administration/compa_command/figures/image-20230828140355863.png similarity index 100% rename from docs/zh/docs/memsafety/utsudo/figures/image-20230828140355863.png rename to docs/zh/docs/server/administration/compa_command/figures/image-20230828140355863.png diff --git a/docs/zh/docs/memsafety/utsudo/figures/image-20230828140709441.png b/docs/zh/docs/server/administration/compa_command/figures/image-20230828140709441.png similarity index 100% rename from docs/zh/docs/memsafety/utsudo/figures/image-20230828140709441.png rename to docs/zh/docs/server/administration/compa_command/figures/image-20230828140709441.png diff --git a/docs/zh/docs/memsafety/utshell/media/media/image1.png b/docs/zh/docs/server/administration/compa_command/media/media/image1.png similarity index 100% rename from docs/zh/docs/memsafety/utshell/media/media/image1.png rename to docs/zh/docs/server/administration/compa_command/media/media/image1.png diff --git a/docs/zh/docs/memsafety/utshell/media/media/image2.png b/docs/zh/docs/server/administration/compa_command/media/media/image2.png similarity index 100% rename from docs/zh/docs/memsafety/utshell/media/media/image2.png rename to docs/zh/docs/server/administration/compa_command/media/media/image2.png diff --git a/docs/zh/docs/memsafety/utshell/media/media/image3.png b/docs/zh/docs/server/administration/compa_command/media/media/image3.png similarity index 100% rename from docs/zh/docs/memsafety/utshell/media/media/image3.png rename to docs/zh/docs/server/administration/compa_command/media/media/image3.png diff --git a/docs/zh/docs/memsafety/utshell/media/media/image4.png b/docs/zh/docs/server/administration/compa_command/media/media/image4.png similarity index 100% rename from docs/zh/docs/memsafety/utshell/media/media/image4.png rename to docs/zh/docs/server/administration/compa_command/media/media/image4.png diff --git a/docs/zh/docs/memsafety/overview.md b/docs/zh/docs/server/administration/compa_command/overview.md similarity index 99% rename from docs/zh/docs/memsafety/overview.md rename to docs/zh/docs/server/administration/compa_command/overview.md index 307121da56cbd86c12fb5710380ae61162e931dc..76fde7cef6cf6c41594275e75ab437392c0b4d23 100644 --- a/docs/zh/docs/memsafety/overview.md +++ b/docs/zh/docs/server/administration/compa_command/overview.md @@ -1 +1 @@ -本文档是介绍基于 Rust 语言重构的 shell 及 Linux 命令,可在 openEuler 系统上使用,与 Linux 原生命令兼容。 +本文档是介绍基于 Rust 语言重构的 shell 及 Linux 命令,可在 openEuler 系统上使用,与 Linux 原生命令兼容。 diff --git a/docs/zh/docs/memsafety/utshell/utshell_guide.md b/docs/zh/docs/server/administration/compa_command/utshell-guide.md similarity index 100% rename from docs/zh/docs/memsafety/utshell/utshell_guide.md rename to docs/zh/docs/server/administration/compa_command/utshell-guide.md diff --git "a/docs/zh/docs/memsafety/utsudo/utsudo-\347\224\250\346\210\267\346\214\207\345\215\227.md" b/docs/zh/docs/server/administration/compa_command/utsudo-user-guide.md similarity index 100% rename from "docs/zh/docs/memsafety/utsudo/utsudo-\347\224\250\346\210\267\346\214\207\345\215\227.md" rename to docs/zh/docs/server/administration/compa_command/utsudo-user-guide.md diff --git a/docs/zh/docs/server/administration/sysmaster/_toc.yaml b/docs/zh/docs/server/administration/sysmaster/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1d11a2e0371b80e538208a69dce53cca4b10214d --- /dev/null +++ b/docs/zh/docs/server/administration/sysmaster/_toc.yaml @@ -0,0 +1,20 @@ +label: sysMaster用户指南 +isManual: true +description: 使用 sysMaster 管理服务器和设备 +sections: + - label: 概述 + href: ./overview.md + - label: 服务管理 + href: ./service_management.md + sections: + - label: 安装与部署 + href: ./sysmaster_install_deploy.md + - label: 使用说明 + href: ./sysmaster_usage.md + - label: 设备管理 + href: ./device_management.md + sections: + - label: 安装与部署 + href: ./devmaster_install_deploy.md + - label: 使用说明 + href: ./devmaster_usage.md diff --git "a/docs/zh/docs/sysMaster/\350\256\276\345\244\207\347\256\241\347\220\206\347\256\200\344\273\213.md" b/docs/zh/docs/server/administration/sysmaster/device_management.md similarity index 100% rename from "docs/zh/docs/sysMaster/\350\256\276\345\244\207\347\256\241\347\220\206\347\256\200\344\273\213.md" rename to docs/zh/docs/server/administration/sysmaster/device_management.md diff --git "a/docs/zh/docs/sysMaster/devmaster\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" b/docs/zh/docs/server/administration/sysmaster/devmaster_install_deploy.md similarity index 100% rename from "docs/zh/docs/sysMaster/devmaster\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" rename to docs/zh/docs/server/administration/sysmaster/devmaster_install_deploy.md diff --git "a/docs/zh/docs/sysMaster/devmaster\344\275\277\347\224\250\350\257\264\346\230\216.md" b/docs/zh/docs/server/administration/sysmaster/devmaster_usage.md similarity index 100% rename from "docs/zh/docs/sysMaster/devmaster\344\275\277\347\224\250\350\257\264\346\230\216.md" rename to docs/zh/docs/server/administration/sysmaster/devmaster_usage.md diff --git a/docs/zh/docs/sysMaster/figures/devmaster_architecture.png b/docs/zh/docs/server/administration/sysmaster/figures/devmaster_architecture.png similarity index 100% rename from docs/zh/docs/sysMaster/figures/devmaster_architecture.png rename to docs/zh/docs/server/administration/sysmaster/figures/devmaster_architecture.png diff --git a/docs/zh/docs/sysMaster/figures/sysMaster.png b/docs/zh/docs/server/administration/sysmaster/figures/sysMaster.png similarity index 100% rename from docs/zh/docs/sysMaster/figures/sysMaster.png rename to docs/zh/docs/server/administration/sysmaster/figures/sysMaster.png diff --git a/docs/zh/docs/sysMaster/overview.md b/docs/zh/docs/server/administration/sysmaster/overview.md similarity index 100% rename from docs/zh/docs/sysMaster/overview.md rename to docs/zh/docs/server/administration/sysmaster/overview.md diff --git a/docs/zh/docs/Administration/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/Administration/public_sys-resources/icon-caution.gif rename to docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/Administration/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/Administration/public_sys-resources/icon-danger.gif rename to docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/A-Tune/public_sys-resources/icon-note.gif b/docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/A-Tune/public_sys-resources/icon-note.gif rename to docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/Administration/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/Administration/public_sys-resources/icon-notice.gif rename to docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/Administration/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/Administration/public_sys-resources/icon-tip.gif rename to docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/Administration/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/Administration/public_sys-resources/icon-warning.gif rename to docs/zh/docs/server/administration/sysmaster/public_sys-resources/icon-warning.gif diff --git "a/docs/zh/docs/sysMaster/\346\234\215\345\212\241\347\256\241\347\220\206.md" b/docs/zh/docs/server/administration/sysmaster/service_management.md similarity index 100% rename from "docs/zh/docs/sysMaster/\346\234\215\345\212\241\347\256\241\347\220\206.md" rename to docs/zh/docs/server/administration/sysmaster/service_management.md diff --git "a/docs/zh/docs/sysMaster/sysmaster\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" b/docs/zh/docs/server/administration/sysmaster/sysmaster_install_deploy.md similarity index 100% rename from "docs/zh/docs/sysMaster/sysmaster\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" rename to docs/zh/docs/server/administration/sysmaster/sysmaster_install_deploy.md diff --git "a/docs/zh/docs/sysMaster/sysmaster\344\275\277\347\224\250\350\257\264\346\230\216.md" b/docs/zh/docs/server/administration/sysmaster/sysmaster_usage.md similarity index 100% rename from "docs/zh/docs/sysMaster/sysmaster\344\275\277\347\224\250\350\257\264\346\230\216.md" rename to docs/zh/docs/server/administration/sysmaster/sysmaster_usage.md diff --git a/docs/zh/docs/server/development/FangTian/_toc.yaml b/docs/zh/docs/server/development/FangTian/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..22a11303d76c693b9987bd16dd352f62f8169eef --- /dev/null +++ b/docs/zh/docs/server/development/FangTian/_toc.yaml @@ -0,0 +1,12 @@ +label: FangTian视窗引擎 +isManual: true +description: FangTian视窗引擎的安装及开发使用指南。 +sections: + - label: FangTian视窗引擎 + href: ./overview.md + sections: + - label: FangTian环境配置 + href: ./fangtian-environment-configuration.md + sections: + - label: FangTian支持Wayland应用及鸿蒙应用 + href: ./fantian-supports-waylan-applications-and-harmonyos-applications.md \ No newline at end of file diff --git "a/docs/zh/docs/FangTian/FangTian\347\216\257\345\242\203\351\205\215\347\275\256.md" b/docs/zh/docs/server/development/FangTian/fangtian-environment-configuration.md similarity index 100% rename from "docs/zh/docs/FangTian/FangTian\347\216\257\345\242\203\351\205\215\347\275\256.md" rename to docs/zh/docs/server/development/FangTian/fangtian-environment-configuration.md diff --git "a/docs/zh/docs/FangTian/FangTian\346\224\257\346\214\201Wayland\345\272\224\347\224\250\345\217\212\351\270\277\350\222\231\345\272\224\347\224\250.md" b/docs/zh/docs/server/development/FangTian/fantian-supports-waylan-applications-and-harmonyos-applications.md similarity index 100% rename from "docs/zh/docs/FangTian/FangTian\346\224\257\346\214\201Wayland\345\272\224\347\224\250\345\217\212\351\270\277\350\222\231\345\272\224\347\224\250.md" rename to docs/zh/docs/server/development/FangTian/fantian-supports-waylan-applications-and-harmonyos-applications.md diff --git a/docs/zh/docs/FangTian/figures/arkui_ele.png b/docs/zh/docs/server/development/FangTian/figures/arkui_ele.png similarity index 100% rename from docs/zh/docs/FangTian/figures/arkui_ele.png rename to docs/zh/docs/server/development/FangTian/figures/arkui_ele.png diff --git a/docs/zh/docs/FangTian/figures/desktop_simple_apps.png b/docs/zh/docs/server/development/FangTian/figures/desktop_simple_apps.png similarity index 100% rename from docs/zh/docs/FangTian/figures/desktop_simple_apps.png rename to docs/zh/docs/server/development/FangTian/figures/desktop_simple_apps.png diff --git a/docs/zh/docs/FangTian/figures/wayland_apps.png b/docs/zh/docs/server/development/FangTian/figures/wayland_apps.png similarity index 100% rename from docs/zh/docs/FangTian/figures/wayland_apps.png rename to docs/zh/docs/server/development/FangTian/figures/wayland_apps.png diff --git a/docs/zh/docs/FangTian/overview.md b/docs/zh/docs/server/development/FangTian/overview.md similarity index 100% rename from docs/zh/docs/FangTian/overview.md rename to docs/zh/docs/server/development/FangTian/overview.md diff --git a/docs/zh/docs/server/development/ai4c/_toc.yaml b/docs/zh/docs/server/development/ai4c/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c4f28bfc00681c3f33337cabd2a7e12e7d9be003 --- /dev/null +++ b/docs/zh/docs/server/development/ai4c/_toc.yaml @@ -0,0 +1,6 @@ +label: AI4C使用手册 +isManual: true +description: AI4C 代表 AI 辅助编译器的套件,是一个使编译器能够集成机器学习驱动编译优化的框架。 +sections: + - label: AI4C使用手册 + href: ./ai4c-user-manual.md diff --git "a/docs/zh/docs/AI4C/AI4C\347\224\250\346\210\267\344\275\277\347\224\250\346\214\207\345\215\227.md" b/docs/zh/docs/server/development/ai4c/ai4c-user-manual.md similarity index 96% rename from "docs/zh/docs/AI4C/AI4C\347\224\250\346\210\267\344\275\277\347\224\250\346\214\207\345\215\227.md" rename to docs/zh/docs/server/development/ai4c/ai4c-user-manual.md index a988512cb3f6b3fde31afe34649e301c490bd9f5..359f1a20da58744531d99dee72c8512c838782d8 100644 --- "a/docs/zh/docs/AI4C/AI4C\347\224\250\346\210\267\344\275\277\347\224\250\346\214\207\345\215\227.md" +++ b/docs/zh/docs/server/development/ai4c/ai4c-user-manual.md @@ -229,9 +229,9 @@ $gcc_compiler test.c -O2 -o test \ | 选项名 | 说明 | | ---------------------------------------------------- | ------------------------------------------------------------ | | -fplugin | 指定循环展开与函数内联插件的**绝对路径**(`-fplugin=/path/to/.so`)。 | -| -fplugin-arg--engine | 指定函数内联 ONNX 模型的推理引擎**绝对路径**(`-fplugin-arg--inline_model=/path/to/inference_engine.so`),需要与`-fplugin`同时开启。`/path/to/inference_engine.so`的路径可通过`ai4c-gcc --inference-engine`获得。 | -| -fplugin-arg--inline_model | 指定函数内联 ONNX 模型的**绝对路径**(`-fplugin-arg--inline_model=/path/to/inline_model.onnx`),需要与`-fplugin`和`-fplugin-arg--engine`同时开启。 | -| -fplugin-arg--unroll_model | 指定循环展开 ONNX 模型的**绝对路径**(`-fplugin-arg--unroll_model=/path/to/unroll_model.onnx`),需要与`-fplugin`和`-fplugin-arg--engine`同时开启。 | +| -fplugin-arg-\-engine | 指定函数内联 ONNX 模型的推理引擎**绝对路径**(`-fplugin-arg--inline_model=/path/to/inference_engine.so`),需要与`-fplugin`同时开启。`/path/to/inference_engine.so`的路径可通过`ai4c-gcc --inference-engine`获得。 | +| -fplugin-arg-\-inline_model | 指定函数内联 ONNX 模型的**绝对路径**(`-fplugin-arg--inline_model=/path/to/inline_model.onnx`),需要与`-fplugin`和`-fplugin-arg--engine`同时开启。 | +| -fplugin-arg-\-unroll_model | 指定循环展开 ONNX 模型的**绝对路径**(`-fplugin-arg--unroll_model=/path/to/unroll_model.onnx`),需要与`-fplugin`和`-fplugin-arg--engine`同时开启。 | 用户可同时启用一个 GCC 插件内的多个 AI 辅助编译优化模型,例如: diff --git a/docs/zh/docs/server/development/application_dev/_toc.yaml b/docs/zh/docs/server/development/application_dev/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..baa8eac9b78d25141cf89cd4f5f87b389b0000f6 --- /dev/null +++ b/docs/zh/docs/server/development/application_dev/_toc.yaml @@ -0,0 +1,20 @@ +label: 应用开发指南 +isManual: true +description: 基于 openEuler 开发应用程序 +sections: + - label: 概述 + href: ./application-development.md + - label: 开发环境准备 + href: ./preparations-for-development-environment.md + - label: 使用GCC编译 + href: ./using-gcc-for-compilation.md + - label: 使用Clang编译 + href: ./using-clang-for-compilation.md + - label: 使用make编译 + href: ./using-make-for-compilation.md + - label: 使用JDK编译 + href: ./using-jdk-for-compilation.md + - label: 构建RPM包 + href: ./building-an-rpm-package.md + - label: 常见问题与解决方法 + href: ./faqs-and-solutions.md diff --git a/docs/zh/docs/ApplicationDev/application-development.md b/docs/zh/docs/server/development/application_dev/application-development.md similarity index 100% rename from docs/zh/docs/ApplicationDev/application-development.md rename to docs/zh/docs/server/development/application_dev/application-development.md diff --git "a/docs/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" b/docs/zh/docs/server/development/application_dev/building-an-rpm-package.md similarity index 100% rename from "docs/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" rename to docs/zh/docs/server/development/application_dev/building-an-rpm-package.md diff --git "a/docs/zh/docs/ApplicationDev/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/docs/server/development/application_dev/faqs-and-solutions.md similarity index 100% rename from "docs/zh/docs/ApplicationDev/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/docs/server/development/application_dev/faqs-and-solutions.md diff --git a/docs/zh/docs/ApplicationDev/figures/Branch-Confirmationpage.png b/docs/zh/docs/server/development/application_dev/figures/Branch-Confirmationpage.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/Branch-Confirmationpage.png rename to docs/zh/docs/server/development/application_dev/figures/Branch-Confirmationpage.png diff --git a/docs/zh/docs/ApplicationDev/figures/Create-Packagepage.png b/docs/zh/docs/server/development/application_dev/figures/Create-Packagepage.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/Create-Packagepage.png rename to docs/zh/docs/server/development/application_dev/figures/Create-Packagepage.png diff --git a/docs/zh/docs/ApplicationDev/figures/RPM_package_download.png b/docs/zh/docs/server/development/application_dev/figures/RPM_package_download.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/RPM_package_download.png rename to docs/zh/docs/server/development/application_dev/figures/RPM_package_download.png diff --git a/docs/zh/docs/ApplicationDev/figures/Repositoriespage.png b/docs/zh/docs/server/development/application_dev/figures/Repositoriespage.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/Repositoriespage.png rename to docs/zh/docs/server/development/application_dev/figures/Repositoriespage.png diff --git a/docs/zh/docs/ApplicationDev/figures/delete_package.png b/docs/zh/docs/server/development/application_dev/figures/delete_package.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/delete_package.png rename to docs/zh/docs/server/development/application_dev/figures/delete_package.png diff --git a/docs/zh/docs/ApplicationDev/figures/filepage.png b/docs/zh/docs/server/development/application_dev/figures/filepage.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/filepage.png rename to docs/zh/docs/server/development/application_dev/figures/filepage.png diff --git a/docs/zh/docs/ApplicationDev/figures/setting_software_info.png b/docs/zh/docs/server/development/application_dev/figures/setting_software_info.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/setting_software_info.png rename to docs/zh/docs/server/development/application_dev/figures/setting_software_info.png diff --git a/docs/zh/docs/ApplicationDev/figures/succeededpage.png b/docs/zh/docs/server/development/application_dev/figures/succeededpage.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/succeededpage.png rename to docs/zh/docs/server/development/application_dev/figures/succeededpage.png diff --git a/docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243671.png b/docs/zh/docs/server/development/application_dev/figures/zh-cn_image_0229243671.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243671.png rename to docs/zh/docs/server/development/application_dev/figures/zh-cn_image_0229243671.png diff --git a/docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243702.png b/docs/zh/docs/server/development/application_dev/figures/zh-cn_image_0229243702.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243702.png rename to docs/zh/docs/server/development/application_dev/figures/zh-cn_image_0229243702.png diff --git a/docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243704.png b/docs/zh/docs/server/development/application_dev/figures/zh-cn_image_0229243704.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243704.png rename to docs/zh/docs/server/development/application_dev/figures/zh-cn_image_0229243704.png diff --git a/docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243712.png b/docs/zh/docs/server/development/application_dev/figures/zh-cn_image_0229243712.png similarity index 100% rename from docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243712.png rename to docs/zh/docs/server/development/application_dev/figures/zh-cn_image_0229243712.png diff --git "a/docs/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" b/docs/zh/docs/server/development/application_dev/preparations-for-development-environment.md similarity index 100% rename from "docs/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" rename to docs/zh/docs/server/development/application_dev/preparations-for-development-environment.md diff --git a/docs/zh/docs/ApplicationDev/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/development/application_dev/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/ApplicationDev/public_sys-resources/icon-caution.gif rename to docs/zh/docs/server/development/application_dev/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/ApplicationDev/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/development/application_dev/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/ApplicationDev/public_sys-resources/icon-danger.gif rename to docs/zh/docs/server/development/application_dev/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/Administration/public_sys-resources/icon-note.gif b/docs/zh/docs/server/development/application_dev/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/Administration/public_sys-resources/icon-note.gif rename to docs/zh/docs/server/development/application_dev/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/ApplicationDev/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/development/application_dev/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/ApplicationDev/public_sys-resources/icon-notice.gif rename to docs/zh/docs/server/development/application_dev/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/ApplicationDev/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/development/application_dev/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/ApplicationDev/public_sys-resources/icon-tip.gif rename to docs/zh/docs/server/development/application_dev/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/ApplicationDev/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/development/application_dev/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/ApplicationDev/public_sys-resources/icon-warning.gif rename to docs/zh/docs/server/development/application_dev/public_sys-resources/icon-warning.gif diff --git "a/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250Clang\347\274\226\350\257\221.md" b/docs/zh/docs/server/development/application_dev/using-clang-for-compilation.md similarity index 100% rename from "docs/zh/docs/ApplicationDev/\344\275\277\347\224\250Clang\347\274\226\350\257\221.md" rename to docs/zh/docs/server/development/application_dev/using-clang-for-compilation.md diff --git "a/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" b/docs/zh/docs/server/development/application_dev/using-gcc-for-compilation.md similarity index 100% rename from "docs/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" rename to docs/zh/docs/server/development/application_dev/using-gcc-for-compilation.md diff --git "a/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250JDK\347\274\226\350\257\221.md" b/docs/zh/docs/server/development/application_dev/using-jdk-for-compilation.md similarity index 100% rename from "docs/zh/docs/ApplicationDev/\344\275\277\347\224\250JDK\347\274\226\350\257\221.md" rename to docs/zh/docs/server/development/application_dev/using-jdk-for-compilation.md diff --git "a/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250make\347\274\226\350\257\221.md" b/docs/zh/docs/server/development/application_dev/using-make-for-compilation.md similarity index 100% rename from "docs/zh/docs/ApplicationDev/\344\275\277\347\224\250make\347\274\226\350\257\221.md" rename to docs/zh/docs/server/development/application_dev/using-make-for-compilation.md diff --git a/docs/zh/docs/server/development/gcc/_toc.yaml b/docs/zh/docs/server/development/gcc/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7f0c409947bcf89cb1c1f230dce67e3ee81ac97d --- /dev/null +++ b/docs/zh/docs/server/development/gcc/_toc.yaml @@ -0,0 +1,9 @@ +label: GCC用户指南 +isManual: true +description: GCC for openEuler 编译器基于开源 GCC 开发,聚焦于C、C++、Fortran语言的优化 +sections: + - label: GCC用户指南 + href: ./overview.md + sections: + - label: 内核反馈优化特性 + href: ./kernel-fdo-user-guide.md diff --git "a/docs/zh/docs/GCC/\345\206\205\346\240\270\345\217\215\351\246\210\344\274\230\345\214\226\347\211\271\346\200\247\347\224\250\346\210\267\346\214\207\345\215\227.md" b/docs/zh/docs/server/development/gcc/kernel-fdo-user-guide.md similarity index 100% rename from "docs/zh/docs/GCC/\345\206\205\346\240\270\345\217\215\351\246\210\344\274\230\345\214\226\347\211\271\346\200\247\347\224\250\346\210\267\346\214\207\345\215\227.md" rename to docs/zh/docs/server/development/gcc/kernel-fdo-user-guide.md diff --git a/docs/zh/docs/GCC/overview.md b/docs/zh/docs/server/development/gcc/overview.md similarity index 100% rename from docs/zh/docs/GCC/overview.md rename to docs/zh/docs/server/development/gcc/overview.md diff --git "a/docs/zh/docs/GCC/\345\205\250\345\234\272\346\231\257\351\223\276\346\216\245\346\227\266\344\272\214\350\277\233\345\210\266\345\272\223\345\206\205\350\201\224\344\274\230\345\214\226.md" "b/docs/zh/docs/server/development/gcc/\345\205\250\345\234\272\346\231\257\351\223\276\346\216\245\346\227\266\344\272\214\350\277\233\345\210\266\345\272\223\345\206\205\350\201\224\344\274\230\345\214\226.md" similarity index 100% rename from "docs/zh/docs/GCC/\345\205\250\345\234\272\346\231\257\351\223\276\346\216\245\346\227\266\344\272\214\350\277\233\345\210\266\345\272\223\345\206\205\350\201\224\344\274\230\345\214\226.md" rename to "docs/zh/docs/server/development/gcc/\345\205\250\345\234\272\346\231\257\351\223\276\346\216\245\346\227\266\344\272\214\350\277\233\345\210\266\345\272\223\345\206\205\350\201\224\344\274\230\345\214\226.md" diff --git a/docs/zh/docs/server/diversified_computing/dpu_offload/_toc.yaml b/docs/zh/docs/server/diversified_computing/dpu_offload/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3346a8ba271c2811937392a5d0755e2228d6f44e --- /dev/null +++ b/docs/zh/docs/server/diversified_computing/dpu_offload/_toc.yaml @@ -0,0 +1,15 @@ +label: 直连聚合用户指南 +isManual: true +description: 介绍基于openEuler操作系统的容器管理面DPU无感卸载功能特性及安装部署方法 +sections: + - label: 直连聚合环境搭建 + href: ./libvirt-direct-connection-aggregation-environment-establishment.md + - label: qtfs共享文件系统架构 + href: ./qtfs-architecture-and-usage.md + - label: 容器管理面DPU无感卸载 + href: ./overview.md + sections: + - label: 容器管理面无感卸载部署介绍 + href: ./offload-deployment-introduction.md + - label: 容器管理面无感卸载部署指导 + href: ./offload-deployment-guide.md diff --git a/docs/zh/docs/DPUOffload/figures/arch.png b/docs/zh/docs/server/diversified_computing/dpu_offload/figures/arch.png similarity index 100% rename from docs/zh/docs/DPUOffload/figures/arch.png rename to docs/zh/docs/server/diversified_computing/dpu_offload/figures/arch.png diff --git a/docs/zh/docs/DPUOffload/figures/offload-arch.png b/docs/zh/docs/server/diversified_computing/dpu_offload/figures/offload-arch.png similarity index 100% rename from docs/zh/docs/DPUOffload/figures/offload-arch.png rename to docs/zh/docs/server/diversified_computing/dpu_offload/figures/offload-arch.png diff --git a/docs/zh/docs/DPUOffload/figures/qtfs-arch.png b/docs/zh/docs/server/diversified_computing/dpu_offload/figures/qtfs-arch.png similarity index 100% rename from docs/zh/docs/DPUOffload/figures/qtfs-arch.png rename to docs/zh/docs/server/diversified_computing/dpu_offload/figures/qtfs-arch.png diff --git "a/docs/zh/docs/DPUOffload/libvirt\347\233\264\350\277\236\350\201\232\345\220\210\347\216\257\345\242\203\346\220\255\345\273\272.md" b/docs/zh/docs/server/diversified_computing/dpu_offload/libvirt-direct-connection-management-plane-offload.md similarity index 94% rename from "docs/zh/docs/DPUOffload/libvirt\347\233\264\350\277\236\350\201\232\345\220\210\347\216\257\345\242\203\346\220\255\345\273\272.md" rename to docs/zh/docs/server/diversified_computing/dpu_offload/libvirt-direct-connection-management-plane-offload.md index b45eb352dc746ecac1b728bd15e1ab23829bbcb6..8ccf6943bfae6b1c05267d4abf4e0a5ddcdea05d 100644 --- "a/docs/zh/docs/DPUOffload/libvirt\347\233\264\350\277\236\350\201\232\345\220\210\347\216\257\345\242\203\346\220\255\345\273\272.md" +++ b/docs/zh/docs/server/diversified_computing/dpu_offload/libvirt-direct-connection-management-plane-offload.md @@ -1,420 +1,420 @@ -# **1** 硬件准备 - -## 测试模式 - -需准备2台物理机(虚拟机当前未试过),网络互通。 - -其中一台作为DPU模拟,另一台作为HOST模拟。在本文档中用DPU和HOST指代这两台服务器。 - ->![](./public_sys-resources/icon-note.gif) **说明:** ->测试模式因为会暴露网络端口且不做连接认证,存在网络安全风险,仅能用于内部测试验证,不要用于实际生产环境。 - -## vsock模式 - -需要DPU加HOST,且DPU能支持通过virtio提供vsock通信方式。 - -目前还未基于真实的支持DPU vsock的环境调试过,本文档当前仅描述基于测试模式的方法,下面的内容依然默认使用测试模式。 - - -# **2** libvirt卸载架构图 - -![arch](./figures/arch.png) - - -# **3** 环境搭建 - -## **3.1** QTFS文件系统部署 - -可参考qtfs主页:https://gitee.com/openeuler/dpu-utilities/tree/master/qtfs - -QTFS建联需要关闭防火墙。 - -## **3.2** UDSPROXYD服务部署 - -### 3.2.1 简介 - -udsproxyd是一个跨主机的unix domain socket代理服务,需要分别部署在host和dpu上,在host和dpu上的udsproxyd组件是对等的关系,可以实现分布在host与dpu上的2个进程之间的uds通信,通信进程是无感的,也就是说如果这两个进程在同一主机内通过uds正常通信的功能,拉远到host和dpu之间也可以,不需要做代码适配,只需要作为client的一端加一个环境变量`LD_PRELOAD=libudsproxy.so`。udsproxyd作为一个跨主机的unix socket服务,本身可以用LD_PRELOAD=libudsproxy.so的方式对接使用,在qtfs的支持下也可以无感应用,这需要提前做好白名单相关配置,具体有两种方式,将在后面详述。 - -### 3.2.2 部署方式 - -首先,在dpu-utilities工程内编译udsproxyd: - -```bash - -cd qtfs/ipc - -make -j UDS_TEST_MODE=1 && make install - -``` - -当前最新版本下,qtfs server侧的engine服务已经整合了udsproxyd的能力,所以server侧若部署了qtfs后不需要再额外启动udsproxyd。client侧则单独拉起udsproxyd服务: - -```bash - -nohup /usr/bin/udsproxyd 2>&1 & - -``` - -参数解释: - -```bash - -thread num: 线程数量,目前只支持单线程,填1. - -addr: 本机使用的ip - -port:本机占用的port - -peer addr: udsproxyd对端的ip - -peer port: 对端port - -``` - -示例: - -```bash - -nohup /usr/bin/udsproxyd 1 192.168.10.10 12121 192.168.10.11 12121 2>&1 & - -``` - -如果未拉起qtfs的engine服务,想单独测试udsproxyd,则在server端也对等拉起udsproxyd即可: - -```bash - -nohup /usr/bin/udsproxyd 1 192.168.10.11 12121 192.168.10.10 12121 2>&1 & - -``` - -### 3.2.3 应用方式 - -#### 3.2.3.1 独立使用udsproxyd服务 - -需要在使用uds服务的unix socket应用程序的client端进程启动时添加LD_PRELOAD=libudsproxy.so环境变量,以接管glibc的connect api进行uds对接,在libvirt卸载场景中可以将libudsproxy.so拷贝到libvirt的chroot目录下的/usr/lib64中以提供给libvirtd服务使用,这一步在后面介绍。 - -#### 3.2.3.2 无感使用udsproxyd服务 - -首先为qtfs配置uds服务的白名单,这里说的白名单是unix socket的server端bind的sock文件地址,例如libvirt的虚拟机建立的unix socket的服务端文件地址都在/var/lib/libvirt下,则我们需要增加一条白名单路径为/var/lib/libvirt/,提供两种方式供选择: - -a) 通过配置工具qtcfg加载,进入qtfs/qtinfo目录编译工具: - -在qtfs的client端执行 - -```bash - -make role=client -make install - -``` -在qtfs的server端执行 - -```bash - -make role=server -make install - -``` - -配置工具将会自动安装,然后使用qtcfg命令配置白名单,假设需要增加的白名单为"/var/lib/libvirt/",输入: - -```bash - -qtcfg -x /var/lib/libvirt/ - -``` -查询白名单为: - -```bash - -qtcfg -z - -``` -删除白名单为: - -```bash - -qtcfg -y 0 - -``` -删除白名单时,参数为查询白名单时列出来的index序号。 - -b) 通过配置文件增加,这需要在qtfs或qtfs_server内核模块加载前配置,通过内核模块初始化时读取该文件进行白名单配置。 - ->![](./public_sys-resources/icon-note.gif) **说明:** ->白名单是为了防止不相干的unix socket链接也进行远程连接产生错误,或者浪费不必要的资源,所以白名单尽量设置得精确一些,比如本文中针对libvirt场景设置为/var/lib/libvirt/比较好,而直接将/var/lib/或/var/或直接将根目录加入的做法是有较大风险的。 - -## **3.3** REXEC服务部署 - -### 3.3.1 简介 - -rexec是一个用c语言开发的远程执行组件,分为rexec client和rexec server。server端为一个常驻服务进程,client端为一个二进制文件,client端被执行后会基于udsproxyd服务与server端建立uds连接,并由server常驻进程在server端拉起指定程序。在libvirt虚拟化卸载中,libvirtd卸载到DPU上,当它需要在HOST拉起虚拟机qemu进程时调起rexec client进行远程拉起。 - -### 3.3.2 部署方法 - -#### 3.3.2.1 配置环境变量与白名单 - -在host侧配置rexec server的白名单,将文件whitelist放置在/etc/rexec/目录下并修改权限为只读: - -```bash - -chmod 400 /etc/rexec/whitelist - -``` -如果想仅用于测试,可以不进行白名单配置,删除此文件重启rexec_server进程后则没有白名单限制。 - -下载dpu-utilities代码后,进入qtfs/rexec主目录下,执行:`make && make install`即可安装rexec所需全部二进制到/usr/bin目录下,包括了:`rexec、rexec_server`两个二进制可执行文件。 - -在server端启动rexec_server服务之前,检查是否存在/var/run/rexec目录,没有则创建: - -```bash - -mkdir /var/run/rexec - -``` - -#### 3.3.2.2 服务方式 - -server端可以通过两种方式拉起rexec_server服务。 - -- 方式1: - -配置systemd服务 - -在/usr/lib/systemd/system/下增加rexec.service文件,内容如下: - -[rexec.service](./config/rexec.service) - -然后通过systemctl管理rexec服务。 - -首次配置服务时: - -```bash - -systemctl daemon-reload - -systemctl enable --now rexec - -``` - -后续重启新启动服务: - -```bash - -systemctl stop rexec - -systemctl start rexec - -``` - -- 方式2: - -手动后台拉起 - -```bash - -nohup /usr/bin/rexec_server 2>&1 & - -``` - -## **3.4** libvirt服务部署 - -### 3.4.1 HOST侧部署 - -HOST无需额外部署,只需要安装虚拟机启动环境以及libvirt即可(安装libvirt主要是为了创建对应的目录): - -```bash - -yum install -y qemu libvirt edk2-aarch64 #(arm环境虚拟机启动需要) - -``` - -HOST需要放置虚拟机镜像,后面通过qtfs挂载到client端共享给libvirt。 - -### 3.4.2 DPU侧部署 - -#### 3.4.2.1 创建chroot环境 - -a) 从openEuler官网下载qcow镜像,例如23.09版本https://repo.openeuler.org/openEuler-23.09/virtual_machine_img/。 - -b) 将qcow2挂载出来: - -```bash - -cd /root/ - -mkdir p2 new_root_origin new_root - -modprobe nbd maxport=8 - -qemu-nbd -c /dev/nbd0 xxx.qcow2 - -mount /dev/nbd0p2 /root/p2 - -cp -rf /root/p2/* /root/new_root_origin/ - -umount /root/p2 - -qemu-nbd -d /dev/nbd0 - -``` - -c) 此时new_root_origin有解压出来的镜像根目录,再将new_root绑定挂载到该目录上,作为chroot的根目录挂载点: - -```bash - -mount --bind /root/new_root_origin /root/new_root - -``` - -#### 3.4.2.2 安装libvirt - -此处介绍patch方式源码编译,如果计算提供rpm包则参考计算提供的安装方法。 - -a) 进入chroot环境,安装编译环境和常用工具: - -```bash - -yum groupinstall "Development tools" -y -yum install -y vim meson qemu qemu-img strace edk2-aarch64 tar - -``` -其中edk2-aarch64是arm环境下虚拟机启动需要的。 - -b) 安装libvirt编译需要的依赖包: - -```bash - -yum install -y rpcgen python3-docutils glib2-devel gnutls-devel libxml2-devel libpciaccess-devel libtirpc-devel yajl-devel systemd-devel dmidecode glusterfs-api numactl - -``` - -c) 下载libvirt-x.x.x。源码包:https://libvirt.org/sources/libvirt-x.x.x.tar.xz。 - -d) 获取直连聚合libvirt patch: - -https://gitee.com/openeuler/dpu-utilities/tree/master/usecases/transparent-offload/patches/libvirt - -e) 将源码包解压到chroot环境下的目录,如/home。将patch打上。 - -f) 进入libvirt-x.x.x目录。 - -```bash - -meson build --prefix=/usr -Ddriver_remote=enabled -Ddriver_network=enabled -Ddriver_qemu=enabled -Dtests=disabled -Ddocs=enabled -Ddriver_libxl=disabled -Ddriver_esx=disabled -Dsecdriver_selinux=disabled -Dselinux=disabled - -``` - -g) 安装成功 - -```bash - -ninja -C build install - -``` - -#### 3.4.2.3 启动libvirtd服务 - -libvirt直连聚合卸载模式,需要从chroot内启动libvirtd服务,首先需要把chroot之外的libvirtd服务停掉。 - -a) 放置虚拟机跳板脚本在chroot环境下的/usr/bin和/usr/libexec下:[qemu-kvm](./scripts/qemu-kvm)。替换原同名二进制,这个跳板脚本就是用于调用rexec拉起远端虚拟机。 - ->![](./public_sys-resources/icon-note.gif) **说明:** ->virsh使用的xml中,下面的需要填qemu-kvm,如果是填的其他,则需要修改为qemu-kvm,或者将跳板脚本替换指代的二进制,且跳板脚本内容需要对应地更改。 - -b) 将udsproxyd编译时附带产生的libudsproxy.so拷贝到本chroot目录下/usr/lib64下,如果配置qtfs的uds白名单方式使用udsproxyd服务,则不需要。 - -c) 将前面rexec编译产生的rexec二进制放置到本chroot的/usr/bin/目录下。 - -d) 配置chroot的挂载环境,需要挂载一些目录,使用如下配置脚本: - -- [virt_start.sh](./scripts/virt_start.sh)为配置脚本,virt_start.sh脚本中需要手动修改qtfs ko dir为编译的ko位置,host ip address为正确的host地址。 - -- [virt_umount.sh](./scripts/virt_umount.sh)为消除配置脚本。 - -e) 脚本中挂载目录位置都是按照本文档前文创建目录位置与名称为准,如果有修改需要同步适配修改脚本。 - -f) 配置好chroot环境后,进入chroot环境,手动拉起libvirtd。 - -未配置qtfs使用udsproxyd白名单的拉起方式: - -```bash - -LD_PRELOAD=/usr/lib64/libudsproxy.so virtlogd -d -LD_PRELOAD=/usr/lib64/libudsproxy.so libvirtd -d - -```` -如果已配置qtfs使用udsproxyd白名单,则不需要增加LD_PRELOAD前缀: - -```bash - -virtlogd -d -libvirtd -d - -``` - -查看是否已配置白名单的方式,在chroot之外的窗口,执行: - -```bash - -qtcfg -z - -``` - -查看列举出来的白名单是否包含/var/lib/libvirt/。 - -## **3.5** 拉起虚拟机 - -服务部署完成后,即可以在DPU侧进行虚拟机的生命周期管理。 - -### 3.5.1 虚拟机define - -a) 将虚拟机启动镜像放置在HOST侧某目录,例如: - -```bash - -/home/VMs/Domain_name - -``` - -b) 使用qtfs将这个目录挂载到DPU侧: - -```bash - -mount -t qtfs /home/VMs /home/VMs - -``` - -c) xml中使用`/home/VMs/Domain_name`作为启动镜像,这样在DPU和HOST侧看到的都是同一个镜像文件(Domain_name是虚拟机domain的名字)。 - -d) 检查xml中是否指向了跳板脚本。 - -e) 执行以下命令。 - -```bash - -virsh define xxx.xml - -``` - -### 3.5.2 虚拟机start - -```bash - -virsh start domain - -``` - -# **4** 环境重置 - -由于libvirt在DPU和HOST之间共享了部分目录,卸载环境时需要先将这部分目录全部umount。一般先停掉libvirtd和virtlogd进程,调用virt_umount脚本即可。如果HOST还有虚拟机运行,也需要先杀掉才能umount。 - -# **5** 部分问题定位思路 - -1、 libvirt编译失败:检查依赖包安装是否完全,如果chroot挂载了外部目录或者host目录,也可能导致编译失败,需先解除挂载。 - -2、 QTFS挂载失败:可能server端engine进程没拉起、防火墙没关导致qtfs建联失败。 - -3、 虚拟机define失败:检查xml里的项目仿真器是否指向跳板脚本、虚拟机镜像是否已经通过qtfs挂载到DPU上可见,且路径与HOST一致。 - -4、 虚拟机启动失败:libvirtd和virtlogd服务是否拉起、rexec服务是否拉起、跳板进程是否拉起、是否qemu-kvm拉起时报错。 +# **1** 硬件准备 + +## 测试模式 + +需准备2台物理机(虚拟机当前未试过),网络互通。 + +其中一台作为DPU模拟,另一台作为HOST模拟。在本文档中用DPU和HOST指代这两台服务器。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>测试模式因为会暴露网络端口且不做连接认证,存在网络安全风险,仅能用于内部测试验证,不要用于实际生产环境。 + +## vsock模式 + +需要DPU加HOST,且DPU能支持通过virtio提供vsock通信方式。 + +目前还未基于真实的支持DPU vsock的环境调试过,本文档当前仅描述基于测试模式的方法,下面的内容依然默认使用测试模式。 + + +# **2** libvirt卸载架构图 + +![arch](./figures/arch.png) + + +# **3** 环境搭建 + +## **3.1** QTFS文件系统部署 + +可参考qtfs主页:https://gitee.com/openeuler/dpu-utilities/tree/master/qtfs + +QTFS建联需要关闭防火墙。 + +## **3.2** UDSPROXYD服务部署 + +### 3.2.1 简介 + +udsproxyd是一个跨主机的unix domain socket代理服务,需要分别部署在host和dpu上,在host和dpu上的udsproxyd组件是对等的关系,可以实现分布在host与dpu上的2个进程之间的uds通信,通信进程是无感的,也就是说如果这两个进程在同一主机内通过uds正常通信的功能,拉远到host和dpu之间也可以,不需要做代码适配,只需要作为client的一端加一个环境变量`LD_PRELOAD=libudsproxy.so`。udsproxyd作为一个跨主机的unix socket服务,本身可以用LD_PRELOAD=libudsproxy.so的方式对接使用,在qtfs的支持下也可以无感应用,这需要提前做好白名单相关配置,具体有两种方式,将在后面详述。 + +### 3.2.2 部署方式 + +首先,在dpu-utilities工程内编译udsproxyd: + +```bash + +cd qtfs/ipc + +make -j UDS_TEST_MODE=1 && make install + +``` + +当前最新版本下,qtfs server侧的engine服务已经整合了udsproxyd的能力,所以server侧若部署了qtfs后不需要再额外启动udsproxyd。client侧则单独拉起udsproxyd服务: + +```bash + +nohup /usr/bin/udsproxyd 2>&1 & + +``` + +参数解释: + +```bash + +thread num: 线程数量,目前只支持单线程,填1. + +addr: 本机使用的ip + +port:本机占用的port + +peer addr: udsproxyd对端的ip + +peer port: 对端port + +``` + +示例: + +```bash + +nohup /usr/bin/udsproxyd 1 192.168.10.10 12121 192.168.10.11 12121 2>&1 & + +``` + +如果未拉起qtfs的engine服务,想单独测试udsproxyd,则在server端也对等拉起udsproxyd即可: + +```bash + +nohup /usr/bin/udsproxyd 1 192.168.10.11 12121 192.168.10.10 12121 2>&1 & + +``` + +### 3.2.3 应用方式 + +#### 3.2.3.1 独立使用udsproxyd服务 + +需要在使用uds服务的unix socket应用程序的client端进程启动时添加LD_PRELOAD=libudsproxy.so环境变量,以接管glibc的connect api进行uds对接,在libvirt卸载场景中可以将libudsproxy.so拷贝到libvirt的chroot目录下的/usr/lib64中以提供给libvirtd服务使用,这一步在后面介绍。 + +#### 3.2.3.2 无感使用udsproxyd服务 + +首先为qtfs配置uds服务的白名单,这里说的白名单是unix socket的server端bind的sock文件地址,例如libvirt的虚拟机建立的unix socket的服务端文件地址都在/var/lib/libvirt下,则我们需要增加一条白名单路径为/var/lib/libvirt/,提供两种方式供选择: + +a) 通过配置工具qtcfg加载,进入qtfs/qtinfo目录编译工具: + +在qtfs的client端执行 + +```bash + +make role=client +make install + +``` +在qtfs的server端执行 + +```bash + +make role=server +make install + +``` + +配置工具将会自动安装,然后使用qtcfg命令配置白名单,假设需要增加的白名单为"/var/lib/libvirt/",输入: + +```bash + +qtcfg -x /var/lib/libvirt/ + +``` +查询白名单为: + +```bash + +qtcfg -z + +``` +删除白名单为: + +```bash + +qtcfg -y 0 + +``` +删除白名单时,参数为查询白名单时列出来的index序号。 + +b) 通过配置文件增加,这需要在qtfs或qtfs_server内核模块加载前配置,通过内核模块初始化时读取该文件进行白名单配置。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>白名单是为了防止不相干的unix socket链接也进行远程连接产生错误,或者浪费不必要的资源,所以白名单尽量设置得精确一些,比如本文中针对libvirt场景设置为/var/lib/libvirt/比较好,而直接将/var/lib/或/var/或直接将根目录加入的做法是有较大风险的。 + +## **3.3** REXEC服务部署 + +### 3.3.1 简介 + +rexec是一个用c语言开发的远程执行组件,分为rexec client和rexec server。server端为一个常驻服务进程,client端为一个二进制文件,client端被执行后会基于udsproxyd服务与server端建立uds连接,并由server常驻进程在server端拉起指定程序。在libvirt虚拟化卸载中,libvirtd卸载到DPU上,当它需要在HOST拉起虚拟机qemu进程时调起rexec client进行远程拉起。 + +### 3.3.2 部署方法 + +#### 3.3.2.1 配置环境变量与白名单 + +在host侧配置rexec server的白名单,将文件whitelist放置在/etc/rexec/目录下并修改权限为只读: + +```bash + +chmod 400 /etc/rexec/whitelist + +``` +如果想仅用于测试,可以不进行白名单配置,删除此文件重启rexec_server进程后则没有白名单限制。 + +下载dpu-utilities代码后,进入qtfs/rexec主目录下,执行:`make && make install`即可安装rexec所需全部二进制到/usr/bin目录下,包括了:`rexec、rexec_server`两个二进制可执行文件。 + +在server端启动rexec_server服务之前,检查是否存在/var/run/rexec目录,没有则创建: + +```bash + +mkdir /var/run/rexec + +``` + +#### 3.3.2.2 服务方式 + +server端可以通过两种方式拉起rexec_server服务。 + +- 方式1: + +配置systemd服务 + +在/usr/lib/systemd/system/下增加rexec.service文件,内容如下: + +[rexec.service](./config/rexec.service) + +然后通过systemctl管理rexec服务。 + +首次配置服务时: + +```bash + +systemctl daemon-reload + +systemctl enable --now rexec + +``` + +后续重启新启动服务: + +```bash + +systemctl stop rexec + +systemctl start rexec + +``` + +- 方式2: + +手动后台拉起 + +```bash + +nohup /usr/bin/rexec_server 2>&1 & + +``` + +## **3.4** libvirt服务部署 + +### 3.4.1 HOST侧部署 + +HOST无需额外部署,只需要安装虚拟机启动环境以及libvirt即可(安装libvirt主要是为了创建对应的目录): + +```bash + +yum install -y qemu libvirt edk2-aarch64 #(arm环境虚拟机启动需要) + +``` + +HOST需要放置虚拟机镜像,后面通过qtfs挂载到client端共享给libvirt。 + +### 3.4.2 DPU侧部署 + +#### 3.4.2.1 创建chroot环境 + +a) 从openEuler官网下载qcow镜像,例如23.09版本https://repo.openeuler.org/openEuler-23.09/virtual_machine_img/。 + +b) 将qcow2挂载出来: + +```bash + +cd /root/ + +mkdir p2 new_root_origin new_root + +modprobe nbd maxport=8 + +qemu-nbd -c /dev/nbd0 xxx.qcow2 + +mount /dev/nbd0p2 /root/p2 + +cp -rf /root/p2/* /root/new_root_origin/ + +umount /root/p2 + +qemu-nbd -d /dev/nbd0 + +``` + +c) 此时new_root_origin有解压出来的镜像根目录,再将new_root绑定挂载到该目录上,作为chroot的根目录挂载点: + +```bash + +mount --bind /root/new_root_origin /root/new_root + +``` + +#### 3.4.2.2 安装libvirt + +此处介绍patch方式源码编译,如果计算提供rpm包则参考计算提供的安装方法。 + +a) 进入chroot环境,安装编译环境和常用工具: + +```bash + +yum groupinstall "Development tools" -y +yum install -y vim meson qemu qemu-img strace edk2-aarch64 tar + +``` +其中edk2-aarch64是arm环境下虚拟机启动需要的。 + +b) 安装libvirt编译需要的依赖包: + +```bash + +yum install -y rpcgen python3-docutils glib2-devel gnutls-devel libxml2-devel libpciaccess-devel libtirpc-devel yajl-devel systemd-devel dmidecode glusterfs-api numactl + +``` + +c) 下载libvirt-x.x.x。源码包:https://libvirt.org/sources/libvirt-x.x.x.tar.xz。 + +d) 获取直连聚合libvirt patch: + +https://gitee.com/openeuler/dpu-utilities/tree/master/usecases/transparent-offload/patches/libvirt + +e) 将源码包解压到chroot环境下的目录,如/home。将patch打上。 + +f) 进入libvirt-x.x.x目录。 + +```bash + +meson build --prefix=/usr -Ddriver_remote=enabled -Ddriver_network=enabled -Ddriver_qemu=enabled -Dtests=disabled -Ddocs=enabled -Ddriver_libxl=disabled -Ddriver_esx=disabled -Dsecdriver_selinux=disabled -Dselinux=disabled + +``` + +g) 安装成功 + +```bash + +ninja -C build install + +``` + +#### 3.4.2.3 启动libvirtd服务 + +libvirt直连聚合卸载模式,需要从chroot内启动libvirtd服务,首先需要把chroot之外的libvirtd服务停掉。 + +a) 放置虚拟机跳板脚本在chroot环境下的/usr/bin和/usr/libexec下:[qemu-kvm](./scripts/qemu-kvm)。替换原同名二进制,这个跳板脚本就是用于调用rexec拉起远端虚拟机。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>virsh使用的xml中,\下面的\需要填qemu-kvm,如果是填的其他,则需要修改为qemu-kvm,或者将跳板脚本替换\指代的二进制,且跳板脚本内容需要对应地更改。 + +b) 将udsproxyd编译时附带产生的libudsproxy.so拷贝到本chroot目录下/usr/lib64下,如果配置qtfs的uds白名单方式使用udsproxyd服务,则不需要。 + +c) 将前面rexec编译产生的rexec二进制放置到本chroot的/usr/bin/目录下。 + +d) 配置chroot的挂载环境,需要挂载一些目录,使用如下配置脚本: + +- [virt_start.sh](./scripts/virt_start.sh)为配置脚本,virt_start.sh脚本中需要手动修改qtfs ko dir为编译的ko位置,host ip address为正确的host地址。 + +- [virt_umount.sh](./scripts/virt_umount.sh)为消除配置脚本。 + +e) 脚本中挂载目录位置都是按照本文档前文创建目录位置与名称为准,如果有修改需要同步适配修改脚本。 + +f) 配置好chroot环境后,进入chroot环境,手动拉起libvirtd。 + +未配置qtfs使用udsproxyd白名单的拉起方式: + +```bash + +LD_PRELOAD=/usr/lib64/libudsproxy.so virtlogd -d +LD_PRELOAD=/usr/lib64/libudsproxy.so libvirtd -d + +```` +如果已配置qtfs使用udsproxyd白名单,则不需要增加LD_PRELOAD前缀: + +```bash + +virtlogd -d +libvirtd -d + +``` + +查看是否已配置白名单的方式,在chroot之外的窗口,执行: + +```bash + +qtcfg -z + +``` + +查看列举出来的白名单是否包含/var/lib/libvirt/。 + +## **3.5** 拉起虚拟机 + +服务部署完成后,即可以在DPU侧进行虚拟机的生命周期管理。 + +### 3.5.1 虚拟机define + +a) 将虚拟机启动镜像放置在HOST侧某目录,例如: + +```bash + +/home/VMs/Domain_name + +``` + +b) 使用qtfs将这个目录挂载到DPU侧: + +```bash + +mount -t qtfs /home/VMs /home/VMs + +``` + +c) xml中使用`/home/VMs/Domain_name`作为启动镜像,这样在DPU和HOST侧看到的都是同一个镜像文件(Domain_name是虚拟机domain的名字)。 + +d) 检查xml中\是否指向了跳板脚本。 + +e) 执行以下命令。 + +```bash + +virsh define xxx.xml + +``` + +### 3.5.2 虚拟机start + +```bash + +virsh start domain + +``` + +# **4** 环境重置 + +由于libvirt在DPU和HOST之间共享了部分目录,卸载环境时需要先将这部分目录全部umount。一般先停掉libvirtd和virtlogd进程,调用virt_umount脚本即可。如果HOST还有虚拟机运行,也需要先杀掉才能umount。 + +# **5** 部分问题定位思路 + +1、 libvirt编译失败:检查依赖包安装是否完全,如果chroot挂载了外部目录或者host目录,也可能导致编译失败,需先解除挂载。 + +2、 QTFS挂载失败:可能server端engine进程没拉起、防火墙没关导致qtfs建联失败。 + +3、 虚拟机define失败:检查xml里的项目仿真器是否指向跳板脚本、虚拟机镜像是否已经通过qtfs挂载到DPU上可见,且路径与HOST一致。 + +4、 虚拟机启动失败:libvirtd和virtlogd服务是否拉起、rexec服务是否拉起、跳板进程是否拉起、是否qemu-kvm拉起时报错。 diff --git "a/docs/zh/docs/DPUOffload/\346\227\240\346\204\237\345\215\270\350\275\275\351\203\250\347\275\262\346\214\207\345\257\274.md" b/docs/zh/docs/server/diversified_computing/dpu_offload/offload-deloyment-guide.md similarity index 100% rename from "docs/zh/docs/DPUOffload/\346\227\240\346\204\237\345\215\270\350\275\275\351\203\250\347\275\262\346\214\207\345\257\274.md" rename to docs/zh/docs/server/diversified_computing/dpu_offload/offload-deloyment-guide.md diff --git "a/docs/zh/docs/DPUOffload/\345\256\271\345\231\250\347\256\241\347\220\206\351\235\242\346\227\240\346\204\237\345\215\270\350\275\275.md" b/docs/zh/docs/server/diversified_computing/dpu_offload/offload-deployment-introduction.md similarity index 100% rename from "docs/zh/docs/DPUOffload/\345\256\271\345\231\250\347\256\241\347\220\206\351\235\242\346\227\240\346\204\237\345\215\270\350\275\275.md" rename to docs/zh/docs/server/diversified_computing/dpu_offload/offload-deployment-introduction.md diff --git a/docs/zh/docs/DPUOffload/overview.md b/docs/zh/docs/server/diversified_computing/dpu_offload/overview.md similarity index 100% rename from docs/zh/docs/DPUOffload/overview.md rename to docs/zh/docs/server/diversified_computing/dpu_offload/overview.md diff --git a/docs/zh/docs/ApplicationDev/public_sys-resources/icon-note.gif b/docs/zh/docs/server/diversified_computing/dpu_offload/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/ApplicationDev/public_sys-resources/icon-note.gif rename to docs/zh/docs/server/diversified_computing/dpu_offload/public_sys-resources/icon-note.gif diff --git "a/docs/zh/docs/DPUOffload/qtfs\345\205\261\344\272\253\346\226\207\344\273\266\347\263\273\347\273\237\346\236\266\346\236\204\345\217\212\344\275\277\347\224\250\346\211\213\345\206\214.md" b/docs/zh/docs/server/diversified_computing/dpu_offload/qtfs-architecture-and-usage.md similarity index 100% rename from "docs/zh/docs/DPUOffload/qtfs\345\205\261\344\272\253\346\226\207\344\273\266\347\263\273\347\273\237\346\236\266\346\236\204\345\217\212\344\275\277\347\224\250\346\211\213\345\206\214.md" rename to docs/zh/docs/server/diversified_computing/dpu_offload/qtfs-architecture-and-usage.md diff --git a/docs/zh/docs/server/diversified_computing/dpu_os/_toc.yaml b/docs/zh/docs/server/diversified_computing/dpu_os/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..738bbbd6fe1f57a92d5ee930b8b436e7e745b967 --- /dev/null +++ b/docs/zh/docs/server/diversified_computing/dpu_os/_toc.yaml @@ -0,0 +1,10 @@ +label: DPU-OS +isManual: true +description: 介绍基于openEuler操作系统裁剪构建DPU-OS镜像的方法以及部署验证方法 +sections: + - label: DPU-OS背景与需求 + href: ./dpu-os-background-and-requirements.md + - label: DPU-OS裁剪指导 + href: ./dpu-os-tailoring-guide.md + - label: 验证与部署 + href: ./verification-and-deployment.md diff --git "a/docs/zh/docs/DPU-OS/DPU-OS\350\203\214\346\231\257\344\270\216\351\234\200\346\261\202.md" b/docs/zh/docs/server/diversified_computing/dpu_os/dpu-os-background-and-requirements.md similarity index 100% rename from "docs/zh/docs/DPU-OS/DPU-OS\350\203\214\346\231\257\344\270\216\351\234\200\346\261\202.md" rename to docs/zh/docs/server/diversified_computing/dpu_os/dpu-os-background-and-requirements.md diff --git "a/docs/zh/docs/DPU-OS/DPU-OS\350\243\201\345\211\252\346\214\207\345\257\274.md" b/docs/zh/docs/server/diversified_computing/dpu_os/dpu-os-tailoring-guide.md similarity index 100% rename from "docs/zh/docs/DPU-OS/DPU-OS\350\243\201\345\211\252\346\214\207\345\257\274.md" rename to docs/zh/docs/server/diversified_computing/dpu_os/dpu-os-tailoring-guide.md diff --git a/docs/zh/docs/DPU-OS/figures/dpuos-arch.png b/docs/zh/docs/server/diversified_computing/dpu_os/figures/dpuos-arch.png similarity index 100% rename from docs/zh/docs/DPU-OS/figures/dpuos-arch.png rename to docs/zh/docs/server/diversified_computing/dpu_os/figures/dpuos-arch.png diff --git a/docs/zh/docs/DPU-OS/overview.md b/docs/zh/docs/server/diversified_computing/dpu_os/overview.md similarity index 100% rename from docs/zh/docs/DPU-OS/overview.md rename to docs/zh/docs/server/diversified_computing/dpu_os/overview.md diff --git a/docs/zh/docs/DPU-OS/public_sys-resources/icon-note.gif b/docs/zh/docs/server/diversified_computing/dpu_os/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/DPU-OS/public_sys-resources/icon-note.gif rename to docs/zh/docs/server/diversified_computing/dpu_os/public_sys-resources/icon-note.gif diff --git "a/docs/zh/docs/DPU-OS/\351\252\214\350\257\201\344\270\216\351\203\250\347\275\262.md" b/docs/zh/docs/server/diversified_computing/dpu_os/verification-and-deployment.md similarity index 100% rename from "docs/zh/docs/DPU-OS/\351\252\214\350\257\201\344\270\216\351\203\250\347\275\262.md" rename to docs/zh/docs/server/diversified_computing/dpu_os/verification-and-deployment.md diff --git a/docs/zh/docs/server/high_availability/ha/_toc.yaml b/docs/zh/docs/server/high_availability/ha/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..45200a5b032f250cf4f59603f43292b944dbb27b --- /dev/null +++ b/docs/zh/docs/server/high_availability/ha/_toc.yaml @@ -0,0 +1,11 @@ +label: HA用户指南 +isManual: true +description: 安装和使用 HA 高可用集群 +sections: + - label: + href: ./ha.md + sections: + - label: HA 安装与部署 + href: ./ha-installation-and-deployment.md + - label: HA 使用实例 + href: ./ha-usage-examples.md diff --git a/docs/zh/docs/server/high_availability/ha/figures/2.png b/docs/zh/docs/server/high_availability/ha/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..283670d7c3d0961ee1cb41345c2b2a013d7143b0 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/2.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-add-resource.png b/docs/zh/docs/server/high_availability/ha/figures/HA-add-resource.png new file mode 100644 index 0000000000000000000000000000000000000000..ac24895a1247828d248132f6c789ad8ef51a57e4 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-add-resource.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-apache-show.png b/docs/zh/docs/server/high_availability/ha/figures/HA-apache-show.png new file mode 100644 index 0000000000000000000000000000000000000000..c216500910f75f2de1108f6b618c5c08f4df8bae Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-apache-show.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-apache-suc.png b/docs/zh/docs/server/high_availability/ha/figures/HA-apache-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..23a7aaa702e3e68190ff7e01a5a673aee2c92409 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-apache-suc.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-api.png b/docs/zh/docs/server/high_availability/ha/figures/HA-api.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-api.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-clone-suc.png b/docs/zh/docs/server/high_availability/ha/figures/HA-clone-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..4b6099ccc88d4f6f907a0c4563e729ab2a4dece1 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-clone-suc.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-clone.png b/docs/zh/docs/server/high_availability/ha/figures/HA-clone.png new file mode 100644 index 0000000000000000000000000000000000000000..1b09ab73849494f4ffd759fa612ae3c241bd9c1d Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-clone.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-firstchoice-cmd.png b/docs/zh/docs/server/high_availability/ha/figures/HA-firstchoice-cmd.png new file mode 100644 index 0000000000000000000000000000000000000000..a265bab07f1d8e46d9d965975be180a8de6c9eb2 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-firstchoice-cmd.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-firstchoice.png b/docs/zh/docs/server/high_availability/ha/figures/HA-firstchoice.png new file mode 100644 index 0000000000000000000000000000000000000000..bd982ddcea55c629c0257fca86051a9ffa77e7b4 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-firstchoice.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-group-new-suc.png b/docs/zh/docs/server/high_availability/ha/figures/HA-group-new-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..437fd01ee83a9a1f65c12838fe56eea8435f6759 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-group-new-suc.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-group-new-suc2.png b/docs/zh/docs/server/high_availability/ha/figures/HA-group-new-suc2.png new file mode 100644 index 0000000000000000000000000000000000000000..4fb933bd761f9808de95a324a50226ff041ebd4f Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-group-new-suc2.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-group-new.png b/docs/zh/docs/server/high_availability/ha/figures/HA-group-new.png new file mode 100644 index 0000000000000000000000000000000000000000..9c914d0cc2e14f3220fc4346175961f129efb37b Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-group-new.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-group-suc.png b/docs/zh/docs/server/high_availability/ha/figures/HA-group-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..2338580343833ebab08627be3a2efbcdb48aef9e Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-group-suc.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-group.png b/docs/zh/docs/server/high_availability/ha/figures/HA-group.png new file mode 100644 index 0000000000000000000000000000000000000000..6897817665dee90c0f8c47c6a3cb4bb09db52d78 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-group.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-home-page.png b/docs/zh/docs/server/high_availability/ha/figures/HA-home-page.png new file mode 100644 index 0000000000000000000000000000000000000000..c9a7a82dc412250d4c0984b3876c6f93c6aca789 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-home-page.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-mariadb-suc.png b/docs/zh/docs/server/high_availability/ha/figures/HA-mariadb-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..6f6756c945121715edc623bd9a848bc48ffeb4ca Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-mariadb-suc.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-mariadb.png b/docs/zh/docs/server/high_availability/ha/figures/HA-mariadb.png new file mode 100644 index 0000000000000000000000000000000000000000..d29587c8609b9d6aefeb07170901361b5ef8402d Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-mariadb.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-nfs-suc.png b/docs/zh/docs/server/high_availability/ha/figures/HA-nfs-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..c0ea6af79e91649f1ad7d97ab6c2a0069a4f4fb8 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-nfs-suc.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-nfs.png b/docs/zh/docs/server/high_availability/ha/figures/HA-nfs.png new file mode 100644 index 0000000000000000000000000000000000000000..f6917938eec2e0431a9891c067475dd0b21c1bd9 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-nfs.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-pcs-status.png b/docs/zh/docs/server/high_availability/ha/figures/HA-pcs-status.png new file mode 100644 index 0000000000000000000000000000000000000000..fb150fba9f6258658702b35caacf98076d1fd109 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-pcs-status.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-qdevice.png b/docs/zh/docs/server/high_availability/ha/figures/HA-qdevice.png new file mode 100644 index 0000000000000000000000000000000000000000..2964f36c952fc7e62fb7b041fcf6d2de8ead712c Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-qdevice.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-refresh.png b/docs/zh/docs/server/high_availability/ha/figures/HA-refresh.png new file mode 100644 index 0000000000000000000000000000000000000000..c2678c0c2945acbabfbeae0d5de8924a216bbf31 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-refresh.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-vip-suc.png b/docs/zh/docs/server/high_availability/ha/figures/HA-vip-suc.png new file mode 100644 index 0000000000000000000000000000000000000000..313ce56e14f931c78dad4349ed57ab3fd7907f50 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-vip-suc.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/HA-vip.png b/docs/zh/docs/server/high_availability/ha/figures/HA-vip.png new file mode 100644 index 0000000000000000000000000000000000000000..d8b417df2e64527d3b29d0289756dfbb01bf66ec Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/HA-vip.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/image.png b/docs/zh/docs/server/high_availability/ha/figures/image.png new file mode 100644 index 0000000000000000000000000000000000000000..7681f963f67d2b803fef6fb2c3247384136201f8 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/image.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/image3.png b/docs/zh/docs/server/high_availability/ha/figures/image3.png new file mode 100644 index 0000000000000000000000000000000000000000..c4d93242e65c503b6e1b6a457e2517f647984a66 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/image3.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/image4.png b/docs/zh/docs/server/high_availability/ha/figures/image4.png new file mode 100644 index 0000000000000000000000000000000000000000..65d0ae11ec810da7574ec72bebf6e1b020c94a0d Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/image4.png differ diff --git a/docs/zh/docs/server/high_availability/ha/figures/image5.png b/docs/zh/docs/server/high_availability/ha/figures/image5.png new file mode 100644 index 0000000000000000000000000000000000000000..f825fe005705d30809d12df97958cff0e5a80135 Binary files /dev/null and b/docs/zh/docs/server/high_availability/ha/figures/image5.png differ diff --git a/docs/zh/docs/server/high_availability/ha/ha-installation-and-deployment.md b/docs/zh/docs/server/high_availability/ha/ha-installation-and-deployment.md new file mode 100644 index 0000000000000000000000000000000000000000..a19ee867adeb9492fe448bfb038b26593800a733 --- /dev/null +++ b/docs/zh/docs/server/high_availability/ha/ha-installation-and-deployment.md @@ -0,0 +1,201 @@ +# HA的安装与部署 + +本文介绍如何安装和部署HA高可用集群。 + +## 安装与部署 + +### 环境准备 + +需要至少两台安装了openEuler 24.03 的物理机/虚拟机(现以两台为例),安装方法参考《[安装指南](../Installation/installation.md)》。 + +### 修改主机名称及/etc/hosts文件 + +**注**:两台主机均需要进行以下操作,现以其中一台为例,下文中使用的IP仅供参考。** + +在使用HA软件之前,需要确认修改主机名并将所有主机名写入/etc/hosts文件中。 + +1. 修改主机名 + + ```sh + # hostnamectl set-hostname ha1 + ``` + +2. 编辑`/etc/hosts`文件并写入以下字段 + + ```text + 172.30.30.65 ha1 + 172.30.30.66 ha2 + ``` + +### 配置yum源 + +成功安装系统后,会默认配置好yum源,文件位置存放在`/etc/yum.repos.d/openEuler.repo`文件中,HA软件包会用到以下源: + +```Conf +[OS] +name=OS +baseurl=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler + +[everything] +name=everything +baseurl=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/everything/$basearch/RPM-GPG-KEY-openEuler + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/openEuler-{version}/EPOL/$basearch/ +enabled=1 +gpgcheck=1 +gpgkey=http://repo.openeuler.org/openEuler-{version}/OS/$basearch/RPM-GPG-KEY-openEuler +``` + +### 安装HA软件包组件 + +```sh +# yum install -y corosync pacemaker pcs fence-agents fence-virt corosync-qdevice sbd drbd drbd-utils +``` + +### 设置hacluster用户密码 + +```sh +# passwd hacluster +``` + +### 修改`/etc/corosync/corosync.conf`文件 + +```Conf +totem { + version: 2 + cluster_name: hacluster + crypto_cipher: none + crypto_hash: none +} +logging { + fileline: off + to_stderr: yes + to_logfile: yes + logfile: /var/log/cluster/corosync.log + to_syslog: yes + debug: on + logger_subsys { + subsys: QUORUM + debug: on + } +} +quorum { + provider: corosync_votequorum + expected_votes: 2 + two_node: 1 + } +nodelist { + node { + name: ha1 + nodeid: 1 + ring0_addr: 172.30.30.65 + } + node { + name: ha2 + nodeid: 2 + ring0_addr: 172.30.30.66 + } + } +``` + +### 管理服务 + +#### 关闭防火墙 + +1. 执行如下命令,关闭防火墙。 + + ```sh + # systemctl stop firewalld + ``` + +2. 修改`/etc/selinux/config`文件中SELINUX状态为disabled。 + + ```sh + # SELINUX=disabled + ``` + +#### 管理pcs服务 + +1. 启动pcs服务: + + ```sh + # systemctl start pcsd + ``` + +2. 查询pcs服务状态: + + ```sh + # systemctl status pcsd + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-pcs.png) + +#### 管理pacemaker服务 + +1. 启动pacemaker服务: + + ```sh + # systemctl start pacemaker + ``` + +2. 查询pacemaker服务状态: + + ```sh + # systemctl status pacemaker + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-pacemaker.png) + +#### 管理corosync服务 + +1. 启动corosync服务: + + ```sh + # systemctl start corosync + ``` + +2. 查询corosync服务状态: + + ```sh + # systemctl status corosync + ``` + + 若回显为如下,则服务启动成功。 + + ![](./figures/HA-corosync.png) + +### 节点鉴权 + +注:**任选一个节点上执行即可** + +```sh +# pcs host auth ha1 ha2 +``` + +### 访问前端管理平台 + +上述服务启动成功后,打开浏览器(建议使用:Chrome,Firefox),在浏览器导航栏中输入`https://localhost:2224`即可。 + +- 以下界面为原生管理平台 + +![](./figures/HA-login.png) + +若安装社区新开发的管理平台请参考文档[https://gitee.com/openeuler/ha-api/blob/master/docs/build.md](https://gitee.com/openeuler/ha-api/blob/master/docs/build.md) + +- 以下为社区新开发的管理平台 + +![](./figures/HA-api.png) + +想了解如何快速使用HA高可用集群,以及添加一个实例。请参考[HA的使用实例文档](./HA的使用实例.md)。 diff --git a/docs/zh/docs/server/high_availability/ha/ha-usecase-examples.md b/docs/zh/docs/server/high_availability/ha/ha-usecase-examples.md new file mode 100644 index 0000000000000000000000000000000000000000..36ad334e99d47d8976203a0bba72e2e1b2f704fa --- /dev/null +++ b/docs/zh/docs/server/high_availability/ha/ha-usecase-examples.md @@ -0,0 +1,248 @@ +# HA使用实例 + +本章介绍如何快速使用HA高可用集群,以及添加一个实例。若不了解怎么安装,请参考[HA的安装与部署文档](./HA的安装与部署.md)。 + +## 快速使用指南 + +以下操作均以社区新开发的管理平台为例。 + +### 登录页面 + +用户名为`hacluster`,密码为该用户在主机上设置的密码。 + +![](./figures/HA-api.png) + +### 主页面 + +登录系统后显示主页面,主页面由四部分组成:侧边导航栏、顶部操作区、资源节点列表区以及节点操作浮动区。 + +以下将详细介绍这四部分的特点与使用方法。 + +![](./figures/HA-home-page.png) + +#### 导航栏 + +侧边导航栏由两部分组成:高可用集群软件名称和 logo 以及系统导航。系统导航由三项组成:【系统】、【集群配置】和【工具】。【系统】是默认选项,也是主页面的对应项,主要展示系统中所有资源的相关信息以及操作入口;【集群配置】下设【首选项配置】和【心跳配置】两项;【工具】下设【日志下载】和【集群快捷操作】两项,点击后以弹出框的形式出现。 + +#### 顶部操作区 + +登录用户是静态显示,鼠标滑过用户图标,出现操作菜单项,包括【刷新设置】和【退出登录】两项,点击【刷新设置】,弹出【刷新设置】对话框,包含【刷新设置】选项,可以设置系统的自动刷新模式,包括【不自动刷新】、【每 5 秒刷新】和【每 10 秒刷新】三种选择,默认选择【不自动刷新】、【退出登录】即可注销本次登录,系统将自动跳到登录页面,此时,如果希望继续访问系统,则需要重新进行登录。 + +![](./figures/HA-refresh.png) + +#### 资源节点列表区 + +资源节点列表集中展现系统中所有资源的【资源名】、【状态】、【资源类型】、【服务】、【运行节点】等资源信息,以及系统中所有的节点和节点的运行情况等节点信息。同时提供资源的【添加】、【编辑】、【启动】、【停止】、【清理】、【迁移】、【回迁】、【删除】和【关系】操作。 + +#### 节点操作浮动区 + +节点操作浮动区域默认是收起的状态,每当点击资源节点列表表头中的节点时,右侧会弹出节点操作扩展区域,如图所示,该区域由收起按钮、节点名称、停止和备用四个部分组成,提供节点的【停止】和【备用】操作。点击区域左上角的箭头,该区域收起。 + +### 首选项配置 + +以下操作均可用命令行配置,现只做简单示例,若想使用更多命令可以使用``pcs --help``进行查询。 + +- 命令行方式 + + ```sh + # pcs property set stonith-enabled=false + # pcs property set no-quorum-policy=ignore + ``` + + 执行如下命令,可以查看全部配置。 + + ```sh + # pcs property + ``` + + ![](./figures/HA-firstchoice-cmd.png) + +- 图形界面方式 + 点击侧边导航栏中的【首选项配置】按钮,弹出【首选项配置】对话框。将No Quorum Policy和Stonith Enabled由默认状态改为如下对应状态;修改完成后,点击【确定】按钮完成配置。 + + ![](./figures/HA-firstchoice.png) + +### 添加资源 + +#### 添加普通资源 + +1. 点击【添加普通资源】,弹出【创建资源】对话框。 + 其中资源的所有必填配置项均在【基本】页面内,选择【基本】页面内的【资源类型】后会进一步给出该类资源的其他必填配置项以及选填配置项。 + +2. 填写资源配置信息。 + 对话框右侧会出现灰色文字区域,对当前的配置项进行解释说明。全部必填项配置完毕后,点击【确定】按钮即可创建普通资源,点击【取消】按钮,取消本次添加动作。 + 【实例属性】、【元属性】或者【操作属性】页面中的选填配置项为选填项,不配置不会影响资源的创建过程,可以根据场景需要可选择修改,否则将按照系统缺省值处理。 + +下面以Apache为例,分别以命令行方式和图形界面方式介绍添加资源的方法。 + +- 命令行方式 + + ```sh + # pcs resource create httpd ocf:heartbeat:apache + ``` + + 查看资源运行状态 + + ```sh + # pcs status + ``` + + ![](./figures/HA-pcs-status.png) + +- 图形界面方式 + +1. 填写资源名称和资源类型,如下图所示。 + + ![](./figures/HA-add-resource.png) + +2. 回显为如下,则资源添加成功并启动,运行于其中一个节点上,例如ha1。 + + ![](./figures/HA-apache-suc.png) +3. 访问apache界面成功。 + + ![](./figures/HA-apache-show.png) + +#### 添加组资源 + +>**须知:** +> 添加组资源时,集群中需要至少存在一个普通资源。 + +1. 点击【添加组资源】,弹出【创建资源】对话框。 + 【基本】页面内均为必填项,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + + ![](./figures/HA-group.png) + + > **注意:** + > 组资源的启动是按照子资源的顺序启动的,所以选择子资源时需要注意按照顺序选择。 + +2. 回显如下,资源添加成功。 + + ![](./figures/HA-group-suc.png) + +#### 添加克隆资源 + +1. 点击【添加克隆资源】,弹出【创建资源】对话框。 + 【基本】页面内填写克隆对象,资源名称会自动生成,填写完毕后,点击【确定】按钮,即可完成资源的添加,点击【取消】按钮,取消本次添加动作。 + + ![](./figures/HA-clone.png) + +2. 回显如下,资源添加成功。 + + ![](./figures/HA-clone-suc.png) + +### 编辑资源 + +- 启动资源:资源节点列表中选中一个目标资源,要求:该资源处于非运行状态。对该资源执行启动动作。 +- 停止资源:资源节点列表中选中一个目标资源,要求:该资源处于运行状态。对该资源执行停止操作。 +- 清理资源:资源节点列表中选中一个目标资源,对该资源执行清理操作。 +- 迁移资源:资源节点列表中选中一个目标资源,要求:该资源为处于运行状态的普通资源或者组资源,执行迁移操作可以将资源迁移到指定节点上运行。 +- 回迁资源:资源节点列表中选中一个目标资源,要求:该资源已经完成迁移动作,执行回迁操作,可以清除该资源的迁移设置,资源重新迁回到原来的节点上运行。(点击按钮后,列表中该资源项的变化状态与启动资源时一致。) +- 删除资源:资源节点列表中选中一个目标资源,对该资源执行删除操作。 + +### 设置资源关系 + +资源关系即为目标资源设定限制条件,资源的限制条件分为三种:资源位置、资源协同和资源顺序。 + +- 资源位置:设置集群中的节点对于该资源的运行级别,由此确定启动或者切换时资源在哪个节点上运行,运行级别按照从高到低的顺序依次为:Master Node、Slave 1。 +- 资源协同:设置目标资源与集群中的其他资源是否运行在同一节点上,同节点资源表示该资源与目标资源必须运行在相同节点上,互斥节点资源表示该资源与目标资源不能运行在相同的节点上。 +- 资源顺序:设置目标资源与集群中的其他资源启动时的先后顺序,前置资源是指目标资源运行之前,该资源必须已经运行;后置资源是指目标资源运行之后,该资源才能运行。 + +## 高可用mysql实例配置 + +### 配置虚拟IP + +1. 在首页中点击“添加”,再选择添加普通资源,并按如下进行配置。 + + ![](./figures/HA-vip.png) + +2. 资源创建成功并启动,运行于其中一个节点上,例如ha1。 +3. 可以ping通并连接,登录后可正常执行各种操作;资源切换到ha2运行;能够正常访问。如下图所示。 + ![](./figures/HA-vip-suc.png) + +### 配置NFS存储 + +另找一台机器作为nfs服务端进行配置,操作步骤如下: + +1. 安装软件包 + + ```sh + # yum install -y nfs-utils rpcbind + ``` + +2. 关闭防火墙 + + ```sh + # systemctl stop firewalld && systemctl disable firewalld + ``` + +3. 修改/etc/selinux/config文件中SELINUX状态为disabled + + ```Conf + SELINUX=disabled + ``` + +4. 启动服务 + + ```sh + # systemctl start rpcbind && systemctl enable rpcbind + # systemctl start nfs-server && systemctl enable nfs-server + ``` + +5. 服务端创建一个共享目录 + + ```sh + # mkdir -p /test + ``` + +6. 修改NFS配置文件 + + ```sh + # vim /etc/exports + # /test *(rw,no_root_squash) + ``` + +7. 重新加载服务 + + ```sh + # systemctl reload nfs + ``` + +8. 客户端安装软件包,需要先安装mysql,可以将nfs挂载到mysql数据路径。 + + ```sh + # yum install -y nfs-utils mariadb-server + ``` + +9. 在首页中依次点击“添加”,“添加普通资源”,并按如下进行配置NFS资源。 + + ![](./figures/HA-nfs.png) + +10. 资源创建成功并启动,运行于其中一个节点上,例如ha1;nfs成功挂载到`/var/lib/mysql`路径下。资源切换到ha2运行;nfs从ha1节点取消挂载,并自动在ha2节点上挂载成功。如下图所示。 + + ![](./figures/HA-nfs-suc.png) + +### 配置mysql + +1. 在首页中依次点击“添加”,“添加普通资源”,并按如下进行配置mysql资源。 + + ![](./figures/HA-mariadb.png) + +2. 若回显为如下,则资源添加成功。 + + ![](./figures/HA-mariadb-suc.png) + +### 添加上述资源为组资源 + +1. 按资源启动顺序添加三个资源 + + 在首页中依次点击“添加”,“添加组资源”,并按如下进行配置组资源。 + + ![](./figures/HA-group-new.png) + +2. 组资源创建成功并启动,若回显与上述三个普通资源成功现象一致,则资源添加成功。 + + ![](./figures/HA-group-new-suc.png) + +3. 将ha1节点备用,成功迁移到ha2节点,运行正常。 + + ![](./figures/HA-group-new-suc2.png) diff --git a/docs/zh/docs/server/high_availability/ha/ha.md b/docs/zh/docs/server/high_availability/ha/ha.md new file mode 100644 index 0000000000000000000000000000000000000000..d50a900579f9f517ac0985bf7f7631185f91b509 --- /dev/null +++ b/docs/zh/docs/server/high_availability/ha/ha.md @@ -0,0 +1,3 @@ +# HA 用户指南 + +本节主要描述HA的安装和使用。 diff --git a/docs/zh/docs/Installation/RISC-V-LicheePi4A.md b/docs/zh/docs/server/installation_upgrade/installation/RISC-V-LicheePi4A.md similarity index 100% rename from docs/zh/docs/Installation/RISC-V-LicheePi4A.md rename to docs/zh/docs/server/installation_upgrade/installation/RISC-V-LicheePi4A.md diff --git a/docs/zh/docs/Installation/RISC-V-Pioneer1.3.md b/docs/zh/docs/server/installation_upgrade/installation/RISC-V-Pioneer1.3.md similarity index 100% rename from docs/zh/docs/Installation/RISC-V-Pioneer1.3.md rename to docs/zh/docs/server/installation_upgrade/installation/RISC-V-Pioneer1.3.md diff --git "a/docs/zh/docs/Installation/RISCV-OLK6.6\345\220\214\346\272\220\347\211\210\346\234\254\346\214\207\345\215\227.md" b/docs/zh/docs/server/installation_upgrade/installation/RISCV-OLK6.6-Homologous-Version.md similarity index 100% rename from "docs/zh/docs/Installation/RISCV-OLK6.6\345\220\214\346\272\220\347\211\210\346\234\254\346\214\207\345\215\227.md" rename to docs/zh/docs/server/installation_upgrade/installation/RISCV-OLK6.6-Homologous-Version.md diff --git a/docs/zh/docs/server/installation_upgrade/installation/_toc.yaml b/docs/zh/docs/server/installation_upgrade/installation/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c1f2306e8222271e74e511b8838a2cb181394572 --- /dev/null +++ b/docs/zh/docs/server/installation_upgrade/installation/_toc.yaml @@ -0,0 +1,40 @@ +label: 安装指南 +isManual: true +description: 安装 openEuler 操作系统 +sections: + - label: 安装在服务器 + href: ./installation-on-servers.md + sections: + - label: 安装准备 + href: ./installation-preparations.md + - label: 安装方式介绍 + href: ./installation-modes.md + - label: 安装指导 + href: ./installation-guide.md + - label: 使用kickstart自动化安装 + href: ./using-kickstart-for-automatic-installation.md + - label: 安装在树莓派 + href: ./install-pi.md + sections: + - label: 安装准备 + href: ./installation-preparations-1.md + - label: 安装方式介绍 + href: ./installation-modes-1.md + - label: 安装指导 + href: ./installation-guide-1.md + - label: 使用kickstart自动化安装 + href: ./using-kickstart-for-automatic-installation.md + - label: 更多资源 + href: ./more-resources.md + - label: 安装在RISC-V + href: ./risc-v.md + sections: + - label: 在QEMU上安装 + href: ./risc-v-qemu.md + - label: 在PioneerBox上安装 + href: ./RISC-V-Pioneer1.3.md + - label: 在LicheePiA上安装 + href: ./RISC-V-LicheePi4A.md + - label: RISCV-OLK6.6同源版本指南 + href: ./RISCV-OLK6.6-Homologous-Version.md + \ No newline at end of file diff --git "a/docs/zh/docs/Installation/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225-1.md" b/docs/zh/docs/server/installation_upgrade/installation/common-questions-and-solutions-1.md similarity index 100% rename from "docs/zh/docs/Installation/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225-1.md" rename to docs/zh/docs/server/installation_upgrade/installation/common-questions-and-solutions-1.md diff --git "a/docs/zh/docs/Installation/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/docs/server/installation_upgrade/installation/common-questions-and-solutions.md similarity index 100% rename from "docs/zh/docs/Installation/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/docs/server/installation_upgrade/installation/common-questions-and-solutions.md diff --git a/docs/zh/docs/Installation/figures/Advanced_User_Configuration.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Advanced_User_Configuration.png similarity index 100% rename from docs/zh/docs/Installation/figures/Advanced_User_Configuration.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Advanced_User_Configuration.png diff --git a/docs/zh/docs/Installation/figures/Automatic_installation_complete.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Automatic_installation_complete.png similarity index 100% rename from docs/zh/docs/Installation/figures/Automatic_installation_complete.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Automatic_installation_complete.png diff --git a/docs/zh/docs/Installation/figures/BIOS.png b/docs/zh/docs/server/installation_upgrade/installation/figures/BIOS.png similarity index 100% rename from docs/zh/docs/Installation/figures/BIOS.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/BIOS.png diff --git a/docs/zh/docs/Installation/figures/CD-ROM_drive_icon.png b/docs/zh/docs/server/installation_upgrade/installation/figures/CD-ROM_drive_icon.png similarity index 100% rename from docs/zh/docs/Installation/figures/CD-ROM_drive_icon.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/CD-ROM_drive_icon.png diff --git a/docs/zh/docs/Installation/figures/Configuration_error_prompt.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Configuration_error_prompt.png similarity index 100% rename from docs/zh/docs/Installation/figures/Configuration_error_prompt.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Configuration_error_prompt.png diff --git a/docs/zh/docs/Installation/figures/Disk_encryption_password.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Disk_encryption_password.png similarity index 100% rename from docs/zh/docs/Installation/figures/Disk_encryption_password.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Disk_encryption_password.png diff --git a/docs/zh/docs/Installation/figures/Image_dialog_box.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Image_dialog_box.png similarity index 100% rename from docs/zh/docs/Installation/figures/Image_dialog_box.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Image_dialog_box.png diff --git a/docs/zh/docs/Installation/figures/Installation_source.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Installation_source.png similarity index 100% rename from docs/zh/docs/Installation/figures/Installation_source.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Installation_source.png diff --git a/docs/zh/docs/Installation/figures/Installation_wizard.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Installation_wizard.png similarity index 100% rename from docs/zh/docs/Installation/figures/Installation_wizard.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Installation_wizard.png diff --git a/docs/zh/docs/Installation/figures/Keyboard_layout.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Keyboard_layout.png similarity index 100% rename from docs/zh/docs/Installation/figures/Keyboard_layout.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Keyboard_layout.png diff --git a/docs/zh/docs/Installation/figures/Manual_partitioning.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Manual_partitioning.png similarity index 100% rename from docs/zh/docs/Installation/figures/Manual_partitioning.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Manual_partitioning.png diff --git a/docs/zh/docs/Installation/figures/Manual_partitioning1.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Manual_partitioning1.png similarity index 100% rename from docs/zh/docs/Installation/figures/Manual_partitioning1.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Manual_partitioning1.png diff --git a/docs/zh/docs/Installation/figures/Megaraid_IO_Request_uncompleted.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Megaraid_IO_Request_uncompleted.png similarity index 100% rename from docs/zh/docs/Installation/figures/Megaraid_IO_Request_uncompleted.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Megaraid_IO_Request_uncompleted.png diff --git a/docs/zh/docs/Installation/figures/NetworkandHostName.png b/docs/zh/docs/server/installation_upgrade/installation/figures/NetworkandHostName.png similarity index 100% rename from docs/zh/docs/Installation/figures/NetworkandHostName.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/NetworkandHostName.png diff --git a/docs/zh/docs/Installation/figures/No-bootable-device-page.png b/docs/zh/docs/server/installation_upgrade/installation/figures/No-bootable-device-page.png similarity index 100% rename from docs/zh/docs/Installation/figures/No-bootable-device-page.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/No-bootable-device-page.png diff --git a/docs/zh/docs/Installation/figures/No-bootable-device.png b/docs/zh/docs/server/installation_upgrade/installation/figures/No-bootable-device.png similarity index 100% rename from docs/zh/docs/Installation/figures/No-bootable-device.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/No-bootable-device.png diff --git a/docs/zh/docs/Installation/figures/Partition_expansion.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Partition_expansion.png similarity index 100% rename from docs/zh/docs/Installation/figures/Partition_expansion.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Partition_expansion.png diff --git a/docs/zh/docs/Installation/figures/Setting_the_System_Boot_Option.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Setting_the_System_Boot_Option.png similarity index 100% rename from docs/zh/docs/Installation/figures/Setting_the_System_Boot_Option.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Setting_the_System_Boot_Option.png diff --git a/docs/zh/docs/Installation/figures/Target_installation_position.png b/docs/zh/docs/server/installation_upgrade/installation/figures/Target_installation_position.png similarity index 100% rename from docs/zh/docs/Installation/figures/Target_installation_position.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/Target_installation_position.png diff --git a/docs/zh/docs/Installation/figures/cancle_disk.png b/docs/zh/docs/server/installation_upgrade/installation/figures/cancle_disk.png similarity index 100% rename from docs/zh/docs/Installation/figures/cancle_disk.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/cancle_disk.png diff --git a/docs/zh/docs/Installation/figures/choice.png b/docs/zh/docs/server/installation_upgrade/installation/figures/choice.png similarity index 100% rename from docs/zh/docs/Installation/figures/choice.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/choice.png diff --git a/docs/zh/docs/Installation/figures/choicelanguage.png b/docs/zh/docs/server/installation_upgrade/installation/figures/choicelanguage.png similarity index 100% rename from docs/zh/docs/Installation/figures/choicelanguage.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/choicelanguage.png diff --git a/docs/zh/docs/Installation/figures/choosesoftware.png b/docs/zh/docs/server/installation_upgrade/installation/figures/choosesoftware.png similarity index 100% rename from docs/zh/docs/Installation/figures/choosesoftware.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/choosesoftware.png diff --git a/docs/zh/docs/Installation/figures/confignetwork1.png b/docs/zh/docs/server/installation_upgrade/installation/figures/confignetwork1.png similarity index 100% rename from docs/zh/docs/Installation/figures/confignetwork1.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/confignetwork1.png diff --git a/docs/zh/docs/Installation/figures/createuser.png b/docs/zh/docs/server/installation_upgrade/installation/figures/createuser.png similarity index 100% rename from docs/zh/docs/Installation/figures/createuser.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/createuser.png diff --git a/docs/zh/docs/Installation/figures/custom_paratition.png b/docs/zh/docs/server/installation_upgrade/installation/figures/custom_paratition.png similarity index 100% rename from docs/zh/docs/Installation/figures/custom_paratition.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/custom_paratition.png diff --git a/docs/zh/docs/Installation/figures/dateandtime.png b/docs/zh/docs/server/installation_upgrade/installation/figures/dateandtime.png similarity index 100% rename from docs/zh/docs/Installation/figures/dateandtime.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/dateandtime.png diff --git a/docs/zh/docs/Installation/figures/installation_overview.png b/docs/zh/docs/server/installation_upgrade/installation/figures/installation_overview.png similarity index 100% rename from docs/zh/docs/Installation/figures/installation_overview.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/installation_overview.png diff --git a/docs/zh/docs/Installation/figures/installation_procedure.png b/docs/zh/docs/server/installation_upgrade/installation/figures/installation_procedure.png similarity index 100% rename from docs/zh/docs/Installation/figures/installation_procedure.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/installation_procedure.png diff --git a/docs/zh/docs/Installation/figures/installsource.png b/docs/zh/docs/server/installation_upgrade/installation/figures/installsource.png similarity index 100% rename from docs/zh/docs/Installation/figures/installsource.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/installsource.png diff --git a/docs/zh/docs/Installation/figures/languagesupport.png b/docs/zh/docs/server/installation_upgrade/installation/figures/languagesupport.png similarity index 100% rename from docs/zh/docs/Installation/figures/languagesupport.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/languagesupport.png diff --git a/docs/zh/docs/Installation/figures/reset_devices.png b/docs/zh/docs/server/installation_upgrade/installation/figures/reset_devices.png similarity index 100% rename from docs/zh/docs/Installation/figures/reset_devices.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/reset_devices.png diff --git a/docs/zh/docs/Installation/figures/restart_icon.png b/docs/zh/docs/server/installation_upgrade/installation/figures/restart_icon.png similarity index 100% rename from docs/zh/docs/Installation/figures/restart_icon.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/restart_icon.png diff --git a/docs/zh/docs/Installation/figures/restarticon.png b/docs/zh/docs/server/installation_upgrade/installation/figures/restarticon.png similarity index 100% rename from docs/zh/docs/Installation/figures/restarticon.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/restarticon.png diff --git a/docs/zh/docs/Installation/figures/riscv-olk6.6.jpg b/docs/zh/docs/server/installation_upgrade/installation/figures/riscv-olk6.6.jpg similarity index 100% rename from docs/zh/docs/Installation/figures/riscv-olk6.6.jpg rename to docs/zh/docs/server/installation_upgrade/installation/figures/riscv-olk6.6.jpg diff --git a/docs/zh/docs/Installation/figures/root_password.png b/docs/zh/docs/server/installation_upgrade/installation/figures/root_password.png similarity index 100% rename from docs/zh/docs/Installation/figures/root_password.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/root_password.png diff --git a/docs/zh/docs/Installation/figures/security.png b/docs/zh/docs/server/installation_upgrade/installation/figures/security.png similarity index 100% rename from docs/zh/docs/Installation/figures/security.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/security.png diff --git a/docs/zh/docs/Installation/figures/select.png b/docs/zh/docs/server/installation_upgrade/installation/figures/select.png similarity index 100% rename from docs/zh/docs/Installation/figures/select.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/select.png diff --git a/docs/zh/docs/Installation/figures/select_software.png b/docs/zh/docs/server/installation_upgrade/installation/figures/select_software.png similarity index 100% rename from docs/zh/docs/Installation/figures/select_software.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/select_software.png diff --git a/docs/zh/docs/Installation/figures/selectlanguage.png b/docs/zh/docs/server/installation_upgrade/installation/figures/selectlanguage.png similarity index 100% rename from docs/zh/docs/Installation/figures/selectlanguage.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/selectlanguage.png diff --git a/docs/zh/docs/Installation/figures/sourceftp.png b/docs/zh/docs/server/installation_upgrade/installation/figures/sourceftp.png similarity index 100% rename from docs/zh/docs/Installation/figures/sourceftp.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/sourceftp.png diff --git a/docs/zh/docs/Installation/figures/sourcenfs.png b/docs/zh/docs/server/installation_upgrade/installation/figures/sourcenfs.png similarity index 100% rename from docs/zh/docs/Installation/figures/sourcenfs.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/sourcenfs.png diff --git a/docs/zh/docs/Installation/figures/startparam.png b/docs/zh/docs/server/installation_upgrade/installation/figures/startparam.png similarity index 100% rename from docs/zh/docs/Installation/figures/startparam.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/startparam.png diff --git a/docs/zh/docs/Installation/figures/target_install_position.png b/docs/zh/docs/server/installation_upgrade/installation/figures/target_install_position.png similarity index 100% rename from docs/zh/docs/Installation/figures/target_install_position.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/target_install_position.png diff --git a/docs/zh/docs/Installation/figures/zh-cn_image_0229291229.png b/docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291229.png similarity index 100% rename from docs/zh/docs/Installation/figures/zh-cn_image_0229291229.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291229.png diff --git a/docs/zh/docs/Installation/figures/zh-cn_image_0229291236.png b/docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291236.png similarity index 100% rename from docs/zh/docs/Installation/figures/zh-cn_image_0229291236.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291236.png diff --git a/docs/zh/docs/Installation/figures/zh-cn_image_0229291243.png b/docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291243.png similarity index 100% rename from docs/zh/docs/Installation/figures/zh-cn_image_0229291243.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291243.png diff --git a/docs/zh/docs/Installation/figures/zh-cn_image_0229291247.png b/docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291247.png similarity index 100% rename from docs/zh/docs/Installation/figures/zh-cn_image_0229291247.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291247.png diff --git a/docs/zh/docs/Installation/figures/zh-cn_image_0229291264.jpg b/docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291264.jpg similarity index 100% rename from docs/zh/docs/Installation/figures/zh-cn_image_0229291264.jpg rename to docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291264.jpg diff --git a/docs/zh/docs/Installation/figures/zh-cn_image_0229291270.png b/docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291270.png similarity index 100% rename from docs/zh/docs/Installation/figures/zh-cn_image_0229291270.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291270.png diff --git a/docs/zh/docs/Installation/figures/zh-cn_image_0229291272.png b/docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291272.png similarity index 100% rename from docs/zh/docs/Installation/figures/zh-cn_image_0229291272.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291272.png diff --git a/docs/zh/docs/Installation/figures/zh-cn_image_0229291280.png b/docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291280.png similarity index 100% rename from docs/zh/docs/Installation/figures/zh-cn_image_0229291280.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291280.png diff --git a/docs/zh/docs/Installation/figures/zh-cn_image_0229291286.png b/docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291286.png similarity index 100% rename from docs/zh/docs/Installation/figures/zh-cn_image_0229291286.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229291286.png diff --git a/docs/zh/docs/Installation/figures/zh-cn_image_0229420473.png b/docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229420473.png similarity index 100% rename from docs/zh/docs/Installation/figures/zh-cn_image_0229420473.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0229420473.png diff --git a/docs/zh/docs/Installation/figures/zh-cn_image_0231657950.png b/docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0231657950.png similarity index 100% rename from docs/zh/docs/Installation/figures/zh-cn_image_0231657950.png rename to docs/zh/docs/server/installation_upgrade/installation/figures/zh-cn_image_0231657950.png diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md" b/docs/zh/docs/server/installation_upgrade/installation/install-pi.md similarity index 100% rename from "docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md" rename to docs/zh/docs/server/installation_upgrade/installation/install-pi.md diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274-1.md" b/docs/zh/docs/server/installation_upgrade/installation/installation-guide-1.md similarity index 100% rename from "docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274-1.md" rename to docs/zh/docs/server/installation_upgrade/installation/installation-guide-1.md diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" b/docs/zh/docs/server/installation_upgrade/installation/installation-guide.md similarity index 100% rename from "docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" rename to docs/zh/docs/server/installation_upgrade/installation/installation-guide.md diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215-1.md" b/docs/zh/docs/server/installation_upgrade/installation/installation-modes-1.md similarity index 100% rename from "docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215-1.md" rename to docs/zh/docs/server/installation_upgrade/installation/installation-modes-1.md diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" b/docs/zh/docs/server/installation_upgrade/installation/installation-modes.md similarity index 100% rename from "docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" rename to docs/zh/docs/server/installation_upgrade/installation/installation-modes.md diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md" b/docs/zh/docs/server/installation_upgrade/installation/installation-on-servers.md similarity index 100% rename from "docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md" rename to docs/zh/docs/server/installation_upgrade/installation/installation-on-servers.md diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207-1.md" b/docs/zh/docs/server/installation_upgrade/installation/installation-preparations-1.md similarity index 100% rename from "docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207-1.md" rename to docs/zh/docs/server/installation_upgrade/installation/installation-preparations-1.md diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" b/docs/zh/docs/server/installation_upgrade/installation/installation-preparations.md similarity index 100% rename from "docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" rename to docs/zh/docs/server/installation_upgrade/installation/installation-preparations.md diff --git a/docs/zh/docs/Installation/installation.md b/docs/zh/docs/server/installation_upgrade/installation/installation.md similarity index 100% rename from docs/zh/docs/Installation/installation.md rename to docs/zh/docs/server/installation_upgrade/installation/installation.md diff --git "a/docs/zh/docs/Installation/\346\233\264\345\244\232\350\265\204\346\272\220.md" b/docs/zh/docs/server/installation_upgrade/installation/more-resources.md similarity index 100% rename from "docs/zh/docs/Installation/\346\233\264\345\244\232\350\265\204\346\272\220.md" rename to docs/zh/docs/server/installation_upgrade/installation/more-resources.md diff --git a/docs/zh/docs/Installation/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/Installation/public_sys-resources/icon-caution.gif rename to docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/Installation/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/Installation/public_sys-resources/icon-danger.gif rename to docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/DPUOffload/public_sys-resources/icon-note.gif b/docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/DPUOffload/public_sys-resources/icon-note.gif rename to docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/Installation/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/Installation/public_sys-resources/icon-notice.gif rename to docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/Installation/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/Installation/public_sys-resources/icon-tip.gif rename to docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/Installation/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/Installation/public_sys-resources/icon-warning.gif rename to docs/zh/docs/server/installation_upgrade/installation/public_sys-resources/icon-warning.gif diff --git a/docs/zh/docs/Installation/RISC-V-QEMU.md b/docs/zh/docs/server/installation_upgrade/installation/risc-v-qemu.md similarity index 100% rename from docs/zh/docs/Installation/RISC-V-QEMU.md rename to docs/zh/docs/server/installation_upgrade/installation/risc-v-qemu.md diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250RISC-V.md" b/docs/zh/docs/server/installation_upgrade/installation/risc-v.md similarity index 100% rename from "docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250RISC-V.md" rename to docs/zh/docs/server/installation_upgrade/installation/risc-v.md diff --git "a/docs/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" b/docs/zh/docs/server/installation_upgrade/installation/using-kickstart-for-automatic-installation.md similarity index 100% rename from "docs/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" rename to docs/zh/docs/server/installation_upgrade/installation/using-kickstart-for-automatic-installation.md diff --git a/docs/zh/docs/server/installation_upgrade/upgrade/_toc.yaml b/docs/zh/docs/server/installation_upgrade/upgrade/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..4eac27f278f787aa691da419fda47c178cd88621 --- /dev/null +++ b/docs/zh/docs/server/installation_upgrade/upgrade/_toc.yaml @@ -0,0 +1,6 @@ +label: 升级指南 +isManual: true +description: 升级 openEuler 操作系统 +sections: + - label: 升降级指导 + href: ./openeuler-22.03-lts-upgrade-and-downgrade-guide.md diff --git a/docs/zh/docs/os_upgrade_and_downgrade/images/LTS_version.png b/docs/zh/docs/server/installation_upgrade/upgrade/images/LTS_version.png similarity index 100% rename from docs/zh/docs/os_upgrade_and_downgrade/images/LTS_version.png rename to docs/zh/docs/server/installation_upgrade/upgrade/images/LTS_version.png diff --git a/docs/zh/docs/os_upgrade_and_downgrade/images/SP1_repo.png b/docs/zh/docs/server/installation_upgrade/upgrade/images/SP1_repo.png similarity index 100% rename from docs/zh/docs/os_upgrade_and_downgrade/images/SP1_repo.png rename to docs/zh/docs/server/installation_upgrade/upgrade/images/SP1_repo.png diff --git a/docs/zh/docs/os_upgrade_and_downgrade/images/SP1_version.png b/docs/zh/docs/server/installation_upgrade/upgrade/images/SP1_version.png similarity index 100% rename from docs/zh/docs/os_upgrade_and_downgrade/images/SP1_version.png rename to docs/zh/docs/server/installation_upgrade/upgrade/images/SP1_version.png diff --git "a/docs/zh/docs/os_upgrade_and_downgrade/openEuler 22.03 LTS\345\215\207\351\231\215\347\272\247\346\214\207\345\257\274.md" b/docs/zh/docs/server/installation_upgrade/upgrade/openEuler-22.03-lts-upgrade-and-downgrade-guide.md similarity index 100% rename from "docs/zh/docs/os_upgrade_and_downgrade/openEuler 22.03 LTS\345\215\207\351\231\215\347\272\247\346\214\207\345\257\274.md" rename to docs/zh/docs/server/installation_upgrade/upgrade/openEuler-22.03-lts-upgrade-and-downgrade-guide.md diff --git a/docs/zh/docs/server/maintenance/_toc.yaml b/docs/zh/docs/server/maintenance/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..7447ce20279eaa7bcd5244b443e2b607cda3a4f8 --- /dev/null +++ b/docs/zh/docs/server/maintenance/_toc.yaml @@ -0,0 +1,9 @@ +label: 运维指南 +isManual: true +description: 运维指南 +sections: + - label: 运维指南 + href: ./overview.md + sections: + - label: 运维概述 + href: ./operation-and-maintenance-overview.md diff --git a/docs/zh/docs/server/maintenance/aops/_toc.yaml b/docs/zh/docs/server/maintenance/aops/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3d87f98d47e0d167f5c73acf94766f535cc01edf --- /dev/null +++ b/docs/zh/docs/server/maintenance/aops/_toc.yaml @@ -0,0 +1,20 @@ +label: A-Ops用户指南 +isManual: true +description: 使用 A-Ops 智能运维框架进行故障快速定位、配置项统筹管理等 +sections: + - label: 部署A-Ops + href: ./deploying-aops.md + - label: 使用A-Ops智能定位框架 + href: ./aops-intelligent-positioning-framework-user-manual.md + - label: aops漏洞管理模块使用手册 + href: ./aops-vulnerability-management-module-user-manual.md + - label: 使用热补丁dnf插件 + href: ./dnf-command-usage.md + - label: 配置溯源服务 + href: ./configuration-tracing-service-user-manual.md + - label: 社区热补丁制作发布流程 + href: ./community-hotpatch-creation-and-release-process.md + - label: AOps一键化部署指南 + href: ./configuration-tracing-service-user-manual.md + - label: AOps资产管理使用手册 + href: ./aops-asset-management-user-manual.md diff --git "a/docs/zh/docs/A-Ops/AOps\350\265\204\344\272\247\347\256\241\347\220\206\344\275\277\347\224\250\346\211\213\345\206\214.md" b/docs/zh/docs/server/maintenance/aops/aops-asset-management-user-manual.md similarity index 100% rename from "docs/zh/docs/A-Ops/AOps\350\265\204\344\272\247\347\256\241\347\220\206\344\275\277\347\224\250\346\211\213\345\206\214.md" rename to docs/zh/docs/server/maintenance/aops/aops-asset-management-user-manual.md diff --git "a/docs/zh/docs/A-Ops/AOps\346\231\272\350\203\275\345\256\232\344\275\215\346\241\206\346\236\266\344\275\277\347\224\250\346\211\213\345\206\214.md" b/docs/zh/docs/server/maintenance/aops/aops-intelligent-positioning-framework-user-manual.md similarity index 100% rename from "docs/zh/docs/A-Ops/AOps\346\231\272\350\203\275\345\256\232\344\275\215\346\241\206\346\236\266\344\275\277\347\224\250\346\211\213\345\206\214.md" rename to docs/zh/docs/server/maintenance/aops/aops-intelligent-positioning-framework-user-manual.md diff --git "a/docs/zh/docs/A-Ops/AOps\344\270\200\351\224\256\345\214\226\351\203\250\347\275\262\346\214\207\345\215\227.md" b/docs/zh/docs/server/maintenance/aops/aops-one-click-deployment-guide.md similarity index 100% rename from "docs/zh/docs/A-Ops/AOps\344\270\200\351\224\256\345\214\226\351\203\250\347\275\262\346\214\207\345\215\227.md" rename to docs/zh/docs/server/maintenance/aops/aops-one-click-deployment-guide.md diff --git "a/docs/zh/docs/A-Ops/AOps\346\274\217\346\264\236\347\256\241\347\220\206\346\250\241\345\235\227\344\275\277\347\224\250\346\211\213\345\206\214.md" b/docs/zh/docs/server/maintenance/aops/aops-vulnerability-management-module-user-manual.md similarity index 97% rename from "docs/zh/docs/A-Ops/AOps\346\274\217\346\264\236\347\256\241\347\220\206\346\250\241\345\235\227\344\275\277\347\224\250\346\211\213\345\206\214.md" rename to docs/zh/docs/server/maintenance/aops/aops-vulnerability-management-module-user-manual.md index 1455792eb60a4769ac466e454f95591935c5985b..f33761ecb282073149f0bd41bde33a4e6ad97622 100644 --- "a/docs/zh/docs/A-Ops/AOps\346\274\217\346\264\236\347\256\241\347\220\206\346\250\241\345\235\227\344\275\277\347\224\250\346\211\213\345\206\214.md" +++ b/docs/zh/docs/server/maintenance/aops/aops-vulnerability-management-module-user-manual.md @@ -1,286 +1,286 @@ -# AOps漏洞管理模块使用手册 - -参照[AOps部署指南](AOps部署指南.md)部署AOps前后端服务,并参照[AOps资产管理使用手册](AOps资产管理使用手册.md)纳管了主机后,即可使用AOps漏洞管理模块。 - -A-Ops智能运维工具的智能补丁管理模块(**apollo**)主要集成了**漏洞扫描、CVE修复、任务回退**、**热补丁移除**等核心功能: - -- 支持对openEuler已修复并发布的漏洞进行手动/定时扫描。漏洞的详细信息通过**在线/离线**同步社区发布的安全公告进行获取。当前聚焦于内核漏洞的处理,后续支持用户态软件包漏洞。 - -- 支持漏洞批量修复。修复过程中,客户端会命令行调用基于dnf原生框架的dnf hotpatch插件,实现**冷补丁(需重启)/热补丁(免重启)**的修复。此插件将底层冷、热补丁的管理封装成统一的入口,方便单机用户的使用和集群的调用。 - -- 支持通过任务粒度回退或移除热补丁的形式,将系统恢复至原状态。 - -下文将按照漏洞修复的工作流来进行A-Ops智能补丁管理功能的介绍。 - -## 1. 配置repo源 - -openEuler的漏洞信息通过安全公告对外发布,同时在update源中发布修复所用的软件包及相应元数据。配置了update源后即可在命令行通过dnf updateinfo list cves命令或dnf hot-updateinfo list cves(需安装A-Ops的dnf热补丁插件)进行漏洞的扫描。 - -默认的openEuler系统安装后自带对应OS版本的冷补丁update源。对于自定义或离线场景,用户可以通过设置repo来自行配置冷/热补丁的update源。 - -### 1.1 Repo源添加 - -漏洞管理界面用于对目标主机存在的CVE进行监控与修复。 - -当前漏洞管理模块分为以下三个界面: - -- 主机列表界面 -- CVEs界面 -- 任务列表界面 - -进入漏洞管理的主机管理子页面,可以从主机粒度看到当前纳管的所有主机的**已修复和未修复漏洞**情况: - -![主机列表界面](./figures/漏洞管理/主机列表界面.png) - -点击下方CVE REPO的加号框,随后在弹出界面中,输入REPO源名称与REPO内容,点击右下角“确定”按钮即可进行repo源的添加: - -![添加REPO源](./figures/漏洞管理/添加repo源.png) - -若不清楚格式,可以点击下载模板按钮查看。注意baseurl和gpgkey要配置为客户端OS版本的对应地址。用户也可以直接上传编辑好的repo文件。 - -新建repo完毕后,即可在CVE REPO列表中进行查看或删除。 - -### 1.2 Repo设置 - -新建repo源后,点击右上角“设置repo”的按钮,可以创建一个任务,为勾选的主机进行批量的repo设置。 - -![设置repo](./figures/漏洞管理/设置repo源.png) - -点击“创建”或“立即执行”后会生成一个repo设置任务,执行完毕后即可在主机列表界面看到已设置好该repo源。 - -## 2. 漏洞扫描 - -确认好主机上已配置好repo源(或使用默认安装时自带的repo源)后,我们就可以为主机进行批量扫描了。直接点击右侧的漏洞扫描,默认扫描全部主机。用户也可以勾选部分主机进行扫描。 - -除了手动扫描,用户也可以配置后台定时任务,进行每日定时扫描。 - -![漏洞扫描](./figures/漏洞管理/漏洞扫描.png) - -扫描完毕后,若用户在创建用户时配置了邮箱信息,apollo会将漏洞情况邮件发送给用户。 - -![邮件通知](./figures/漏洞管理/邮件通知.png) - -## 3. 漏洞查看 - -### 3.1 主机详情信息界面 - -扫描完毕后,除了上文的主机列表可以看到每个主机的已修复和未修复的CVE数量,还可以点击某台主机查看详细的CVE信息: - -![主机详情](./figures/漏洞管理/主机详情.png) - -支持如下操作: - -- 查看主机基本信息与CVE个数 -- 查看该主机未修复CVE和已修复CVE列表,支持导出。未修复CVE展开后可以看到受影响的RPM包及支持的修复方法,已修复CVE展开后可以看到修复使用的RPM。 -- 生成CVE修复任务(切换至“未修复”时,才可支持CVE修复任务创建),可支持CVE粒度的任务创建,同时也可具体到特定的rpm包修复 -- 生成热补丁移除任务(切换至“已修复”时,才可支持生成热补丁移除任务) -- 单机漏洞扫描 - -### 3.2 CVE列表界面 - -上文介绍了从主机维度查看漏洞情况,我们也可以从**漏洞维度**去查看我们重点关注的漏洞。 - -点击CVEs子页面,可以看到未修复和已修复两个页签,下方详细介绍了每个CVE的发布时间、影响软件包、严重性等信息,展开后则能看到描述信息及受影响的rpm包和支持的修复方式。 - -![CVEs列表](./figures/漏洞管理/cve列表.png) - -支持如下操作: - -- 查看所有CVE信息(CVE严重性进行筛选、CVE ID、发布时间、CVSS分数、主机数量进行排序,可根据CVE ID或软件包名称进行检索) -- 切换至“未修复”列表 - - 展开某CVE可以看到受影响的RPM包和支持的修复方法,以及该组合对应的主机 - - 右侧按钮为“生成修复任务”,支持生成**CVE修复任务** - -- 切换至“已修复”列表 - - 展开某CVE可以看到修复使用的RPM及对应的主机 - - 右侧按钮为“热补丁移除”,针对热补丁修复的CVE,可生成**热补丁移除任务** - -- 上传安全公告 - -这里对安全公告的上传简单说明: - -apollo支持定时从openEuler官网下载安全公告信息,针对无法连接外网的环境,提供了安全公告的手动上传功能。当前社区仅对社区软件包受影响的CVE发布了安全公告,用户可以从以下地址下载安全公告并上传压缩包:[https://repo.openeuler.org/security/data/cvrf/](https://gitee.com/link?target=https%3A%2F%2Frepo.openeuler.org%2Fsecurity%2Fdata%2Fcvrf%2F) - -![上传安全公告](./figures/漏洞管理/上传安全公告.png) - -社区也提供了安全公告订阅,订阅后会收到邮件通知:[https://mailweb.openeuler.org/postorius/lists/sa-announce.openeuler.org/](https://mailweb.openeuler.org/postorius/lists/sa-announce.openeuler.org/) - -### 3.3 CVE详情信息 - -和主机详情界面类似,在CVE列表界面点击某一个CVE即可进入CVE详情界面。可以看到此漏洞影响的所有主机和已修复这个漏洞的主机。 - -![CVE详情](./figures/漏洞管理/CVE详情界面.png) - -支持如下操作: - -- 查看CVE基本信息 -- 查看关联CVE数量,即影响同样源码包(如kernel)的CVE -- 查看受此CVE影响的主机列表以及单个主机上受此CVE影响的rpm包列表 -- 支持点击主机名称跳转至**主机详情页** -- 选择“未修复”列表,右侧按钮为“生成修复任务,支持**生成CVE修复任务** -- 选择“已修复”列表,右侧按钮为“热补丁移除任务”,支持**生成热补丁移除任务** - -## 4. 漏洞修复 - -### 4.1 生成修复任务 - -在CVE列表、CVE详情、主机详情界面均可进行漏洞的批量修复。这里以CVE列表界面为示例,选中CVE点击“生成修复任务”按钮,右侧会出现弹窗。不选中CVE则默认修复全部CVE。 - -其中针对热补丁,有2个按钮: - -- 是否accept:勾选后会在重启后自动激活此次修复使用的热补丁 - -- 冷补丁收编:勾选后,会同步生成热补丁对应的冷补丁的修复任务 - -![生成修复任务](./figures/漏洞管理/生成修复任务.png) - -需额外注意: - -- 为了方便执行以及后续的任务回滚,生成任务时会自动将冷、热补丁的修复动作拆分成两个任务,可以通过任务名进行分辨。 - -### 4.2 执行修复任务 - -生成任务后可以点击立即跳转到该任务详情,或点击左侧的任务子页面,进入任务列表界面: - -![任务列表](./figures/漏洞管理/任务列表.png) - -点击刚才生成的修复任务,可以看到此任务的基础信息,以及下方的主机以及该主机要修复的软件包信息。点击右侧的执行按钮即可执行。 - -![任务详情界面](./figures/漏洞管理/任务详情.png) - -**注意**:针对同一台主机,**热补丁任务应优先与冷补丁任务执行**。由于内核热补丁只能应用在指定版本内核,若先安装冷补丁再安装热补丁,aops客户端会报错,以防重启后内核切换、热补丁失效导致的漏洞重新暴露。而先安装热补丁再安装冷补丁时,客户端调用的dnf upgrade-en 命令会确保冷补丁包含了当前热补丁修复的漏洞。 - -### 4.3 任务报告查看 - -执行完毕后,可以看到任务的“上次执行时间”发生更新,并出现“查看报告”按钮。点击查看报告,即可查看各主机的执行情况,如执行结果、执行失败的原因等: - -![修复任务报告](./figures/漏洞管理/修复任务报告.png) - -## 5. 修复任务回滚 - -进入修复任务详情,点击生成回滚任务,即可对该修复任务进行回退: - -![生成回滚任务](./figures/漏洞管理/生成回滚任务.png) - -进入回滚任务详情,与修复任务相反,可以看见当前已安装的软件包(修复时安装的rpm),以及回退后的目标软件包(修复前的rpm)。执行时点击“执行”按钮即可。 - -![回滚任务详情](./figures/漏洞管理/回滚任务详情.png) - -## 6. 热补丁移除任务 - -若对已安装的热补丁不满意,可以在任意“已修复”的列表,勾选使用热补丁修复的CVE或主机,生成热补丁移除任务。 - -与回滚任务相比,热补丁移除任务只针对热补丁,且不支持对热补丁的升降级处理,只通过dnf操作将热补丁rpm进行移除。 - -![生成热补丁移除任务](./figures/漏洞管理/生成热补丁移除任务.png) - -## 7.定时任务配置 - -主体的漏洞处理过程在前台完成之后,用户还可以在apollo服务端针对后台的定时任务进行编辑,修改后`systemctl restart aops-apollo`重启服务生效。 - -定时任务主要包含3种类型任务,定时任务配置文件位于 /etc/aops/apollo_crontab.ini,内容如下: - -```ini -[cve_scan] -# timed task name -id = cve scan -# value between 0-6, for example, 0 means Monday, 0-6means everyday. -day_of_week = 0-6 -# value between 0-23, for example, 2 means 2:00 in a day. -hour = 2 -# value is true or false, for example, true means with service start. -auto_start = true - -[download_sa] -id = download sa -day_of_week = 0-6 -hour = 3 -auto_start = true -cvrf_url = https://repo.openeuler.org/security/data/cvrf - -[correct_data] -id = correct data -day_of_week = 0-6 -hour = 4 -auto_start = true -service_timeout_threshold_min = 15 -``` - -### 7.1 定时巡检,执行漏洞扫描 - -**定时扫描cve任务的参数** - -- id - - > 定时任务的名称,不能与其他定时任务名称重复,不建议修改。 - -- day_of_week - - > 定时任务在一周中的第几天启动,取值范围0-6,0-6表示每天,0表示周一,以此类推。 - -- hour - - > 任务启动的时间,取值范围0-23,与24小时制时间格式一致。 - -- auto_start - - > 任务是否跟随服务启动,true表示同时启动,false表示不同时启动。 - -- 其他 - - > 如果要精确到分钟,秒,需要添加minute(取值范围0-59)和second(取值范围0-59)。 - > - > **示例** - > - > ```ini - > minute = 0 - > second = 0 - > ``` - -**修改配置文件示例** - -> 打开配置文件 - -```shell -vim /etc/aops/apollo_crontab.ini -``` - -> 修改定时任务执行时机 - -```ini -[cve_scan] -id = cve scan -day_of_week = 5 -hour = 2 -auto_start = true -``` - -### 7.2 定时下载安全公告 - -相同字段含义和使用与[cve_scan]一样。 - -- cvrf_url - - > 获取安全公告详细信息的基础url,**暂不支持修改。** - -### 7.3 定时校正异常数据 - -相同字段含义和使用与[cve_scan]一样。 - -- service_timeout_threshold_min - - > 判断异常数据的阈值,取值为正整数,建议最小值为15。 - -**修改配置文件示例** - -> 打开配置文件 - -```shell -vim /etc/aops/apollo_crontab.ini -``` - -> 设置异常数据阈值 - -```ini -service_timeout_threshold_min = 15 -``` +# AOps漏洞管理模块使用手册 + +参照[AOps部署指南](AOps部署指南.md)部署AOps前后端服务,并参照[AOps资产管理使用手册](AOps资产管理使用手册.md)纳管了主机后,即可使用AOps漏洞管理模块。 + +A-Ops智能运维工具的智能补丁管理模块(**apollo**)主要集成了**漏洞扫描、CVE修复、任务回退**、**热补丁移除**等核心功能: + +- 支持对openEuler已修复并发布的漏洞进行手动/定时扫描。漏洞的详细信息通过**在线/离线**同步社区发布的安全公告进行获取。当前聚焦于内核漏洞的处理,后续支持用户态软件包漏洞。 + +- 支持漏洞批量修复。修复过程中,客户端会命令行调用基于dnf原生框架的dnf hotpatch插件,实现**冷补丁(需重启)/热补丁(免重启)**的修复。此插件将底层冷、热补丁的管理封装成统一的入口,方便单机用户的使用和集群的调用。 + +- 支持通过任务粒度回退或移除热补丁的形式,将系统恢复至原状态。 + +下文将按照漏洞修复的工作流来进行A-Ops智能补丁管理功能的介绍。 + +## 1. 配置repo源 + +openEuler的漏洞信息通过安全公告对外发布,同时在update源中发布修复所用的软件包及相应元数据。配置了update源后即可在命令行通过dnf updateinfo list cves命令或dnf hot-updateinfo list cves(需安装A-Ops的dnf热补丁插件)进行漏洞的扫描。 + +默认的openEuler系统安装后自带对应OS版本的冷补丁update源。对于自定义或离线场景,用户可以通过设置repo来自行配置冷/热补丁的update源。 + +### 1.1 Repo源添加 + +漏洞管理界面用于对目标主机存在的CVE进行监控与修复。 + +当前漏洞管理模块分为以下三个界面: + +- 主机列表界面 +- CVEs界面 +- 任务列表界面 + +进入漏洞管理的主机管理子页面,可以从主机粒度看到当前纳管的所有主机的**已修复和未修复漏洞**情况: + +![主机列表界面](./figures/漏洞管理/主机列表界面.png) + +点击下方CVE REPO的加号框,随后在弹出界面中,输入REPO源名称与REPO内容,点击右下角“确定”按钮即可进行repo源的添加: + +![添加REPO源](./figures/漏洞管理/添加repo源.png) + +若不清楚格式,可以点击下载模板按钮查看。注意baseurl和gpgkey要配置为客户端OS版本的对应地址。用户也可以直接上传编辑好的repo文件。 + +新建repo完毕后,即可在CVE REPO列表中进行查看或删除。 + +### 1.2 Repo设置 + +新建repo源后,点击右上角“设置repo”的按钮,可以创建一个任务,为勾选的主机进行批量的repo设置。 + +![设置repo](./figures/漏洞管理/设置repo源.png) + +点击“创建”或“立即执行”后会生成一个repo设置任务,执行完毕后即可在主机列表界面看到已设置好该repo源。 + +## 2. 漏洞扫描 + +确认好主机上已配置好repo源(或使用默认安装时自带的repo源)后,我们就可以为主机进行批量扫描了。直接点击右侧的漏洞扫描,默认扫描全部主机。用户也可以勾选部分主机进行扫描。 + +除了手动扫描,用户也可以配置后台定时任务,进行每日定时扫描。 + +![漏洞扫描](./figures/漏洞管理/漏洞扫描.png) + +扫描完毕后,若用户在创建用户时配置了邮箱信息,apollo会将漏洞情况邮件发送给用户。 + +![邮件通知](./figures/漏洞管理/邮件通知.png) + +## 3. 漏洞查看 + +### 3.1 主机详情信息界面 + +扫描完毕后,除了上文的主机列表可以看到每个主机的已修复和未修复的CVE数量,还可以点击某台主机查看详细的CVE信息: + +![主机详情](./figures/漏洞管理/主机详情.png) + +支持如下操作: + +- 查看主机基本信息与CVE个数 +- 查看该主机未修复CVE和已修复CVE列表,支持导出。未修复CVE展开后可以看到受影响的RPM包及支持的修复方法,已修复CVE展开后可以看到修复使用的RPM。 +- 生成CVE修复任务(切换至“未修复”时,才可支持CVE修复任务创建),可支持CVE粒度的任务创建,同时也可具体到特定的rpm包修复 +- 生成热补丁移除任务(切换至“已修复”时,才可支持生成热补丁移除任务) +- 单机漏洞扫描 + +### 3.2 CVE列表界面 + +上文介绍了从主机维度查看漏洞情况,我们也可以从**漏洞维度**去查看我们重点关注的漏洞。 + +点击CVEs子页面,可以看到未修复和已修复两个页签,下方详细介绍了每个CVE的发布时间、影响软件包、严重性等信息,展开后则能看到描述信息及受影响的rpm包和支持的修复方式。 + +![CVEs列表](./figures/漏洞管理/cve列表.png) + +支持如下操作: + +- 查看所有CVE信息(CVE严重性进行筛选、CVE ID、发布时间、CVSS分数、主机数量进行排序,可根据CVE ID或软件包名称进行检索) +- 切换至“未修复”列表 + - 展开某CVE可以看到受影响的RPM包和支持的修复方法,以及该组合对应的主机 + - 右侧按钮为“生成修复任务”,支持生成**CVE修复任务** + +- 切换至“已修复”列表 + - 展开某CVE可以看到修复使用的RPM及对应的主机 + - 右侧按钮为“热补丁移除”,针对热补丁修复的CVE,可生成**热补丁移除任务** + +- 上传安全公告 + +这里对安全公告的上传简单说明: + +apollo支持定时从openEuler官网下载安全公告信息,针对无法连接外网的环境,提供了安全公告的手动上传功能。当前社区仅对社区软件包受影响的CVE发布了安全公告,用户可以从以下地址下载安全公告并上传压缩包:[https://repo.openeuler.org/security/data/cvrf/](https://gitee.com/link?target=https%3A%2F%2Frepo.openeuler.org%2Fsecurity%2Fdata%2Fcvrf%2F) + +![上传安全公告](./figures/漏洞管理/上传安全公告.png) + +社区也提供了安全公告订阅,订阅后会收到邮件通知:[https://mailweb.openeuler.org/postorius/lists/sa-announce.openeuler.org/](https://mailweb.openeuler.org/postorius/lists/sa-announce.openeuler.org/) + +### 3.3 CVE详情信息 + +和主机详情界面类似,在CVE列表界面点击某一个CVE即可进入CVE详情界面。可以看到此漏洞影响的所有主机和已修复这个漏洞的主机。 + +![CVE详情](./figures/漏洞管理/CVE详情界面.png) + +支持如下操作: + +- 查看CVE基本信息 +- 查看关联CVE数量,即影响同样源码包(如kernel)的CVE +- 查看受此CVE影响的主机列表以及单个主机上受此CVE影响的rpm包列表 +- 支持点击主机名称跳转至**主机详情页** +- 选择“未修复”列表,右侧按钮为“生成修复任务,支持**生成CVE修复任务** +- 选择“已修复”列表,右侧按钮为“热补丁移除任务”,支持**生成热补丁移除任务** + +## 4. 漏洞修复 + +### 4.1 生成修复任务 + +在CVE列表、CVE详情、主机详情界面均可进行漏洞的批量修复。这里以CVE列表界面为示例,选中CVE点击“生成修复任务”按钮,右侧会出现弹窗。不选中CVE则默认修复全部CVE。 + +其中针对热补丁,有2个按钮: + +- 是否accept:勾选后会在重启后自动激活此次修复使用的热补丁 + +- 冷补丁收编:勾选后,会同步生成热补丁对应的冷补丁的修复任务 + +![生成修复任务](./figures/漏洞管理/生成修复任务.png) + +需额外注意: + +- 为了方便执行以及后续的任务回滚,生成任务时会自动将冷、热补丁的修复动作拆分成两个任务,可以通过任务名进行分辨。 + +### 4.2 执行修复任务 + +生成任务后可以点击立即跳转到该任务详情,或点击左侧的任务子页面,进入任务列表界面: + +![任务列表](./figures/漏洞管理/任务列表.png) + +点击刚才生成的修复任务,可以看到此任务的基础信息,以及下方的主机以及该主机要修复的软件包信息。点击右侧的执行按钮即可执行。 + +![任务详情界面](./figures/漏洞管理/任务详情.png) + +**注意**:针对同一台主机,**热补丁任务应优先与冷补丁任务执行**。由于内核热补丁只能应用在指定版本内核,若先安装冷补丁再安装热补丁,aops客户端会报错,以防重启后内核切换、热补丁失效导致的漏洞重新暴露。而先安装热补丁再安装冷补丁时,客户端调用的dnf upgrade-en 命令会确保冷补丁包含了当前热补丁修复的漏洞。 + +### 4.3 任务报告查看 + +执行完毕后,可以看到任务的“上次执行时间”发生更新,并出现“查看报告”按钮。点击查看报告,即可查看各主机的执行情况,如执行结果、执行失败的原因等: + +![修复任务报告](./figures/漏洞管理/修复任务报告.png) + +## 5. 修复任务回滚 + +进入修复任务详情,点击生成回滚任务,即可对该修复任务进行回退: + +![生成回滚任务](./figures/漏洞管理/生成回滚任务.png) + +进入回滚任务详情,与修复任务相反,可以看见当前已安装的软件包(修复时安装的rpm),以及回退后的目标软件包(修复前的rpm)。执行时点击“执行”按钮即可。 + +![回滚任务详情](./figures/漏洞管理/回滚任务详情.png) + +## 6. 热补丁移除任务 + +若对已安装的热补丁不满意,可以在任意“已修复”的列表,勾选使用热补丁修复的CVE或主机,生成热补丁移除任务。 + +与回滚任务相比,热补丁移除任务只针对热补丁,且不支持对热补丁的升降级处理,只通过dnf操作将热补丁rpm进行移除。 + +![生成热补丁移除任务](./figures/漏洞管理/生成热补丁移除任务.png) + +## 7.定时任务配置 + +主体的漏洞处理过程在前台完成之后,用户还可以在apollo服务端针对后台的定时任务进行编辑,修改后`systemctl restart aops-apollo`重启服务生效。 + +定时任务主要包含3种类型任务,定时任务配置文件位于 /etc/aops/apollo_crontab.ini,内容如下: + +```ini +[cve_scan] +# timed task name +id = cve scan +# value between 0-6, for example, 0 means Monday, 0-6means everyday. +day_of_week = 0-6 +# value between 0-23, for example, 2 means 2:00 in a day. +hour = 2 +# value is true or false, for example, true means with service start. +auto_start = true + +[download_sa] +id = download sa +day_of_week = 0-6 +hour = 3 +auto_start = true +cvrf_url = https://repo.openeuler.org/security/data/cvrf + +[correct_data] +id = correct data +day_of_week = 0-6 +hour = 4 +auto_start = true +service_timeout_threshold_min = 15 +``` + +### 7.1 定时巡检,执行漏洞扫描 + +**定时扫描cve任务的参数** + +- id + + > 定时任务的名称,不能与其他定时任务名称重复,不建议修改。 + +- day_of_week + + > 定时任务在一周中的第几天启动,取值范围0-6,0-6表示每天,0表示周一,以此类推。 + +- hour + + > 任务启动的时间,取值范围0-23,与24小时制时间格式一致。 + +- auto_start + + > 任务是否跟随服务启动,true表示同时启动,false表示不同时启动。 + +- 其他 + + > 如果要精确到分钟,秒,需要添加minute(取值范围0-59)和second(取值范围0-59)。 + > + > **示例** + > + > ```ini + > minute = 0 + > second = 0 + > ``` + +**修改配置文件示例** + +> 打开配置文件 + +```shell +vim /etc/aops/apollo_crontab.ini +``` + +> 修改定时任务执行时机 + +```ini +[cve_scan] +id = cve scan +day_of_week = 5 +hour = 2 +auto_start = true +``` + +### 7.2 定时下载安全公告 + +相同字段含义和使用与[cve_scan]一样。 + +- cvrf_url + + > 获取安全公告详细信息的基础url,**暂不支持修改。** + +### 7.3 定时校正异常数据 + +相同字段含义和使用与[cve_scan]一样。 + +- service_timeout_threshold_min + + > 判断异常数据的阈值,取值为正整数,建议最小值为15。 + +**修改配置文件示例** + +> 打开配置文件 + +```shell +vim /etc/aops/apollo_crontab.ini +``` + +> 设置异常数据阈值 + +```ini +service_timeout_threshold_min = 15 +``` diff --git "a/docs/zh/docs/A-Ops/\347\244\276\345\214\272\347\203\255\350\241\245\344\270\201\345\210\266\344\275\234\345\217\221\345\270\203\346\265\201\347\250\213.md" b/docs/zh/docs/server/maintenance/aops/community-hotpatch-creation-and-release-process.md similarity index 97% rename from "docs/zh/docs/A-Ops/\347\244\276\345\214\272\347\203\255\350\241\245\344\270\201\345\210\266\344\275\234\345\217\221\345\270\203\346\265\201\347\250\213.md" rename to docs/zh/docs/server/maintenance/aops/community-hotpatch-creation-and-release-process.md index 067eb5ed716a793c24bd494baf9f4ba88c7f70a9..2cea45c7b8fd73704f2d623698ee2ce2327b8775 100644 --- "a/docs/zh/docs/A-Ops/\347\244\276\345\214\272\347\203\255\350\241\245\344\270\201\345\210\266\344\275\234\345\217\221\345\270\203\346\265\201\347\250\213.md" +++ b/docs/zh/docs/server/maintenance/aops/community-hotpatch-creation-and-release-process.md @@ -1,299 +1,299 @@ - - -# 社区热补丁制作发布流程 - -## 制作内核态/用户态热补丁 - -> 热补丁仓库: - -### 场景1. 在src-openEuler/openEuler仓下评论pr制作新版本热补丁 - -> 制作内核态热补丁需在**openEuler/kernel**仓评论pr。 -> -> 制作用户态热补丁需在src-openEuler仓评论pr,现在支持**src-openEuler/openssl,src-openEuler/glibc,src-openEuler/systemd**。 - -##### 1. 在已合入pr下评论制作热补丁 - -- 从src-openeuler仓【支持openssl, glibc, systemd】评论已合入pr制作新版本热补丁。 -``` -/makehotpatch [软件包版本号] [ACC/SGL] [patch list] [cve/bugfix/feature] [issue id] [os_branch] -``` - -命令说明:使用多个patch用','分隔,需注意patch的先后顺序。 - -![image-20230629114903593](./image/src-openEuler仓评论.png) - -- 从openeuler仓【支持kernel】评论已合入pr制作新版本热补丁。 - -``` -/makehotpatch [软件包版本号] [ACC/SGL] [cve/bugfix/feature] [issue id] [os_branch] -``` - -![image-20230816105443658](./image/src-openEuler仓评论.png) - -评论后,门禁触发hotpatch_meta仓创建热补丁issue以及同步该pr。 - - - -##### 2. hotpatch_metadata仓自动创建热补丁issue、同步该pr - -pr评论区提示启动热补丁制作流程。 - -![image-20230816105627657](./image/启动热补丁工程流程.png) - -随后,hotpatch_meta仓自动创建热补丁issue,并在hotpatch_meta仓同步该pr。 - -> 热补丁issue用于跟踪热补丁制作流程。 -> -> hotpatch_meta仓用于触发制作热补丁。 - -![image-20230816105850831](./image/热补丁issue链接和pr链接.png) - -点击查看热补丁issue链接内容。 - - -![image-20230816110430216](./image/热补丁issue初始内容.png) - - - -点击查看在hotpatch_meta仓自动创建的pr。 - -![image-20230816110637492](./image/hotpatch-fix-pr.png) - -##### 3. 触发制作热补丁 - -打开hotpatch_meta仓自动创建的pr,评论区可以查看热补丁制作信息。 - -![image-20230816110919823](./image/热补丁pr触发流程.png) - -查看热补丁制作结果。 - -如果热补丁制作失败,可以根据相关日志信息、下载chroot环境自行修改patch进行调试,重新修改pr提交后或者评论 /retest直到热补丁可以被成功制作。 - -![image-20230816111330743](./image/热补丁pr制作失败.png) - -![image-20230816111452301](./image/热补丁pr的chroot环境.png) - -如果热补丁制作成功,可以通过Download link下载热补丁进行自验。 - -![image-20230816111007667](./image/热补丁pr制作结果.png) - -打开Download link链接。 - -![image-20230816112118423](./image/热补丁自验下载链接.png) - -进入Packages目录,可以下载制作成功的热补丁。 - -![image-20230816112420115](./image/热补丁自验包下载链接.png) - -**若热补丁制作成功,可以对热补丁进行审阅**。 - - - -### 场景2、从hotpatch_meta仓提pr制作新版本热补丁 - -> hotpatch_meta仓地址:https://gitee.com/openeuler/hotpatch_meta - -##### 1. 提pr - -在hotpatch_metadata仓提pr。 - -(1)阅读readme,根据热补丁issue模版和元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml模板创建热补丁。 - -![image-20230817095228204](./image/热补丁仓提pr说明.png) - -pr内容: - -- patch文件。 -- 如果没有相应热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件,则手动创建;否则修改热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件。 - - - -##### 2. 触发制作热补丁 - -**若热补丁制作成功,可以对热补丁进行审阅**。 - - - -### 场景3、从hotpatch_metadata仓提pr修改热补丁 - -> hotpatch_meta仓地址:https://gitee.com/openeuler/hotpatch_meta -> -> 从hotpatch_meta仓提pr只能修改还未正式发布的热补丁。 - -##### 1. 提pr - -在hotpatch_meta仓提pr。 - -(1)如果修改过程涉及元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml文件内容变动,请阅读readme,按照元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml模板进行修改。 - -![image-20230817095228204](./image/热补丁仓提pr说明.png) - -> 如果需要修改元数据文件中的热补丁issue字段内容,请确保添加的热补丁Issue已经存在。 -> 用户不允许修改热补丁元数据文件中已被正式发布的热补丁的相关内容。 - - - -pr内容: - -- patch文件。 -- 修改热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件。 - - - -##### 2. 触发制作热补丁 - -**若热补丁制作成功,可以对热补丁进行审阅**。 - - - - -## 审阅热补丁 - -##### 1. 审阅热补丁pr - -确认可发布,合入pr。 - -![image-20230816112957179](./image/同意合入pr.png) - -##### 2. pr合入,回填热补丁issue - -自动在热补丁issue页面补充热补丁路径,包含src.rpm/arm架构/x86架构的rpm包,以及对应hotpatch.xml,用于展示热补丁信息。 - -> 如果一个架构失败,强行合入,也可只发布单架构的包。 - -![image-20230816115813395](./image/热补丁issue回填.png) - -- 查看热补丁元数据内容。 - -> 热补丁元数据用于管理查看热补丁相关历史制作信息。 - -hotmetadata_ACC.xml格式示例: - -```xml - - - Managing Hot Patch Metadata - - - - 源码包下载路径(需要reealse正式路径) - x86_64架构debuginfo包下载路径(需要reealse正式路径) - aarch64架构debuginfo包下载路径(需要reealse正式路径) - 本次需要制作热补丁的patch包名1 - 本次需要制作热补丁的patch包名2 - ... - - - - 热补丁issue链接 - - - - -``` - -hotmetadata_SGL.xml格式示例: - -```xml - - - Managing Hot Patch Metadata - - - - 源码包下载路径(需要realse正式路径) - x86_64架构debuginfo包下载路径(需要reealse正式路径) - aarch64架构debuginfo包下载路径(需要reealse正式路径) - 本次需要制作热补丁的patch包名1 - 本次需要制作热补丁的patch包名2 - ... - - - - 热补丁issue链接 - - - - -``` - -> 注意:src_rpm的download_link均来自openeuler的repo仓下正式发布的rpm包。 - -![image-20230817100308392](./image/ACC的hotpatchmetadata文件示例.png) - -##### 3. 修改热补丁Issue - -- 将热补丁issue状态修改为”已完成“。 -- 为热补丁issue添加hotpatch标签。 - - - -## 发布热补丁 - -##### 1、收集热补丁发布需求 - -在release-management仓库每周update需求收集的issue下方,手动评论start-update命令,此时会收集待发布的热补丁和待发布的修复cve的冷补丁。后台会在hotpatch_meta仓库根据hotpatch标签查找已完成的热补丁issue。 - -##### 2、生成热补丁安全公告 - -社区根据收集到的热补丁issue信息,生成热补丁安全公告xml文件。 - -> 热补丁安全公告地址: - -- 在热补丁安全公告文件新增HotPatchTree字段,记录和公告相关漏洞的热补丁,每个补丁按架构和CVE字段区分(Type=ProductName 记录分支,Type=ProductArch 记录补丁具体的rpm包)。 - -![image-20230908163914778](./image/image-20230908163914778.png) - -##### 3、Majun平台上传文件到openEuler官网,同步生成updateinfo.xml文件 - -社区将生成的安全公告上传到openEuler官网,同时基于所收集的热补丁信息生成updateinfo.xml文件。 - -![image-20230908164216528](./image/image-20230908164216528.png) - -updateinfo.xml文件样例: - -```xml - - - - openEuler-HotPatchSA-2023-1001 - An update for kernel is now available for openEuler-22.03-LTS-SP3 - Important - openEuler - - - - - A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).(CVE-2023-3389) - - - openEuler - - patch-kernel-5.10.0-153.12.0.92.oe2203sp3-ACC-1-1.aarch64.rpm - - - patch-kernel-5.10.0-153.12.0.92.oe2203sp3-ACC-1-1.x86_64.rpm - - - - - -``` - - - -##### 4、openEuler官网可以查看更新的热补丁信息 - -> openEuler官网安全公告: - -以”HotpatchSA“关键词搜索热补丁安全公告,打开安全公告查看发布热补丁详细信息。 - -![image-20230908163402743](./image/image-20230908163402743.png) - - - -##### 5、获取热补丁相关文件 - -社区将热补丁相关文件同步至openEuler的repo源下,可以在各个分支的hotpatch_update目录下获取相应文件。 -> openEuler的repo地址: + + +# 社区热补丁制作发布流程 + +## 制作内核态/用户态热补丁 + +> 热补丁仓库: + +### 场景1. 在src-openEuler/openEuler仓下评论pr制作新版本热补丁 + +> 制作内核态热补丁需在**openEuler/kernel**仓评论pr。 +> +> 制作用户态热补丁需在src-openEuler仓评论pr,现在支持**src-openEuler/openssl,src-openEuler/glibc,src-openEuler/systemd**。 + +##### 1. 在已合入pr下评论制作热补丁 + +- 从src-openeuler仓【支持openssl, glibc, systemd】评论已合入pr制作新版本热补丁。 +``` +/makehotpatch [软件包版本号] [ACC/SGL] [patch list] [cve/bugfix/feature] [issue id] [os_branch] +``` + +命令说明:使用多个patch用','分隔,需注意patch的先后顺序。 + +![image-20230629114903593](./image/src-openEuler仓评论.png) + +- 从openeuler仓【支持kernel】评论已合入pr制作新版本热补丁。 + +``` +/makehotpatch [软件包版本号] [ACC/SGL] [cve/bugfix/feature] [issue id] [os_branch] +``` + +![image-20230816105443658](./image/src-openEuler仓评论.png) + +评论后,门禁触发hotpatch_meta仓创建热补丁issue以及同步该pr。 + + + +##### 2. hotpatch_metadata仓自动创建热补丁issue、同步该pr + +pr评论区提示启动热补丁制作流程。 + +![image-20230816105627657](./image/启动热补丁工程流程.png) + +随后,hotpatch_meta仓自动创建热补丁issue,并在hotpatch_meta仓同步该pr。 + +> 热补丁issue用于跟踪热补丁制作流程。 +> +> hotpatch_meta仓用于触发制作热补丁。 + +![image-20230816105850831](./image/热补丁issue链接和pr链接.png) + +点击查看热补丁issue链接内容。 + + +![image-20230816110430216](./image/热补丁issue初始内容.png) + + + +点击查看在hotpatch_meta仓自动创建的pr。 + +![image-20230816110637492](./image/hotpatch-fix-pr.png) + +##### 3. 触发制作热补丁 + +打开hotpatch_meta仓自动创建的pr,评论区可以查看热补丁制作信息。 + +![image-20230816110919823](./image/热补丁pr触发流程.png) + +查看热补丁制作结果。 + +如果热补丁制作失败,可以根据相关日志信息、下载chroot环境自行修改patch进行调试,重新修改pr提交后或者评论 /retest直到热补丁可以被成功制作。 + +![image-20230816111330743](./image/热补丁pr制作失败.png) + +![image-20230816111452301](./image/热补丁pr的chroot环境.png) + +如果热补丁制作成功,可以通过Download link下载热补丁进行自验。 + +![image-20230816111007667](./image/热补丁pr制作结果.png) + +打开Download link链接。 + +![image-20230816112118423](./image/热补丁自验下载链接.png) + +进入Packages目录,可以下载制作成功的热补丁。 + +![image-20230816112420115](./image/热补丁自验包下载链接.png) + +**若热补丁制作成功,可以对热补丁进行审阅**。 + + + +### 场景2、从hotpatch_meta仓提pr制作新版本热补丁 + +> hotpatch_meta仓地址:https://gitee.com/openeuler/hotpatch_meta + +##### 1. 提pr + +在hotpatch_metadata仓提pr。 + +(1)阅读readme,根据热补丁issue模版和元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml模板创建热补丁。 + +![image-20230817095228204](./image/热补丁仓提pr说明.png) + +pr内容: + +- patch文件。 +- 如果没有相应热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件,则手动创建;否则修改热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件。 + + + +##### 2. 触发制作热补丁 + +**若热补丁制作成功,可以对热补丁进行审阅**。 + + + +### 场景3、从hotpatch_metadata仓提pr修改热补丁 + +> hotpatch_meta仓地址:https://gitee.com/openeuler/hotpatch_meta +> +> 从hotpatch_meta仓提pr只能修改还未正式发布的热补丁。 + +##### 1. 提pr + +在hotpatch_meta仓提pr。 + +(1)如果修改过程涉及元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml文件内容变动,请阅读readme,按照元数据文件hotmetadata_ACC.xml/hotmetadata_SGL.xml模板进行修改。 + +![image-20230817095228204](./image/热补丁仓提pr说明.png) + +> 如果需要修改元数据文件中的热补丁issue字段内容,请确保添加的热补丁Issue已经存在。 +> 用户不允许修改热补丁元数据文件中已被正式发布的热补丁的相关内容。 + + + +pr内容: + +- patch文件。 +- 修改热补丁元数据hotmetadata_ACC.xml/hotmetadata_SGL.xml文件。 + + + +##### 2. 触发制作热补丁 + +**若热补丁制作成功,可以对热补丁进行审阅**。 + + + + +## 审阅热补丁 + +##### 1. 审阅热补丁pr + +确认可发布,合入pr。 + +![image-20230816112957179](./image/同意合入pr.png) + +##### 2. pr合入,回填热补丁issue + +自动在热补丁issue页面补充热补丁路径,包含src.rpm/arm架构/x86架构的rpm包,以及对应hotpatch.xml,用于展示热补丁信息。 + +> 如果一个架构失败,强行合入,也可只发布单架构的包。 + +![image-20230816115813395](./image/热补丁issue回填.png) + +- 查看热补丁元数据内容。 + +> 热补丁元数据用于管理查看热补丁相关历史制作信息。 + +hotmetadata_ACC.xml格式示例: + +```xml + + + Managing Hot Patch Metadata + + + + 源码包下载路径(需要reealse正式路径) + x86_64架构debuginfo包下载路径(需要reealse正式路径) + aarch64架构debuginfo包下载路径(需要reealse正式路径) + 本次需要制作热补丁的patch包名1 + 本次需要制作热补丁的patch包名2 + ... + + + + 热补丁issue链接 + + + + +``` + +hotmetadata_SGL.xml格式示例: + +```xml + + + Managing Hot Patch Metadata + + + + 源码包下载路径(需要realse正式路径) + x86_64架构debuginfo包下载路径(需要reealse正式路径) + aarch64架构debuginfo包下载路径(需要reealse正式路径) + 本次需要制作热补丁的patch包名1 + 本次需要制作热补丁的patch包名2 + ... + + + + 热补丁issue链接 + + + + +``` + +> 注意:src_rpm的download_link均来自openeuler的repo仓下正式发布的rpm包。 + +![image-20230817100308392](./image/ACC的hotpatchmetadata文件示例.png) + +##### 3. 修改热补丁Issue + +- 将热补丁issue状态修改为”已完成“。 +- 为热补丁issue添加hotpatch标签。 + + + +## 发布热补丁 + +##### 1、收集热补丁发布需求 + +在release-management仓库每周update需求收集的issue下方,手动评论start-update命令,此时会收集待发布的热补丁和待发布的修复cve的冷补丁。后台会在hotpatch_meta仓库根据hotpatch标签查找已完成的热补丁issue。 + +##### 2、生成热补丁安全公告 + +社区根据收集到的热补丁issue信息,生成热补丁安全公告xml文件。 + +> 热补丁安全公告地址: + +- 在热补丁安全公告文件新增HotPatchTree字段,记录和公告相关漏洞的热补丁,每个补丁按架构和CVE字段区分(Type=ProductName 记录分支,Type=ProductArch 记录补丁具体的rpm包)。 + +![image-20230908163914778](./image/image-20230908163914778.png) + +##### 3、Majun平台上传文件到openEuler官网,同步生成updateinfo.xml文件 + +社区将生成的安全公告上传到openEuler官网,同时基于所收集的热补丁信息生成updateinfo.xml文件。 + +![image-20230908164216528](./image/image-20230908164216528.png) + +updateinfo.xml文件样例: + +```xml + + + + openEuler-HotPatchSA-2023-1001 + An update for kernel is now available for openEuler-22.03-LTS-SP3 + Important + openEuler + + + + + A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).(CVE-2023-3389) + + + openEuler + + patch-kernel-5.10.0-153.12.0.92.oe2203sp3-ACC-1-1.aarch64.rpm + + + patch-kernel-5.10.0-153.12.0.92.oe2203sp3-ACC-1-1.x86_64.rpm + + + + + +``` + + + +##### 4、openEuler官网可以查看更新的热补丁信息 + +> openEuler官网安全公告: + +以”HotpatchSA“关键词搜索热补丁安全公告,打开安全公告查看发布热补丁详细信息。 + +![image-20230908163402743](./image/image-20230908163402743.png) + + + +##### 5、获取热补丁相关文件 + +社区将热补丁相关文件同步至openEuler的repo源下,可以在各个分支的hotpatch_update目录下获取相应文件。 +> openEuler的repo地址: diff --git "a/docs/zh/docs/A-Ops/\351\205\215\347\275\256\346\272\257\346\272\220\346\234\215\345\212\241\344\275\277\347\224\250\346\211\213\345\206\214.md" b/docs/zh/docs/server/maintenance/aops/configuration-tracing-service-user-manual.md similarity index 100% rename from "docs/zh/docs/A-Ops/\351\205\215\347\275\256\346\272\257\346\272\220\346\234\215\345\212\241\344\275\277\347\224\250\346\211\213\345\206\214.md" rename to docs/zh/docs/server/maintenance/aops/configuration-tracing-service-user-manual.md diff --git "a/docs/zh/docs/A-Ops/AOps\351\203\250\347\275\262\346\214\207\345\215\227.md" b/docs/zh/docs/server/maintenance/aops/deploying-aops.md similarity index 100% rename from "docs/zh/docs/A-Ops/AOps\351\203\250\347\275\262\346\214\207\345\215\227.md" rename to docs/zh/docs/server/maintenance/aops/deploying-aops.md diff --git "a/docs/zh/docs/A-Ops/dnf\346\217\222\344\273\266\345\221\275\344\273\244\344\275\277\347\224\250\346\211\213\345\206\214.md" b/docs/zh/docs/server/maintenance/aops/dnf-command-usage.md similarity index 98% rename from "docs/zh/docs/A-Ops/dnf\346\217\222\344\273\266\345\221\275\344\273\244\344\275\277\347\224\250\346\211\213\345\206\214.md" rename to docs/zh/docs/server/maintenance/aops/dnf-command-usage.md index 16232a6d68f729b46a9c33a086283fa30bfe7646..2c77d1772b84f17c396b48fd5704496ad937c1de 100644 --- "a/docs/zh/docs/A-Ops/dnf\346\217\222\344\273\266\345\221\275\344\273\244\344\275\277\347\224\250\346\211\213\345\206\214.md" +++ b/docs/zh/docs/server/maintenance/aops/dnf-command-usage.md @@ -1,739 +1,739 @@ -# dnf插件命令使用手册 -将dnf-hotpatch-plugin安装部署完成后,可使用dnf命令调用A-ops ceres中的冷/热补丁操作,命令包含热补丁扫描(dnf hot-updateinfo),热补丁状态设置及查询(dnf hotpatch ),热补丁应用(dnf hotupgrade),内核升级前kabi检查(dnf upgrade-en)。本文将介绍上述命令的具体使用方法。 - ->热补丁包括ACC/SGL(accumulate/single)类型 -> ->- ACC:增量补丁。目标高版本热补丁包含低版本热补丁所修复问题。 ->- SGL_xxx:单独补丁,xxx为issue id,如果有多个issue id,用多个'_'拼接。目标修复issue id相关问题。 - -## 热补丁扫描 -`dnf hot-updateinfo`命令支持扫描热补丁并指定cve查询相关热补丁,命令使用方式如下: -```shell -dnf hot-updateinfo list cves [--available(default) | --installed] [--cve [cve_id]] - -General DNF options: - -h, --help, --help-cmd - show command help - --cve CVES, --cves CVES - Include packages needed to fix the given CVE, in updates -Hot-updateinfo command-specific options: - --available - cves about newer versions of installed packages - (default) - --installed - cves about equal and older versions of installed packages -``` - -- `list cves` - -1、查询主机所有可修复的cve和对应的冷/热补丁。 - -```shell -[root@localhost ~]# dnf hot-updateinfo list cves -# cve-id level cold-patch hot-patch -Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. -CVE-2022-30594 Important/Sec. kernel-4.19.90-2206.1.0.0153.oe1.x86_64 patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 -CVE-2023-1111 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 -CVE-2023-1112 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 -CVE-2023-1111 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-SGL_CVE_2023_1111_CVE_2023_1112-1-1.x86_64 -``` - -2、查询主机所有已修复的cve和对应的冷/热补丁 - -```shell -[root@localhost ~]# dnf hot-updateinfo list cves --installed -# cve-id level cold-patch hot-patch -Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. -CVE-2022-36298 Important/Sec. - patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_36298-1-1.x86_64 -``` - -2、指定cve查询对应的可修复冷/热补丁。 - -```shell -[root@localhost ~]# dnf hot-updateinfo list cves --cve CVE-2022-30594 -# cve-id level cold-patch hot-patch -Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. -CVE-2022-30594 Important/Sec. kernel-4.19.90-2206.1.0.0153.oe1.x86_64 patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 -``` - -3、cve不存在时列表为空。 -```shell -[root@localhost ~]# dnf hot-updateinfo list cves --cve CVE-2022-3089 -# cve-id level cold-patch hot-patch -Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. -``` - -## 热补丁状态及转换图 - -- 热补丁状态图 - - NOT-APPLIED: 热补丁尚未应用。 - - DEACTIVED: 热补丁未被激活。 - - ACTIVED: 热补丁已被激活。 - - ACCEPTED: 热补丁已被激活,后续重启后会被自动应用激活。 - - ![热补丁状态转换图](./figures/syscare热补丁状态图.png) - - -## 热补丁状态查询和切换 -`dnf hotpatch`命令支持查询、切换热补丁的状态,命令使用方式如下: - -```shell -dnf hotpatch - -General DNF options: - -h, --help, --help-cmd - show command help - --cve CVES, --cves CVES - Include packages needed to fix the given CVE, in updates - -Hotpatch command-specific options: - --list [{cve, cves}] show list of hotpatch - --apply APPLY_NAME apply hotpatch - --remove REMOVE_NAME remove hotpatch - --active ACTIVE_NAME active hotpatch - --deactive DEACTIVE_NAME - deactive hotpatch - --accept ACCEPT_NAME accept hotpatch -``` -- 使用`dnf hotpatch`命令查询热补丁状态 - - - 使用`dnf hotpatch --list`命令查询当前系统中可使用的热补丁状态并展示。 - - ```shell - [root@localhost ~]# dnf hotpatch --list - Last metadata expiration check: 0:09:25 ago on 2023年12月29日 星期五 10时26分45秒. - base-pkg/hotpatch status - kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED - ``` - - - 使用`dnf hotpatch --list cves`查询漏洞(CVE-id)对应热补丁及其状态并展示。 - - ```shell - [root@openEuler ~]# dnf hotpatch --list cves - Last metadata expiration check: 0:11:05 ago on 2023年12月29日 星期五 10时26分45秒. - CVE-id base-pkg/hotpatch status - CVE-2022-30594 kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED - ``` - - - `dnf hotpatch --list cves --cve `筛选指定CVE对应的热补丁及其状态并展示。 - - ```shell - [root@openEuler ~]# dnf hotpatch --list cves --cve CVE-2022-30594 - Last metadata expiration check: 0:12:25 ago on 2023年12月29日 星期五 10时26分45秒. - CVE-id base-pkg/hotpatch status - CVE-2022-30594 kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED - ``` - - - 使用`dnf hotpatch --list cves --cve `查询无结果时展示为空。 - - ```shell - [root@openEuler ~]# dnf hotpatch --list cves --cve CVE-2023-1 - Last metadata expiration check: 0:13:11 ago on 2023年12月29日 星期五 10时26分45秒. - ``` - -- 使用`dnf hotpatch --apply `命令应用热补丁,可使用 `dnf hotpatch --list`查询应用后的状态变化,变化逻辑见上文的热补丁状态转换图。 - -```shell -[root@openEuler ~]# dnf hotpatch --list -Last metadata expiration check: 0:13:55 ago on 2023年12月29日 星期五 10时26分45秒. -base-pkg/hotpatch status -kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED -[root@openEuler ~]# dnf hotpatch --apply kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 -Last metadata expiration check: 0:15:37 ago on 2023年12月29日 星期五 10时26分45秒. -Gonna apply this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 -apply hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed -[root@openEuler ~]# dnf hotpatch --list -Last metadata expiration check: 0:16:20 ago on 2023年12月29日 星期五 10时26分45秒. -base-pkg/hotpatch status -kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACTIVED -``` -- 使用`dnf hotpatch --deactive `停用热补丁,可使用`dnf hotpatch --list`查询停用后的状态变化,变化逻辑见上文的热补丁状态转换图。 - -```shell -[root@openEuler ~]# dnf hotpatch --deactive kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 -Last metadata expiration check: 0:19:00 ago on 2023年12月29日 星期五 10时26分45秒. -Gonna deactive this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 -deactive hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed -[root@openEuler ~]# dnf hotpatch --list -Last metadata expiration check: 0:19:12 ago on 2023年12月29日 星期五 10时26分45秒. -base-pkg/hotpatch status -kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux DEACTIVED -``` -- 使用`dnf hotpatch --remove `删除热补丁,可使用`dnf hotpatch --list`查询删除后的状态变化,变化逻辑见上文的热补丁状态转换图。 - -```shell -[root@openEuler ~]# dnf hotpatch --remove kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 -Last metadata expiration check: 0:20:12 ago on 2023年12月29日 星期五 10时26分45秒. -Gonna remove this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 -remove hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed -[root@openEuler ~]# dnf hotpatch --list -Last metadata expiration check: 0:20:23 ago on 2023年12月29日 星期五 10时26分45秒. -base-pkg/hotpatch status -kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED -``` -- 使用`dnf hotpatch --active `激活热补丁,可使用`dnf hotpatch --list`查询激活后的状态变化,变化逻辑见上文的热补丁状态转换图。 - -```shell -[root@openEuler ~]# dnf hotpatch --active kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 -Last metadata expiration check: 0:15:37 ago on 2023年12月29日 星期五 10时26分45秒. -Gonna active this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 -active hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed -[root@openEuler ~]# dnf hotpatch --list -Last metadata expiration check: 0:16:20 ago on 2023年12月29日 星期五 10时26分45秒. -base-pkg/hotpatch status -kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACTIVED -``` -- 使用`dnf hotpatch --accept `接收热补丁,可使用`dnf hotpatch --list`查询接收后的状态变化,变化逻辑见上文的热补丁状态转换图。 - -```shell -[root@openEuler ~]# dnf hotpatch --accept kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 -Last metadata expiration check: 0:14:19 ago on 2023年12月29日 星期五 10时47分38秒. -Gonna accept this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 -accept hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed -[root@openEuler ~]# dnf hotpatch --list -Last metadata expiration check: 0:14:34 ago on 2023年12月29日 星期五 10时47分38秒. -base-pkg/hotpatch status -kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACCEPTED -``` - - -## 热补丁应用 -`hotupgrade`命令根据cve id和热补丁名称进行热补丁修复,同时也支持全量修复。命令使用方式如下: -```shell -dnf hotupgrade [--cve [cve_id]] [PACKAGE ...] [--takeover] [-f] - -General DNF options: - -h, --help, --help-cmd - show command help - --cve CVES, --cves CVES - Include packages needed to fix the given CVE, in updates - -command-specific options: - --takeover - kernel cold patch takeover operation - -f - force retain kernel rpm package if kernel kabi check fails - PACKAGE - Package to upgrade -``` - -- 使用`dnf hotupgrade PACKAGE`安装目标热补丁。 - - - 使用`dnf hotupgrade PACKAGE`安装目标热补丁 - - ```shell - [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 - Last metadata expiration check: 0:26:25 ago on 2023年12月29日 星期五 10时47分38秒. - Dependencies resolved. - xxxx(Install messgaes) - Is this ok [y/N]: y - Downloading Packages: - xxxx(Install process) - Complete! - Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. - ``` - - - 当目标热补丁已经应用激活,使用`dnf hotupgrade PACKAGE`安装目标热补丁 - - ```shell - [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 - Last metadata expiration check: 0:28:35 ago on 2023年12月29日 星期五 10时47分38秒. - The hotpatch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'vmlinux' - Package patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 is already installed. - Dependencies resolved. - Nothing to do. - Complete! - ``` - - - 使用`dnf hotupgrade PACKAGE`安装目标热补丁,自动卸载激活失败的热补丁。 - - ```shell - [root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-1.x86_64 - Last metadata expiration check: 0:30:30 ago on 2023年12月29日 星期五 10时47分38秒. - Dependencies resolved. - xxxx(Install messgaes) - Is this ok [y/N]: y - Downloading Packages: - xxxx(Install process) - Complete! - Apply hot patch failed: redis-6.2.5-1/ACC-1-1. - Error: Operation failed - - Caused by: - 0. Transaction "Apply patch 'redis-6.2.5-1/ACC-1-1'" failed - - Caused by: - Cannot match any patch named "redis-6.2.5-1/ACC-1-1" - - Gonna remove unsuccessfully activated hotpatch rpm. - Remove package succeed: patch-redis-6.2.5-1-ACC-1-1.x86_64. - ``` - -- 使用`--cve `指定cve_id安装CVE对应的热补丁 - - - 使用`dnf hotupgrade --cve CVE-2022-30594`安装CVE对应的热补丁 - - ```shell - [root@openEuler ~]# dnf hotupgrade --cve CVE-2022-30594 - Last metadata expiration check: 0:26:25 ago on 2023年12月29日 星期五 10时47分38秒. - Dependencies resolved. - xxxx(Install messgaes) - Is this ok [y/N]: y - Downloading Packages: - xxxx(Install process) - Complete! - Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. - ``` - - - 使用`dnf hotupgrade --cve CVE-2022-2021`安装CVE对应的热补丁,对应的CVE不存在。 - - ```shell - [root@openEuler ~]# dnf hotupgrade --cve CVE-2022-2021 - Last metadata expiration check: 1:37:44 ago on 2023年12月29日 星期五 13时49分39秒. - The cve doesn't exist or cannot be fixed by hotpatch: CVE-2022-2021 - No hot patches marked for install. - Dependencies resolved. - Nothing to do. - Complete! - ``` - - - 使用`dnf hotupgrade --cve `指定cve_id安装时,该CVE对应的ACC低版本热补丁已安装时,删除低版本热补丁,安装高版本ACC热补丁包。 - - ```shell - [root@openEuler ~]# dnf hotupgrade --cve CVE-2023-1070 - Last metadata expiration check: 0:00:48 ago on 2024年01月02日 星期二 11时21分55秒. - Dependencies resolved. - xxxx(Install messgaes) - Is this ok [y/N]: y - Downloading Packages: - xxxx (Install messages and process upgrade) - Complete! - Apply hot patch succeed: kernel-5.10.0-153.12.0.92.oe2203sp2/ACC-1-3. - [root@openEuler tmp]# - ``` - - - 指定cve_id安装时,该CVE对应的最高版本热补丁包已存在 - - ```shell - [root@openEuler ~]# dnf hotupgrade --cve CVE-2023-1070 - Last metadata expiration check: 1:37:44 ago on 2023年12月29日 星期五 13时49分39秒. - The cve doesn't exist or cannot be fixed by hotpatch: CVE-2023-1070 - No hot patches marked for install. - Dependencies resolved. - Nothing to do. - Complete! - ``` - -- 使用`dnf hotupgrade`进行热补丁全量修复 - - 热补丁未安装时,使用`dnf hotupgrade`命令安装所有可安装热补丁。 - - - 当部分热补丁已经安装时,使用`dnf hotupgrade`命令进行全量修复,将保留已安装的热补丁,然后安装其他热补丁 - -- 使用`--takeover`进行内核热补丁收编 - - - 使用`dnf hotupgrade PACKAGE --takeover`安装热补丁,收编相应内核冷补丁;由于目标内核冷补丁kabi检查失败,进行自动卸载;accept热补丁,使热补丁重启后仍旧生效;恢复内核默认引导启动项。 - - ```shell - [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 --takeover - Last metadata expiration check: 2:23:22 ago on 2023年12月29日 星期五 13时49分39秒. - Gonna takeover kernel cold patch: ['kernel-4.19.90-2206.1.0.0153.oe1.x86_64'] - Dependencies resolved. - xxxx(Install messgaes) - Is this ok [y/N]: y - xxxx(Install process) - Complete! - Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. - Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: - [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. - Failed modules are as follows: - No. Module Difference - 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 - 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 - 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f - Gonna remove kernel-4.19.90-2206.1.0.0153.oe1.x86_64 due to Kabi check failed. - Rebuild rpm database succeed. - Remove package succeed: kernel-4.19.90-2206.1.0.0153.oe1.x86_64. - Restore the default boot kernel succeed: kernel-4.19.90-2112.8.0.0131.oe1.x86_64. - No available kernel cold patch for takeover, gonna accept available kernel hot patch. - Accept hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. - ``` - - - 使用`dnf hotupgrade PACKAGE --takeover -f`安装热补丁,如果内核冷补丁kabi检查未通过,使用`-f`强制保留内核冷补丁 - - ```shell - [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 --takeover - Last metadata expiration check: 2:23:22 ago on 2023年12月29日 星期五 13时49分39秒. - Gonna takeover kernel cold patch: ['kernel-4.19.90-2206.1.0.0153.oe1.x86_64'] - Dependencies resolved. - xxxx(Install messgaes) - Is this ok [y/N]: y - xxxx(Install process) - Complete! - Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. - Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: - [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. - Failed modules are as follows: - No. Module Difference - 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 - 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 - 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f - ``` - - -## 内核升级前kabi检查 - -`dnf upgrade-en` 命令支持内核冷补丁升级前kabi检查,命令使用方式如下: - -```shell -dnf upgrade-en [PACKAGE] [--cve [cve_id]] - -upgrade with KABI(Kernel Application Binary Interface) check. If the loaded -kernel modules have KABI compatibility with the new version kernel rpm, the -kernel modules can be installed and used in the new version kernel without -recompling. - -General DNF options: - -h, --help, --help-cmd - show command help - --cve CVES, --cves CVES - Include packages needed to fix the given CVE, in updates -Upgrade-en command-specific options: - PACKAGE - Package to upgrade -``` - -- 使用`dnf upgrade-en PACKAGE`安装目标冷补丁 - - - 使用`dnf upgrade-en`安装目标冷补丁,kabi检查未通过,输出kabi差异性报告,自动卸载目标升级kernel包。 - - ```shell - [root@openEuler ~]# dnf upgrade-en kernel-4.19.90-2206.1.0.0153.oe1.x86_64 - Last metadata expiration check: 1:51:54 ago on 2023年12月29日 星期五 13时49分39秒. - Dependencies resolved. - xxxx(Install messgaes) - Is this ok [y/N]: y - Downloading Packages: - xxxx(Install process) - Complete! - Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: - [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. - Failed modules are as follows: - No. Module Difference - 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 - 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 - 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f - kvm_apic_write_nodecode : 0x56c989a1 != 0x24c9db31 - kvm_complete_insn_gp : 0x99c2d256 != 0xcd8014bd - Gonna remove kernel-4.19.90-2206.1.0.0153.oe1.x86_64 due to kabi check failed. - Rebuild rpm database succeed. - Remove package succeed: kernel-4.19.90-2206.1.0.0153.oe1.x86_64. - Restore the default boot kernel succeed: kernel-4.19.90-2112.8.0.0131.oe1.x86_64. - ``` - - - 使用`dnf upgrade-en`安装目标冷补丁,kabi检查通过 - - ```shell - [root@openEuler ~]# dnf upgrade-en kernel-4.19.90-2201.1.0.0132.oe1.x86_64 - Last metadata expiration check: 2:02:10 ago on 2023年12月29日 星期五 13时49分39秒. - Dependencies resolved. - xxxx(Install messgaes) - Is this ok [y/N]: y - Downloading Packages: - xxxx(Install process) - Complete! - Kabi check for kernel-4.19.90-2201.1.0.0132.oe1.x86_64: - [Success] Here are 81 loaded kernel modules in this system, 81 pass, 0 fail. - ``` - -- 使用`dnf upgrade-en` 进行全量修复 - -​ 全量修复如果包含目标kernel的升级,输出根据不同的kabi检查情况与`dnf upgrade-en PACKAGE`命令相同。 - -## 使用场景说明 - -本段落介绍上述命令的使用场景及顺序介绍,需要提前确认本机的热补丁repo源和相应冷补丁repo源已开启。 - -- 热补丁修复。 - -使用热补丁扫描命令查看本机待修复cve。 - -```shell -[root@openEuler ~]# dnf hot-updateinfo list cves -Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. -CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - -CVE-2021-1 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 -CVE-2021-11 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 -CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 -CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 -CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -``` - -找到提供热补丁的相应cve,发现CVE-2021-1、CVE-2021-11、CVE-2021-2和CVE-2021-22可用热补丁修复。 - -在安装补丁前测试功能,基于redis.conf配置文件启动redis服务。 -```shell -[root@openEuler ~]# sudo redis-server ./redis.conf & -[1] 285075 -[root@openEuler ~]# 285076:C 25 Mar 2023 12:09:51.503 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo -285076:C 25 Mar 2023 12:09:51.503 # Redis version=255.255.255, bits=64, commit=00000000, modified=0, pid=285076, just started -285076:C 25 Mar 2023 12:09:51.503 # Configuration loaded -285076:M 25 Mar 2023 12:09:51.504 * Increased maximum number of open files to 10032 (it was originally set to 1024). -285076:M 25 Mar 2023 12:09:51.504 * monotonic clock: POSIX clock_gettime - _._ - _.-``__ ''-._ - _.-`` `. `_. ''-._ Redis 255.255.255 (00000000/0) 64 bit - .-`` .-```. ```\/ _.,_ ''-._ - ( ' , .-` | `, ) Running in standalone mode - |`-._`-...-` __...-.``-._|'` _.-'| Port: 6380 - | `-._ `._ / _.-' | PID: 285076 - `-._ `-._ `-./ _.-' _.-' - |`-._`-._ `-.__.-' _.-'_.-'| - | `-._`-._ _.-'_.-' | https://redis.io - `-._ `-._`-.__.-'_.-' _.-' - |`-._`-._ `-.__.-' _.-'_.-'| - | `-._`-._ _.-'_.-' | - `-._ `-._`-.__.-'_.-' _.-' - `-._ `-.__.-' _.-' - `-._ _.-' - `-.__.-' - -285076:M 25 Mar 2023 12:09:51.505 # Server initialized -285076:M 25 Mar 2023 12:09:51.505 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. -285076:M 25 Mar 2023 12:09:51.506 * Ready to accept connections - -``` - -安装前测试功能。 - -```shell -[root@openEuler ~]# telnet 127.0.0.1 6380 -Trying 127.0.0.1... -Connected to 127.0.0.1. -Escape character is '^]'. - -*100 - --ERR Protocol error: expected '$', got ' ' -Connection closed by foreign host. -``` - -指定修复CVE-2021-1,确认关联到对应的热补丁包,显示安装成功。 -```shell -[root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-1.x86_64 -Last metadata expiration check: 0:01:39 ago on 2024年01月02日 星期二 20时16分45秒. -The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-benchmark' -The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-cli' -The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-server' -Package patch-redis-6.2.5-1-ACC-1-1.x86_64 is already installed. -Dependencies resolved. -Nothing to do. -Complete! -``` - -使用dnf hotpatch --list确认该热补丁是否安装成功,确认Status为ACTIVED。 -```shell -[root@openEuler ~]# dnf hotpatch --list -Last metadata expiration check: 0:04:43 ago on 2024年01月02日 星期二 20时16分45秒. -base-pkg/hotpatch status -redis-6.2.5-1/ACC-1-1/redis-benchmark ACTIVED -redis-6.2.5-1/ACC-1-1/redis-cli ACTIVED -redis-6.2.5-1/ACC-1-1/redis-server ACTIVED -``` - -确认该cve是否已被修复,由于CVE-2021-1所使用的热补丁包patch-redis-6.2.5-1-ACC-1-1.x86_64同样修复CVE-2021-11,CVE-2021-1和CVE-2021-11都不予显示。 -```shell -[root@openEuler ~]# dnf hot-updateinfo list cves -Last metadata expiration check: 0:08:48 ago on 2023年03月25日 星期六 11时53分46秒. -CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2023-1076 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2023-26607 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - -CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 -CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 -CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -``` - -激活后测试功能,对比激活前回显内容。 - -```shell -[root@openEuler ~]# telnet 127.0.0.1 6380 -Trying 127.0.0.1... -Connected to 127.0.0.1. -Escape character is '^]'. - -*100 - --ERR Protocol error: unauthenticated multibulk length -Connection closed by foreign host. -``` - -使用dnf hotpatch --remove指定热补丁手动卸载。 -```shell -[root@openEuler ~]# dnf hotpatch --remove redis-6.2.5-1 -Last metadata expiration check: 0:11:52 ago on 2024年01月02日 星期二 20时16分45秒. -Gonna remove this hot patch: redis-6.2.5-1 -remove hot patch 'redis-6.2.5-1' succeed -[root@openEuler ~]# dnf hotpatch --list -Last metadata expiration check: 0:12:00 ago on 2024年01月02日 星期二 20时16分45秒. -base-pkg/hotpatch status -redis-6.2.5-1/ACC-1-1/redis-benchmark NOT-APPLIED -redis-6.2.5-1/ACC-1-1/redis-cli NOT-APPLIED -redis-6.2.5-1/ACC-1-1/redis-server NOT-APPLIED -``` - -使用热补丁扫描命令查看本机待修复cve,确认CVE-2021-1和CVE-2021-11正常显示。 -```shell -[root@openEuler ~]# dnf hot-updateinfo list cves -Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. -CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - -CVE-2021-1 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 -CVE-2021-11 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 -CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 -CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 -CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -``` - -- 安装高版本ACC热补丁 - -指定安装热补丁包patch-redis-6.2.5-1-ACC-1-2.x86_64。 -```shell -[root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-2.x86_64 -Last metadata expiration check: 0:36:12 ago on 2024年01月02日 星期二 20时16分45秒. -The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-benchmark' -The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-cli' -The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-server' -Package patch-redis-6.2.5-1-ACC-1-2.x86_64 is already installed. -Dependencies resolved. -Nothing to do. -Complete! -``` - -使用热补丁扫描命令查看本机待修复cve,由于patch-redis-6.2.5-1-ACC-1-2.x86_64比patch-redis-6.2.5-1-ACC-1-1.x86_64的热补丁版本高,低版本热补丁对应的CVE-2021-1和CVE-2021-11,以及高版本热补丁对应的CVE-2021-2和CVE-2021-22都被修复。 -```shell -[root@openEuler ~]# dnf hot-updateinfo list cves -Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. -CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - -CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -``` - -- 热补丁目标软件包版本大于本机安装版本 - -查看热补丁repo源中repodata目录下的xxx-updateinfo.xml.gz,确认文件中的CVE-2021-33、CVE-2021-3相关信息。 - -```xml - - openEuler-HotPatchSA-2023-3 - An update for mariadb is now available for openEuler-22.03-LTS - Important - openEuler - - - - - - patch-redis-6.2.5-2-ACC.(CVE-2021-3, CVE-2021-33) - - - openEuler - - patch-redis-6.2.5-2-ACC-1-1.aarch64.rpm - - - patch-redis-6.2.5-2-ACC-1-1.x86_64.rpm - - - - -``` -package中的name字段"patch-redis-6.2.5-2-ACC"的组成部分为:patch-源码包名-源码包version-源码包release-热补丁patch名,该热补丁包需要本机安装redis-6.2.5-2源码版本,检查本机redis安装版本。 - -```shell -[root@openEuler ~]# rpm -qa | grep redis -redis-6.2.5-1.x86_64 -``` -由于本机安装版本不匹配,大于本机安装版本,该热补丁包名不显示,以'-'显示。 -```shell -[root@openEuler ~]# dnf hot-updateinfo list cves -Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. -CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - -CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -``` - -- 热补丁目标软件包版本小于本机安装版本。 - -查看热补丁repo源中repodata目录下的xxx-updateinfo.xml.gz,确认文件中的CVE-2021-44、CVE-2021-4相关信息。 - -```xml - - openEuler-HotPatchSA-2023-4 - An update for mariadb is now available for openEuler-22.03-LTS - Important - openEuler - - - - - - patch-redis-6.2.4-1-ACC.(CVE-2021-44, CVE-2021-4) - - - openEuler - - patch-redis-6.2.4-1-ACC-1-1.aarch64.rpm - - - patch-redis-6.2.4-1-ACC-1-1.x86_64.rpm - - - - -``` - -package中的name字段"patch-redis-6.2.4-1-ACC"的组成部分为:patch-源码包名-源码包version-源码包release-热补丁patch名,该热补丁包需要本机安装redis-6.2.4-1源码版本,检查本机redis安装版本。 - -```shell -[root@openEuler ~]# rpm -qa | grep redis -redis-6.2.5-1.x86_64 -``` - -由于本机安装版本不匹配,小于本机安装版本,该CVE不予显示。 - -```shell -[root@openEuler ~]# dnf hot-updateinfo list cves -Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. -CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - -CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - -CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - -CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - -``` - +# dnf插件命令使用手册 +将dnf-hotpatch-plugin安装部署完成后,可使用dnf命令调用A-ops ceres中的冷/热补丁操作,命令包含热补丁扫描(dnf hot-updateinfo),热补丁状态设置及查询(dnf hotpatch ),热补丁应用(dnf hotupgrade),内核升级前kabi检查(dnf upgrade-en)。本文将介绍上述命令的具体使用方法。 + +>热补丁包括ACC/SGL(accumulate/single)类型 +> +>- ACC:增量补丁。目标高版本热补丁包含低版本热补丁所修复问题。 +>- SGL_xxx:单独补丁,xxx为issue id,如果有多个issue id,用多个'_'拼接。目标修复issue id相关问题。 + +## 热补丁扫描 +`dnf hot-updateinfo`命令支持扫描热补丁并指定cve查询相关热补丁,命令使用方式如下: +```shell +dnf hot-updateinfo list cves [--available(default) | --installed] [--cve [cve_id]] + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates +Hot-updateinfo command-specific options: + --available + cves about newer versions of installed packages + (default) + --installed + cves about equal and older versions of installed packages +``` + +- `list cves` + +1、查询主机所有可修复的cve和对应的冷/热补丁。 + +```shell +[root@localhost ~]# dnf hot-updateinfo list cves +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +CVE-2022-30594 Important/Sec. kernel-4.19.90-2206.1.0.0153.oe1.x86_64 patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 +CVE-2023-1111 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2023-1112 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2023-1111 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-SGL_CVE_2023_1111_CVE_2023_1112-1-1.x86_64 +``` + +2、查询主机所有已修复的cve和对应的冷/热补丁 + +```shell +[root@localhost ~]# dnf hot-updateinfo list cves --installed +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +CVE-2022-36298 Important/Sec. - patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_36298-1-1.x86_64 +``` + +2、指定cve查询对应的可修复冷/热补丁。 + +```shell +[root@localhost ~]# dnf hot-updateinfo list cves --cve CVE-2022-30594 +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +CVE-2022-30594 Important/Sec. kernel-4.19.90-2206.1.0.0153.oe1.x86_64 patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 +``` + +3、cve不存在时列表为空。 +```shell +[root@localhost ~]# dnf hot-updateinfo list cves --cve CVE-2022-3089 +# cve-id level cold-patch hot-patch +Last metadata expiration check: 2:39:04 ago on 2023年12月29日 星期五 07时45分02秒. +``` + +## 热补丁状态及转换图 + +- 热补丁状态图 + + NOT-APPLIED: 热补丁尚未应用。 + + DEACTIVED: 热补丁未被激活。 + + ACTIVED: 热补丁已被激活。 + + ACCEPTED: 热补丁已被激活,后续重启后会被自动应用激活。 + + ![热补丁状态转换图](./figures/syscare热补丁状态图.png) + + +## 热补丁状态查询和切换 +`dnf hotpatch`命令支持查询、切换热补丁的状态,命令使用方式如下: + +```shell +dnf hotpatch + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates + +Hotpatch command-specific options: + --list [{cve, cves}] show list of hotpatch + --apply APPLY_NAME apply hotpatch + --remove REMOVE_NAME remove hotpatch + --active ACTIVE_NAME active hotpatch + --deactive DEACTIVE_NAME + deactive hotpatch + --accept ACCEPT_NAME accept hotpatch +``` +- 使用`dnf hotpatch`命令查询热补丁状态 + + - 使用`dnf hotpatch --list`命令查询当前系统中可使用的热补丁状态并展示。 + + ```shell + [root@localhost ~]# dnf hotpatch --list + Last metadata expiration check: 0:09:25 ago on 2023年12月29日 星期五 10时26分45秒. + base-pkg/hotpatch status + kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - 使用`dnf hotpatch --list cves`查询漏洞(CVE-id)对应热补丁及其状态并展示。 + + ```shell + [root@openEuler ~]# dnf hotpatch --list cves + Last metadata expiration check: 0:11:05 ago on 2023年12月29日 星期五 10时26分45秒. + CVE-id base-pkg/hotpatch status + CVE-2022-30594 kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - `dnf hotpatch --list cves --cve `筛选指定CVE对应的热补丁及其状态并展示。 + + ```shell + [root@openEuler ~]# dnf hotpatch --list cves --cve CVE-2022-30594 + Last metadata expiration check: 0:12:25 ago on 2023年12月29日 星期五 10时26分45秒. + CVE-id base-pkg/hotpatch status + CVE-2022-30594 kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED + ``` + + - 使用`dnf hotpatch --list cves --cve `查询无结果时展示为空。 + + ```shell + [root@openEuler ~]# dnf hotpatch --list cves --cve CVE-2023-1 + Last metadata expiration check: 0:13:11 ago on 2023年12月29日 星期五 10时26分45秒. + ``` + +- 使用`dnf hotpatch --apply `命令应用热补丁,可使用 `dnf hotpatch --list`查询应用后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:13:55 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED +[root@openEuler ~]# dnf hotpatch --apply kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:15:37 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna apply this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +apply hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:16:20 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACTIVED +``` +- 使用`dnf hotpatch --deactive `停用热补丁,可使用`dnf hotpatch --list`查询停用后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --deactive kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:19:00 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna deactive this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +deactive hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:19:12 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux DEACTIVED +``` +- 使用`dnf hotpatch --remove `删除热补丁,可使用`dnf hotpatch --list`查询删除后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --remove kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:20:12 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna remove this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +remove hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:20:23 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux NOT-APPLIED +``` +- 使用`dnf hotpatch --active `激活热补丁,可使用`dnf hotpatch --list`查询激活后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --active kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:15:37 ago on 2023年12月29日 星期五 10时26分45秒. +Gonna active this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +active hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:16:20 ago on 2023年12月29日 星期五 10时26分45秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACTIVED +``` +- 使用`dnf hotpatch --accept `接收热补丁,可使用`dnf hotpatch --list`查询接收后的状态变化,变化逻辑见上文的热补丁状态转换图。 + +```shell +[root@openEuler ~]# dnf hotpatch --accept kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +Last metadata expiration check: 0:14:19 ago on 2023年12月29日 星期五 10时47分38秒. +Gonna accept this hot patch: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1 +accept hot patch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:14:34 ago on 2023年12月29日 星期五 10时47分38秒. +base-pkg/hotpatch status +kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1/vmlinux ACCEPTED +``` + + +## 热补丁应用 +`hotupgrade`命令根据cve id和热补丁名称进行热补丁修复,同时也支持全量修复。命令使用方式如下: +```shell +dnf hotupgrade [--cve [cve_id]] [PACKAGE ...] [--takeover] [-f] + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates + +command-specific options: + --takeover + kernel cold patch takeover operation + -f + force retain kernel rpm package if kernel kabi check fails + PACKAGE + Package to upgrade +``` + +- 使用`dnf hotupgrade PACKAGE`安装目标热补丁。 + + - 使用`dnf hotupgrade PACKAGE`安装目标热补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 + Last metadata expiration check: 0:26:25 ago on 2023年12月29日 星期五 10时47分38秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - 当目标热补丁已经应用激活,使用`dnf hotupgrade PACKAGE`安装目标热补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 + Last metadata expiration check: 0:28:35 ago on 2023年12月29日 星期五 10时47分38秒. + The hotpatch 'kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'vmlinux' + Package patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 is already installed. + Dependencies resolved. + Nothing to do. + Complete! + ``` + + - 使用`dnf hotupgrade PACKAGE`安装目标热补丁,自动卸载激活失败的热补丁。 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-1.x86_64 + Last metadata expiration check: 0:30:30 ago on 2023年12月29日 星期五 10时47分38秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch failed: redis-6.2.5-1/ACC-1-1. + Error: Operation failed + + Caused by: + 0. Transaction "Apply patch 'redis-6.2.5-1/ACC-1-1'" failed + + Caused by: + Cannot match any patch named "redis-6.2.5-1/ACC-1-1" + + Gonna remove unsuccessfully activated hotpatch rpm. + Remove package succeed: patch-redis-6.2.5-1-ACC-1-1.x86_64. + ``` + +- 使用`--cve `指定cve_id安装CVE对应的热补丁 + + - 使用`dnf hotupgrade --cve CVE-2022-30594`安装CVE对应的热补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2022-30594 + Last metadata expiration check: 0:26:25 ago on 2023年12月29日 星期五 10时47分38秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - 使用`dnf hotupgrade --cve CVE-2022-2021`安装CVE对应的热补丁,对应的CVE不存在。 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2022-2021 + Last metadata expiration check: 1:37:44 ago on 2023年12月29日 星期五 13时49分39秒. + The cve doesn't exist or cannot be fixed by hotpatch: CVE-2022-2021 + No hot patches marked for install. + Dependencies resolved. + Nothing to do. + Complete! + ``` + + - 使用`dnf hotupgrade --cve `指定cve_id安装时,该CVE对应的ACC低版本热补丁已安装时,删除低版本热补丁,安装高版本ACC热补丁包。 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2023-1070 + Last metadata expiration check: 0:00:48 ago on 2024年01月02日 星期二 11时21分55秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx (Install messages and process upgrade) + Complete! + Apply hot patch succeed: kernel-5.10.0-153.12.0.92.oe2203sp2/ACC-1-3. + [root@openEuler tmp]# + ``` + + - 指定cve_id安装时,该CVE对应的最高版本热补丁包已存在 + + ```shell + [root@openEuler ~]# dnf hotupgrade --cve CVE-2023-1070 + Last metadata expiration check: 1:37:44 ago on 2023年12月29日 星期五 13时49分39秒. + The cve doesn't exist or cannot be fixed by hotpatch: CVE-2023-1070 + No hot patches marked for install. + Dependencies resolved. + Nothing to do. + Complete! + ``` + +- 使用`dnf hotupgrade`进行热补丁全量修复 + - 热补丁未安装时,使用`dnf hotupgrade`命令安装所有可安装热补丁。 + + - 当部分热补丁已经安装时,使用`dnf hotupgrade`命令进行全量修复,将保留已安装的热补丁,然后安装其他热补丁 + +- 使用`--takeover`进行内核热补丁收编 + + - 使用`dnf hotupgrade PACKAGE --takeover`安装热补丁,收编相应内核冷补丁;由于目标内核冷补丁kabi检查失败,进行自动卸载;accept热补丁,使热补丁重启后仍旧生效;恢复内核默认引导启动项。 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 --takeover + Last metadata expiration check: 2:23:22 ago on 2023年12月29日 星期五 13时49分39秒. + Gonna takeover kernel cold patch: ['kernel-4.19.90-2206.1.0.0153.oe1.x86_64'] + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + Gonna remove kernel-4.19.90-2206.1.0.0153.oe1.x86_64 due to Kabi check failed. + Rebuild rpm database succeed. + Remove package succeed: kernel-4.19.90-2206.1.0.0153.oe1.x86_64. + Restore the default boot kernel succeed: kernel-4.19.90-2112.8.0.0131.oe1.x86_64. + No available kernel cold patch for takeover, gonna accept available kernel hot patch. + Accept hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + ``` + + - 使用`dnf hotupgrade PACKAGE --takeover -f`安装热补丁,如果内核冷补丁kabi检查未通过,使用`-f`强制保留内核冷补丁 + + ```shell + [root@openEuler ~]# dnf hotupgrade patch-kernel-4.19.90-2112.8.0.0131.oe1-SGL_CVE_2022_30594-1-1.x86_64 --takeover + Last metadata expiration check: 2:23:22 ago on 2023年12月29日 星期五 13时49分39秒. + Gonna takeover kernel cold patch: ['kernel-4.19.90-2206.1.0.0153.oe1.x86_64'] + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + xxxx(Install process) + Complete! + Apply hot patch succeed: kernel-4.19.90-2112.8.0.0131.oe1/SGL_CVE_2022_30594-1-1. + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + ``` + + +## 内核升级前kabi检查 + +`dnf upgrade-en` 命令支持内核冷补丁升级前kabi检查,命令使用方式如下: + +```shell +dnf upgrade-en [PACKAGE] [--cve [cve_id]] + +upgrade with KABI(Kernel Application Binary Interface) check. If the loaded +kernel modules have KABI compatibility with the new version kernel rpm, the +kernel modules can be installed and used in the new version kernel without +recompling. + +General DNF options: + -h, --help, --help-cmd + show command help + --cve CVES, --cves CVES + Include packages needed to fix the given CVE, in updates +Upgrade-en command-specific options: + PACKAGE + Package to upgrade +``` + +- 使用`dnf upgrade-en PACKAGE`安装目标冷补丁 + + - 使用`dnf upgrade-en`安装目标冷补丁,kabi检查未通过,输出kabi差异性报告,自动卸载目标升级kernel包。 + + ```shell + [root@openEuler ~]# dnf upgrade-en kernel-4.19.90-2206.1.0.0153.oe1.x86_64 + Last metadata expiration check: 1:51:54 ago on 2023年12月29日 星期五 13时49分39秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Kabi check for kernel-4.19.90-2206.1.0.0153.oe1.x86_64: + [Fail] Here are 81 loaded kernel modules in this system, 78 pass, 3 fail. + Failed modules are as follows: + No. Module Difference + 1 nf_nat_ipv6 secure_ipv6_port_ephemeral : 0xe1a4f16a != 0x0209f3a7 + 2 nf_nat_ipv4 secure_ipv4_port_ephemeral : 0x57f70547 != 0xe3840e18 + 3 kvm_intel kvm_lapic_hv_timer_in_use : 0x54981db4 != 0xf58e6f1f + kvm_apic_write_nodecode : 0x56c989a1 != 0x24c9db31 + kvm_complete_insn_gp : 0x99c2d256 != 0xcd8014bd + Gonna remove kernel-4.19.90-2206.1.0.0153.oe1.x86_64 due to kabi check failed. + Rebuild rpm database succeed. + Remove package succeed: kernel-4.19.90-2206.1.0.0153.oe1.x86_64. + Restore the default boot kernel succeed: kernel-4.19.90-2112.8.0.0131.oe1.x86_64. + ``` + + - 使用`dnf upgrade-en`安装目标冷补丁,kabi检查通过 + + ```shell + [root@openEuler ~]# dnf upgrade-en kernel-4.19.90-2201.1.0.0132.oe1.x86_64 + Last metadata expiration check: 2:02:10 ago on 2023年12月29日 星期五 13时49分39秒. + Dependencies resolved. + xxxx(Install messgaes) + Is this ok [y/N]: y + Downloading Packages: + xxxx(Install process) + Complete! + Kabi check for kernel-4.19.90-2201.1.0.0132.oe1.x86_64: + [Success] Here are 81 loaded kernel modules in this system, 81 pass, 0 fail. + ``` + +- 使用`dnf upgrade-en` 进行全量修复 + +​ 全量修复如果包含目标kernel的升级,输出根据不同的kabi检查情况与`dnf upgrade-en PACKAGE`命令相同。 + +## 使用场景说明 + +本段落介绍上述命令的使用场景及顺序介绍,需要提前确认本机的热补丁repo源和相应冷补丁repo源已开启。 + +- 热补丁修复。 + +使用热补丁扫描命令查看本机待修复cve。 + +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-1 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-11 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +找到提供热补丁的相应cve,发现CVE-2021-1、CVE-2021-11、CVE-2021-2和CVE-2021-22可用热补丁修复。 + +在安装补丁前测试功能,基于redis.conf配置文件启动redis服务。 +```shell +[root@openEuler ~]# sudo redis-server ./redis.conf & +[1] 285075 +[root@openEuler ~]# 285076:C 25 Mar 2023 12:09:51.503 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo +285076:C 25 Mar 2023 12:09:51.503 # Redis version=255.255.255, bits=64, commit=00000000, modified=0, pid=285076, just started +285076:C 25 Mar 2023 12:09:51.503 # Configuration loaded +285076:M 25 Mar 2023 12:09:51.504 * Increased maximum number of open files to 10032 (it was originally set to 1024). +285076:M 25 Mar 2023 12:09:51.504 * monotonic clock: POSIX clock_gettime + _._ + _.-``__ ''-._ + _.-`` `. `_. ''-._ Redis 255.255.255 (00000000/0) 64 bit + .-`` .-```. ```\/ _.,_ ''-._ + ( ' , .-` | `, ) Running in standalone mode + |`-._`-...-` __...-.``-._|'` _.-'| Port: 6380 + | `-._ `._ / _.-' | PID: 285076 + `-._ `-._ `-./ _.-' _.-' + |`-._`-._ `-.__.-' _.-'_.-'| + | `-._`-._ _.-'_.-' | https://redis.io + `-._ `-._`-.__.-'_.-' _.-' + |`-._`-._ `-.__.-' _.-'_.-'| + | `-._`-._ _.-'_.-' | + `-._ `-._`-.__.-'_.-' _.-' + `-._ `-.__.-' _.-' + `-._ _.-' + `-.__.-' + +285076:M 25 Mar 2023 12:09:51.505 # Server initialized +285076:M 25 Mar 2023 12:09:51.505 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. +285076:M 25 Mar 2023 12:09:51.506 * Ready to accept connections + +``` + +安装前测试功能。 + +```shell +[root@openEuler ~]# telnet 127.0.0.1 6380 +Trying 127.0.0.1... +Connected to 127.0.0.1. +Escape character is '^]'. + +*100 + +-ERR Protocol error: expected '$', got ' ' +Connection closed by foreign host. +``` + +指定修复CVE-2021-1,确认关联到对应的热补丁包,显示安装成功。 +```shell +[root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-1.x86_64 +Last metadata expiration check: 0:01:39 ago on 2024年01月02日 星期二 20时16分45秒. +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-benchmark' +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-cli' +The hotpatch 'redis-6.2.5-1/ACC-1-1' already has a 'ACTIVED' sub hotpatch of binary file 'redis-server' +Package patch-redis-6.2.5-1-ACC-1-1.x86_64 is already installed. +Dependencies resolved. +Nothing to do. +Complete! +``` + +使用dnf hotpatch --list确认该热补丁是否安装成功,确认Status为ACTIVED。 +```shell +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:04:43 ago on 2024年01月02日 星期二 20时16分45秒. +base-pkg/hotpatch status +redis-6.2.5-1/ACC-1-1/redis-benchmark ACTIVED +redis-6.2.5-1/ACC-1-1/redis-cli ACTIVED +redis-6.2.5-1/ACC-1-1/redis-server ACTIVED +``` + +确认该cve是否已被修复,由于CVE-2021-1所使用的热补丁包patch-redis-6.2.5-1-ACC-1-1.x86_64同样修复CVE-2021-11,CVE-2021-1和CVE-2021-11都不予显示。 +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:08:48 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-1076 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26607 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +激活后测试功能,对比激活前回显内容。 + +```shell +[root@openEuler ~]# telnet 127.0.0.1 6380 +Trying 127.0.0.1... +Connected to 127.0.0.1. +Escape character is '^]'. + +*100 + +-ERR Protocol error: unauthenticated multibulk length +Connection closed by foreign host. +``` + +使用dnf hotpatch --remove指定热补丁手动卸载。 +```shell +[root@openEuler ~]# dnf hotpatch --remove redis-6.2.5-1 +Last metadata expiration check: 0:11:52 ago on 2024年01月02日 星期二 20时16分45秒. +Gonna remove this hot patch: redis-6.2.5-1 +remove hot patch 'redis-6.2.5-1' succeed +[root@openEuler ~]# dnf hotpatch --list +Last metadata expiration check: 0:12:00 ago on 2024年01月02日 星期二 20时16分45秒. +base-pkg/hotpatch status +redis-6.2.5-1/ACC-1-1/redis-benchmark NOT-APPLIED +redis-6.2.5-1/ACC-1-1/redis-cli NOT-APPLIED +redis-6.2.5-1/ACC-1-1/redis-server NOT-APPLIED +``` + +使用热补丁扫描命令查看本机待修复cve,确认CVE-2021-1和CVE-2021-11正常显示。 +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-1 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-11 Important/Sec. redis-6.2.5-2.x86_64 patch-redis-6.2.5-1-ACC-1-1.x86_64 +CVE-2021-2 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-22 Important/Sec. redis-6.2.5-3.x86_64 patch-redis-6.2.5-1-ACC-1-2.x86_64 +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- 安装高版本ACC热补丁 + +指定安装热补丁包patch-redis-6.2.5-1-ACC-1-2.x86_64。 +```shell +[root@openEuler ~]# dnf hotupgrade patch-redis-6.2.5-1-ACC-1-2.x86_64 +Last metadata expiration check: 0:36:12 ago on 2024年01月02日 星期二 20时16分45秒. +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-benchmark' +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-cli' +The hotpatch 'redis-6.2.5-1/ACC-1-2' already has a 'ACTIVED' sub hotpatch of binary file 'redis-server' +Package patch-redis-6.2.5-1-ACC-1-2.x86_64 is already installed. +Dependencies resolved. +Nothing to do. +Complete! +``` + +使用热补丁扫描命令查看本机待修复cve,由于patch-redis-6.2.5-1-ACC-1-2.x86_64比patch-redis-6.2.5-1-ACC-1-1.x86_64的热补丁版本高,低版本热补丁对应的CVE-2021-1和CVE-2021-11,以及高版本热补丁对应的CVE-2021-2和CVE-2021-22都被修复。 +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- 热补丁目标软件包版本大于本机安装版本 + +查看热补丁repo源中repodata目录下的xxx-updateinfo.xml.gz,确认文件中的CVE-2021-33、CVE-2021-3相关信息。 + +```xml + + openEuler-HotPatchSA-2023-3 + An update for mariadb is now available for openEuler-22.03-LTS + Important + openEuler + + + + + + patch-redis-6.2.5-2-ACC.(CVE-2021-3, CVE-2021-33) + + + openEuler + + patch-redis-6.2.5-2-ACC-1-1.aarch64.rpm + + + patch-redis-6.2.5-2-ACC-1-1.x86_64.rpm + + + + +``` +package中的name字段"patch-redis-6.2.5-2-ACC"的组成部分为:patch-源码包名-源码包version-源码包release-热补丁patch名,该热补丁包需要本机安装redis-6.2.5-2源码版本,检查本机redis安装版本。 + +```shell +[root@openEuler ~]# rpm -qa | grep redis +redis-6.2.5-1.x86_64 +``` +由于本机安装版本不匹配,大于本机安装版本,该热补丁包名不显示,以'-'显示。 +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + +- 热补丁目标软件包版本小于本机安装版本。 + +查看热补丁repo源中repodata目录下的xxx-updateinfo.xml.gz,确认文件中的CVE-2021-44、CVE-2021-4相关信息。 + +```xml + + openEuler-HotPatchSA-2023-4 + An update for mariadb is now available for openEuler-22.03-LTS + Important + openEuler + + + + + + patch-redis-6.2.4-1-ACC.(CVE-2021-44, CVE-2021-4) + + + openEuler + + patch-redis-6.2.4-1-ACC-1-1.aarch64.rpm + + + patch-redis-6.2.4-1-ACC-1-1.x86_64.rpm + + + + +``` + +package中的name字段"patch-redis-6.2.4-1-ACC"的组成部分为:patch-源码包名-源码包version-源码包release-热补丁patch名,该热补丁包需要本机安装redis-6.2.4-1源码版本,检查本机redis安装版本。 + +```shell +[root@openEuler ~]# rpm -qa | grep redis +redis-6.2.5-1.x86_64 +``` + +由于本机安装版本不匹配,小于本机安装版本,该CVE不予显示。 + +```shell +[root@openEuler ~]# dnf hot-updateinfo list cves +Last metadata expiration check: 0:00:38 ago on 2023年03月25日 星期六 11时53分46秒. +CVE-2023-22995 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2023-26545 Important/Sec. python3-perf-5.10.0-136.22.0.98.oe2203sp1.x86_64 - +CVE-2022-40897 Important/Sec. python3-setuptools-59.4.0-5.oe2203sp1.noarch - +CVE-2021-33 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2021-3 Important/Sec. redis-6.2.5-4.x86_64 - +CVE-2022-38023 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +CVE-2022-37966 Important/Sec. samba-client-4.17.2-5.oe2203sp1.x86_64 - +``` + diff --git "a/docs/zh/docs/A-Ops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" "b/docs/zh/docs/server/maintenance/aops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" rename to "docs/zh/docs/server/maintenance/aops/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" diff --git a/docs/zh/docs/A-Ops/figures/chakanyuqi.png b/docs/zh/docs/server/maintenance/aops/figures/chakanyuqi.png similarity index 100% rename from docs/zh/docs/A-Ops/figures/chakanyuqi.png rename to docs/zh/docs/server/maintenance/aops/figures/chakanyuqi.png diff --git a/docs/zh/docs/A-Ops/figures/chaxunshijipeizhi.png b/docs/zh/docs/server/maintenance/aops/figures/chaxunshijipeizhi.png similarity index 100% rename from docs/zh/docs/A-Ops/figures/chaxunshijipeizhi.png rename to docs/zh/docs/server/maintenance/aops/figures/chaxunshijipeizhi.png diff --git a/docs/zh/docs/A-Ops/figures/chuangjianyewuyu.png b/docs/zh/docs/server/maintenance/aops/figures/chuangjianyewuyu.png similarity index 100% rename from docs/zh/docs/A-Ops/figures/chuangjianyewuyu.png rename to docs/zh/docs/server/maintenance/aops/figures/chuangjianyewuyu.png diff --git "a/docs/zh/docs/A-Ops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" "b/docs/zh/docs/server/maintenance/aops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" rename to "docs/zh/docs/server/maintenance/aops/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" diff --git "a/docs/zh/docs/A-Ops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/zh/docs/server/maintenance/aops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" rename to "docs/zh/docs/server/maintenance/aops/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" diff --git "a/docs/zh/docs/A-Ops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/zh/docs/server/maintenance/aops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" rename to "docs/zh/docs/server/maintenance/aops/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" diff --git a/docs/zh/docs/A-Ops/figures/group.PNG b/docs/zh/docs/server/maintenance/aops/figures/group.PNG similarity index 100% rename from docs/zh/docs/A-Ops/figures/group.PNG rename to docs/zh/docs/server/maintenance/aops/figures/group.PNG diff --git a/docs/zh/docs/Installation/public_sys-resources/icon-note.gif b/docs/zh/docs/server/maintenance/aops/figures/icon-note.gif similarity index 100% rename from docs/zh/docs/Installation/public_sys-resources/icon-note.gif rename to docs/zh/docs/server/maintenance/aops/figures/icon-note.gif diff --git a/docs/zh/docs/A-Ops/figures/shanchupeizhi.png b/docs/zh/docs/server/maintenance/aops/figures/shanchupeizhi.png similarity index 100% rename from docs/zh/docs/A-Ops/figures/shanchupeizhi.png rename to docs/zh/docs/server/maintenance/aops/figures/shanchupeizhi.png diff --git "a/docs/zh/docs/A-Ops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" "b/docs/zh/docs/server/maintenance/aops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" rename to "docs/zh/docs/server/maintenance/aops/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" diff --git "a/docs/zh/docs/A-Ops/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/zh/docs/server/maintenance/aops/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" rename to "docs/zh/docs/server/maintenance/aops/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" diff --git a/docs/zh/docs/A-Ops/figures/tianjianode.png b/docs/zh/docs/server/maintenance/aops/figures/tianjianode.png similarity index 100% rename from docs/zh/docs/A-Ops/figures/tianjianode.png rename to docs/zh/docs/server/maintenance/aops/figures/tianjianode.png diff --git a/docs/zh/docs/A-Ops/figures/xinzengpeizhi.png b/docs/zh/docs/server/maintenance/aops/figures/xinzengpeizhi.png similarity index 100% rename from docs/zh/docs/A-Ops/figures/xinzengpeizhi.png rename to docs/zh/docs/server/maintenance/aops/figures/xinzengpeizhi.png diff --git a/docs/zh/docs/A-Ops/figures/zhuangtaichaxun.png b/docs/zh/docs/server/maintenance/aops/figures/zhuangtaichaxun.png similarity index 100% rename from docs/zh/docs/A-Ops/figures/zhuangtaichaxun.png rename to docs/zh/docs/server/maintenance/aops/figures/zhuangtaichaxun.png diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" "b/docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" "b/docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" "b/docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" "b/docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" "b/docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" "b/docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" "b/docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" diff --git "a/docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" diff --git "a/docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" "b/docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" diff --git "a/docs/zh/docs/A-Ops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/zh/docs/server/maintenance/aops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" diff --git "a/docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" "b/docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" "b/docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" "b/docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" "b/docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" "b/docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" "b/docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" "b/docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" "b/docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" "b/docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" diff --git "a/docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" "b/docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" similarity index 100% rename from "docs/zh/docs/A-Ops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" rename to "docs/zh/docs/server/maintenance/aops/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" diff --git a/docs/zh/docs/A-Ops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png b/docs/zh/docs/server/maintenance/aops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png similarity index 100% rename from docs/zh/docs/A-Ops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png rename to docs/zh/docs/server/maintenance/aops/image/45515A7F-0EC2-45AA-9B58-AB92DE9B0979.png diff --git "a/docs/zh/docs/A-Ops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" "b/docs/zh/docs/server/maintenance/aops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" rename to "docs/zh/docs/server/maintenance/aops/image/ACC\347\232\204hotpatchmetadata\346\226\207\344\273\266\347\244\272\344\276\213.png" diff --git a/docs/zh/docs/A-Ops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png b/docs/zh/docs/server/maintenance/aops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png similarity index 100% rename from docs/zh/docs/A-Ops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png rename to docs/zh/docs/server/maintenance/aops/image/E574E637-0BF3-4F3B-BAE6-04ECBD09D151.png diff --git a/docs/zh/docs/A-Ops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png b/docs/zh/docs/server/maintenance/aops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png similarity index 100% rename from docs/zh/docs/A-Ops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png rename to docs/zh/docs/server/maintenance/aops/image/EF5E0132-6E5C-4DD1-8CB5-73035278E233.png diff --git a/docs/zh/docs/A-Ops/image/hotpatch-fix-pr.png b/docs/zh/docs/server/maintenance/aops/image/hotpatch-fix-pr.png similarity index 100% rename from docs/zh/docs/A-Ops/image/hotpatch-fix-pr.png rename to docs/zh/docs/server/maintenance/aops/image/hotpatch-fix-pr.png diff --git a/docs/zh/docs/A-Ops/image/hotpatch-pr-1.png b/docs/zh/docs/server/maintenance/aops/image/hotpatch-pr-1.png similarity index 100% rename from docs/zh/docs/A-Ops/image/hotpatch-pr-1.png rename to docs/zh/docs/server/maintenance/aops/image/hotpatch-pr-1.png diff --git a/docs/zh/docs/A-Ops/image/hotpatch-pr-success.png b/docs/zh/docs/server/maintenance/aops/image/hotpatch-pr-success.png similarity index 100% rename from docs/zh/docs/A-Ops/image/hotpatch-pr-success.png rename to docs/zh/docs/server/maintenance/aops/image/hotpatch-pr-success.png diff --git a/docs/zh/docs/A-Ops/image/hotpatch-pr.png b/docs/zh/docs/server/maintenance/aops/image/hotpatch-pr.png similarity index 100% rename from docs/zh/docs/A-Ops/image/hotpatch-pr.png rename to docs/zh/docs/server/maintenance/aops/image/hotpatch-pr.png diff --git a/docs/zh/docs/A-Ops/image/hotpatch-xml.PNG b/docs/zh/docs/server/maintenance/aops/image/hotpatch-xml.PNG similarity index 100% rename from docs/zh/docs/A-Ops/image/hotpatch-xml.PNG rename to docs/zh/docs/server/maintenance/aops/image/hotpatch-xml.PNG diff --git a/docs/zh/docs/A-Ops/image/image-20230525193235084.png b/docs/zh/docs/server/maintenance/aops/image/image-20230525193235084.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230525193235084.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230525193235084.png diff --git a/docs/zh/docs/A-Ops/image/image-20230525193254541.png b/docs/zh/docs/server/maintenance/aops/image/image-20230525193254541.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230525193254541.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230525193254541.png diff --git a/docs/zh/docs/A-Ops/image/image-20230527165206707.png b/docs/zh/docs/server/maintenance/aops/image/image-20230527165206707.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230527165206707.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230527165206707.png diff --git a/docs/zh/docs/A-Ops/image/image-20230527165700642.png b/docs/zh/docs/server/maintenance/aops/image/image-20230527165700642.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230527165700642.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230527165700642.png diff --git a/docs/zh/docs/A-Ops/image/image-20230527165823568.png b/docs/zh/docs/server/maintenance/aops/image/image-20230527165823568.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230527165823568.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230527165823568.png diff --git a/docs/zh/docs/A-Ops/image/image-20230527165845170.png b/docs/zh/docs/server/maintenance/aops/image/image-20230527165845170.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230527165845170.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230527165845170.png diff --git a/docs/zh/docs/A-Ops/image/image-20230527165922876.png b/docs/zh/docs/server/maintenance/aops/image/image-20230527165922876.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230527165922876.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230527165922876.png diff --git a/docs/zh/docs/A-Ops/image/image-20230527170343909.png b/docs/zh/docs/server/maintenance/aops/image/image-20230527170343909.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230527170343909.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230527170343909.png diff --git a/docs/zh/docs/A-Ops/image/image-20230607161425282.png b/docs/zh/docs/server/maintenance/aops/image/image-20230607161425282.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230607161425282.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230607161425282.png diff --git a/docs/zh/docs/A-Ops/image/image-20230607163358749.png b/docs/zh/docs/server/maintenance/aops/image/image-20230607163358749.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230607163358749.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230607163358749.png diff --git a/docs/zh/docs/A-Ops/image/image-20230607172021782.png b/docs/zh/docs/server/maintenance/aops/image/image-20230607172021782.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230607172021782.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230607172021782.png diff --git a/docs/zh/docs/A-Ops/image/image-20230612113428096.png b/docs/zh/docs/server/maintenance/aops/image/image-20230612113428096.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230612113428096.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230612113428096.png diff --git a/docs/zh/docs/A-Ops/image/image-20230612113626330.png b/docs/zh/docs/server/maintenance/aops/image/image-20230612113626330.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230612113626330.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230612113626330.png diff --git a/docs/zh/docs/A-Ops/image/image-20230908163402743.png b/docs/zh/docs/server/maintenance/aops/image/image-20230908163402743.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230908163402743.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230908163402743.png diff --git a/docs/zh/docs/A-Ops/image/image-20230908163914778.png b/docs/zh/docs/server/maintenance/aops/image/image-20230908163914778.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230908163914778.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230908163914778.png diff --git a/docs/zh/docs/A-Ops/image/image-20230908164216528.png b/docs/zh/docs/server/maintenance/aops/image/image-20230908164216528.png similarity index 100% rename from docs/zh/docs/A-Ops/image/image-20230908164216528.png rename to docs/zh/docs/server/maintenance/aops/image/image-20230908164216528.png diff --git "a/docs/zh/docs/A-Ops/image/openEuler\344\273\223\350\257\204\350\256\272.png" "b/docs/zh/docs/server/maintenance/aops/image/openEuler\344\273\223\350\257\204\350\256\272.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/openEuler\344\273\223\350\257\204\350\256\272.png" rename to "docs/zh/docs/server/maintenance/aops/image/openEuler\344\273\223\350\257\204\350\256\272.png" diff --git a/docs/zh/docs/A-Ops/image/patch-file.PNG b/docs/zh/docs/server/maintenance/aops/image/patch-file.PNG similarity index 100% rename from docs/zh/docs/A-Ops/image/patch-file.PNG rename to docs/zh/docs/server/maintenance/aops/image/patch-file.PNG diff --git "a/docs/zh/docs/A-Ops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" "b/docs/zh/docs/server/maintenance/aops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" rename to "docs/zh/docs/server/maintenance/aops/image/src-openEuler\344\273\223\350\257\204\350\256\272.png" diff --git "a/docs/zh/docs/A-Ops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" "b/docs/zh/docs/server/maintenance/aops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" rename to "docs/zh/docs/server/maintenance/aops/image/\345\220\214\346\204\217\345\220\210\345\205\245pr.png" diff --git "a/docs/zh/docs/A-Ops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" "b/docs/zh/docs/server/maintenance/aops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" rename to "docs/zh/docs/server/maintenance/aops/image/\345\220\257\345\212\250\347\203\255\350\241\245\344\270\201\345\267\245\347\250\213\346\265\201\347\250\213.png" diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" "b/docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" rename to "docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\210\235\345\247\213\345\206\205\345\256\271.png" diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" "b/docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" rename to "docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\345\233\236\345\241\253.png" diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" "b/docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" rename to "docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201issue\351\223\276\346\216\245\345\222\214pr\351\223\276\346\216\245.png" diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" "b/docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" rename to "docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\345\244\261\350\264\245.png" diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" "b/docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" rename to "docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\345\210\266\344\275\234\347\273\223\346\236\234.png" diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" "b/docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" rename to "docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\347\232\204chroot\347\216\257\345\242\203.png" diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" "b/docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" rename to "docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201pr\350\247\246\345\217\221\346\265\201\347\250\213.png" diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" "b/docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" rename to "docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\344\273\223\346\217\220pr\350\257\264\346\230\216.png" diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" "b/docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" rename to "docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\344\270\213\350\275\275\351\223\276\346\216\245.png" diff --git "a/docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" "b/docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" similarity index 100% rename from "docs/zh/docs/A-Ops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" rename to "docs/zh/docs/server/maintenance/aops/image/\347\203\255\350\241\245\344\270\201\350\207\252\351\252\214\345\214\205\344\270\213\350\275\275\351\223\276\346\216\245.png" diff --git a/docs/zh/docs/A-Ops/overview.md b/docs/zh/docs/server/maintenance/aops/overview.md similarity index 98% rename from docs/zh/docs/A-Ops/overview.md rename to docs/zh/docs/server/maintenance/aops/overview.md index cd3fe77186fcd48076a6a4aefd9d43442d95194a..25c3aa9f994f68a7c56c22dd44d477005886761f 100644 --- a/docs/zh/docs/A-Ops/overview.md +++ b/docs/zh/docs/server/maintenance/aops/overview.md @@ -1,3 +1,3 @@ -# A-Ops用户指南 - -本文介绍A-Ops智能运维框架以及智能定位、配置溯源等服务的安装与使用方法,使用户能够快速了解并使用A-Ops。用户能够借由A-Ops降低系统集群的运维成本,实现系统故障快速定位、配置项统筹管理等功能。 +# A-Ops用户指南 + +本文介绍A-Ops智能运维框架以及智能定位、配置溯源等服务的安装与使用方法,使用户能够快速了解并使用A-Ops。用户能够借由A-Ops降低系统集群的运维成本,实现系统故障快速定位、配置项统筹管理等功能。 diff --git a/docs/zh/docs/server/maintenance/common_skills/_toc.yaml b/docs/zh/docs/server/maintenance/common_skills/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8d25e1b92e14b79b611eec0570872775687e79cf --- /dev/null +++ b/docs/zh/docs/server/maintenance/common_skills/_toc.yaml @@ -0,0 +1,8 @@ +label: 常用技能 +isManual: true +description: 运维常用配置及命令 +sections: + - label: 信息收集 + href: ./information-collection.md + - label: 常用配置 + href: ./common-configurations.md diff --git "a/docs/zh/docs/ops_guide/\345\270\270\347\224\250\346\212\200\350\203\275.md" b/docs/zh/docs/server/maintenance/common_skills/common-configurations.md similarity index 100% rename from "docs/zh/docs/ops_guide/\345\270\270\347\224\250\346\212\200\350\203\275.md" rename to docs/zh/docs/server/maintenance/common_skills/common-configurations.md diff --git a/docs/zh/docs/ops_guide/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/zh/docs/server/maintenance/common_skills/images/c50cb9df64f4659787c810167c89feb4_1884x257.png similarity index 100% rename from docs/zh/docs/ops_guide/images/c50cb9df64f4659787c810167c89feb4_1884x257.png rename to docs/zh/docs/server/maintenance/common_skills/images/c50cb9df64f4659787c810167c89feb4_1884x257.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001321685172.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001321685172.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001321685172.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001321685172.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001322112990.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001322112990.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001322112990.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001322112990.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001322219840.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001322219840.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001322219840.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001322219840.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001322372918.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001322372918.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001322372918.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001322372918.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001322379488.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001322379488.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001322379488.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001322379488.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001335457246.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001335457246.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001335457246.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001335457246.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001335816300.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001335816300.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001335816300.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001335816300.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001336448570.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001336448570.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001336448570.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001336448570.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001336729664.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001336729664.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001336729664.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001336729664.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337000118.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337000118.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337000118.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337000118.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337039920.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337039920.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337039920.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337039920.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337051916.jpg b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337051916.jpg similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337051916.jpg rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337051916.jpg diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337053248.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337053248.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337053248.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337053248.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337172594.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337172594.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337172594.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337172594.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337212144.jpg b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337212144.jpg similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337212144.jpg rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337212144.jpg diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337260780.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337260780.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337260780.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337260780.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337268560.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337268560.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337268560.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337268560.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337268820.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337268820.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337268820.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337268820.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337419960.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337419960.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337419960.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337419960.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337420372.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337420372.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337420372.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337420372.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337422904.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337422904.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337422904.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337422904.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337424024.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337424024.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337424024.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337424024.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337424304.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337424304.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337424304.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337424304.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337427216.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337427216.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337427216.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337427216.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337427392.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337427392.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337427392.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337427392.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337533690.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337533690.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337533690.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337533690.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337536842.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337536842.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337536842.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337536842.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337579708.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337579708.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337579708.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337579708.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337580216.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337580216.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337580216.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337580216.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337584296.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337584296.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337584296.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337584296.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337696078.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337696078.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337696078.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337696078.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337740252.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337740252.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337740252.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337740252.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337740540.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337740540.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337740540.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337740540.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337747132.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337747132.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337747132.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337747132.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337748300.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337748300.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337748300.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337748300.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001337748528.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337748528.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001337748528.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001337748528.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001372249333.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001372249333.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001372249333.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001372249333.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001372748125.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001372748125.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001372748125.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001372748125.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001372821865.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001372821865.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001372821865.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001372821865.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001372824637.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001372824637.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001372824637.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001372824637.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001373373585.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001373373585.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001373373585.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001373373585.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001373379529.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001373379529.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001373379529.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001373379529.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001384808269.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001384808269.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001384808269.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001384808269.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001385585749.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001385585749.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001385585749.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001385585749.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001385611905.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001385611905.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001385611905.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001385611905.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001385905845.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001385905845.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001385905845.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001385905845.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001386149037.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001386149037.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001386149037.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001386149037.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001386699925.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001386699925.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001386699925.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001386699925.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387293085.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387293085.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387293085.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387293085.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387413509.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387413509.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387413509.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387413509.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387413793.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387413793.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387413793.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387413793.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387415629.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387415629.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387415629.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387415629.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387691985.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387691985.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387691985.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387691985.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387692269.jpg b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387692269.jpg similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387692269.jpg rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387692269.jpg diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387692893.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387692893.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387692893.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387692893.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387755969.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387755969.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387755969.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387755969.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387780357.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387780357.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387780357.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387780357.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387784693.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387784693.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387784693.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387784693.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387787605.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387787605.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387787605.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387787605.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387855149.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387855149.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387855149.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387855149.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387857005.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387857005.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387857005.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387857005.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387902849.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387902849.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387902849.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387902849.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387907229.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387907229.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387907229.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387907229.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387908045.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387908045.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387908045.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387908045.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387908453.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387908453.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387908453.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387908453.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001387961737.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387961737.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001387961737.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001387961737.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001388020197.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388020197.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001388020197.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388020197.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001388024321.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388024321.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001388024321.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388024321.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001388024397.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388024397.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001388024397.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388024397.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001388028161.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388028161.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001388028161.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388028161.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001388028537.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388028537.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001388028537.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388028537.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001388184025.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388184025.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001388184025.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388184025.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001388187249.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388187249.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001388187249.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388187249.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001388187325.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388187325.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001388187325.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388187325.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001388188365.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388188365.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001388188365.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388188365.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001388241577.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388241577.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001388241577.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388241577.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001388972645.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388972645.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001388972645.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001388972645.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_image_0000001389098425.png b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001389098425.png similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_image_0000001389098425.png rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_image_0000001389098425.png diff --git a/docs/zh/docs/ops_guide/images/zh-cn_other_0000001337581224.jpeg b/docs/zh/docs/server/maintenance/common_skills/images/zh-cn_other_0000001337581224.jpeg similarity index 100% rename from docs/zh/docs/ops_guide/images/zh-cn_other_0000001337581224.jpeg rename to docs/zh/docs/server/maintenance/common_skills/images/zh-cn_other_0000001337581224.jpeg diff --git "a/docs/zh/docs/ops_guide/\344\277\241\346\201\257\346\224\266\351\233\206.md" b/docs/zh/docs/server/maintenance/common_skills/information-collection.md similarity index 100% rename from "docs/zh/docs/ops_guide/\344\277\241\346\201\257\346\224\266\351\233\206.md" rename to docs/zh/docs/server/maintenance/common_skills/information-collection.md diff --git a/docs/zh/docs/server/maintenance/common_tools/_toc.yaml b/docs/zh/docs/server/maintenance/common_tools/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fca1303f143f1fbc01969289da54c7294d15dfab --- /dev/null +++ b/docs/zh/docs/server/maintenance/common_tools/_toc.yaml @@ -0,0 +1,6 @@ +label: 常用定位定界工具 +isManual: true +description: 常用定位定界工具,包括 ftrace,strace 和 kdump +sections: + - label: 常用定位定界工具 + href: ./commonly-used-tools.md diff --git "a/docs/zh/docs/ops_guide/\345\270\270\347\224\250\345\267\245\345\205\267.md" b/docs/zh/docs/server/maintenance/common_tools/commonly-used-tools.md similarity index 100% rename from "docs/zh/docs/ops_guide/\345\270\270\347\224\250\345\267\245\345\205\267.md" rename to docs/zh/docs/server/maintenance/common_tools/commonly-used-tools.md diff --git a/docs/zh/docs/server/maintenance/common_tools/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/zh/docs/server/maintenance/common_tools/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001321685172.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322112990.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322219840.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322372918.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322379488.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001335457246.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001335816300.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001336448570.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001336729664.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337000118.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337039920.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337051916.jpg b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337053248.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337172594.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337212144.jpg b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337260780.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337268560.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337268820.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337419960.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337420372.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337422904.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337424024.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337424304.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337427216.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337427392.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337533690.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337536842.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337579708.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337580216.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337584296.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337696078.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337740252.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337740540.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337747132.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337748300.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337748528.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372249333.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372748125.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372821865.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372824637.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001373373585.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001373379529.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001384808269.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001385585749.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001385611905.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001385905845.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001386149037.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001386699925.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387293085.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387413509.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387413793.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387415629.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387691985.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387692269.jpg b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387692893.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387755969.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387780357.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387784693.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387787605.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387855149.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387857005.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387902849.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387907229.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387908045.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387908453.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387961737.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388020197.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388024321.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388024397.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388028161.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388028537.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388184025.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388187249.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388187325.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388188365.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388241577.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388972645.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001389098425.png b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_other_0000001337581224.jpeg b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/zh/docs/server/maintenance/common_tools/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/zh/docs/server/maintenance/gala/_toc.yaml b/docs/zh/docs/server/maintenance/gala/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..dc3927d3ed4f2fc2bd437ec67da8dce723840be9 --- /dev/null +++ b/docs/zh/docs/server/maintenance/gala/_toc.yaml @@ -0,0 +1,10 @@ +label: gala用户指南 +isManual: true +description: 故障智能检测、性能数据采集分析以及资源监测管理 +sections: + - label: 使用gala-anteater + href: ./using-gala-anteater.md + - label: 使用gala-gopher + href: ./using-gala-gopher.md + - label: 使用gala-spider + href: ./using-gala-spider.md diff --git "a/docs/zh/docs/server/maintenance/gala/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" "b/docs/zh/docs/server/maintenance/gala/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..047c6f1bfe3e38c66d34285563d910f6f3bd07e1 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/a-ops\350\275\257\344\273\266\346\236\266\346\236\204.png" differ diff --git a/docs/zh/docs/server/maintenance/gala/figures/chakanyuqi.png b/docs/zh/docs/server/maintenance/gala/figures/chakanyuqi.png new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and b/docs/zh/docs/server/maintenance/gala/figures/chakanyuqi.png differ diff --git a/docs/zh/docs/server/maintenance/gala/figures/chaxunshijipeizhi.png b/docs/zh/docs/server/maintenance/gala/figures/chaxunshijipeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and b/docs/zh/docs/server/maintenance/gala/figures/chaxunshijipeizhi.png differ diff --git a/docs/zh/docs/server/maintenance/gala/figures/chuangjianyewuyu.png b/docs/zh/docs/server/maintenance/gala/figures/chuangjianyewuyu.png new file mode 100644 index 0000000000000000000000000000000000000000..4f5b8de2d2c4ddb9bfdfba1ac17258a834561e2d Binary files /dev/null and b/docs/zh/docs/server/maintenance/gala/figures/chuangjianyewuyu.png differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" "b/docs/zh/docs/server/maintenance/gala/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" new file mode 100644 index 0000000000000000000000000000000000000000..ab16e9d3661db3fd4adc6c605b2d2d08e79fdc1c Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/gala-gopher\346\210\220\345\212\237\345\220\257\345\212\250\347\212\266\346\200\201.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/zh/docs/server/maintenance/gala/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..c5a0768be63a98ef7ccc4a56996a8c715f7090af Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/gala-spider\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" "b/docs/zh/docs/server/maintenance/gala/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..f151965a21d11dd7a3e215cc4ef23d70d059f4b1 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/gopher\350\275\257\344\273\266\346\236\266\346\236\204\345\233\276.png" differ diff --git a/docs/zh/docs/server/maintenance/gala/figures/group.PNG b/docs/zh/docs/server/maintenance/gala/figures/group.PNG new file mode 100644 index 0000000000000000000000000000000000000000..584fd1f7195694a3419482cace2a71fa1cd9a3ec Binary files /dev/null and b/docs/zh/docs/server/maintenance/gala/figures/group.PNG differ diff --git a/docs/zh/docs/Quickstart/public_sys-resources/icon-note.gif b/docs/zh/docs/server/maintenance/gala/figures/icon-note.gif similarity index 100% rename from docs/zh/docs/Quickstart/public_sys-resources/icon-note.gif rename to docs/zh/docs/server/maintenance/gala/figures/icon-note.gif diff --git a/docs/zh/docs/server/maintenance/gala/figures/shanchupeizhi.png b/docs/zh/docs/server/maintenance/gala/figures/shanchupeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and b/docs/zh/docs/server/maintenance/gala/figures/shanchupeizhi.png differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" "b/docs/zh/docs/server/maintenance/gala/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..5823a116f384801e1197350f151b4d04ef519ac4 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/spider\346\213\223\346\211\221\345\205\263\347\263\273\345\233\276.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/zh/docs/server/maintenance/gala/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..bbd0600fc5c913198dfe1e1bf2aba9c652576a98 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/syscare\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" differ diff --git a/docs/zh/docs/server/maintenance/gala/figures/tianjianode.png b/docs/zh/docs/server/maintenance/gala/figures/tianjianode.png new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and b/docs/zh/docs/server/maintenance/gala/figures/tianjianode.png differ diff --git a/docs/zh/docs/server/maintenance/gala/figures/xinzengpeizhi.png b/docs/zh/docs/server/maintenance/gala/figures/xinzengpeizhi.png new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and b/docs/zh/docs/server/maintenance/gala/figures/xinzengpeizhi.png differ diff --git a/docs/zh/docs/server/maintenance/gala/figures/zhuangtaichaxun.png b/docs/zh/docs/server/maintenance/gala/figures/zhuangtaichaxun.png new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and b/docs/zh/docs/server/maintenance/gala/figures/zhuangtaichaxun.png differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..bd179be46c9e711d7148ee44dc56f4a7a02f56bf Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/app\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..23ff4e5fddb87ac157b1002a70c47d9b4c76b873 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\344\277\256\346\224\271\346\250\241\345\236\213.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..1a2b45e860914a1ac0cfb6908b02fb5cad4cbd60 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\210\233\345\273\272\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..89ac88e154275d4be8179d773e7093f2357f425f Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246.jpg" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..57844f772853c541f7a1328b007a9b6ae4d5caf0 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\347\241\256\350\256\244.jpg" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..5b4830b47897a0d51be28238a879a70b1de9ca3b Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\221\212\350\255\246\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..17fb5b13034e1fc5276c68583fed1952415b0b5f Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201.jpg" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" new file mode 100644 index 0000000000000000000000000000000000000000..458e023847bb2ad1f198f5a2dd1691748038137e Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\267\245\344\275\234\346\265\201\350\257\246\346\203\205.jpg" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..aa34bb909ee7c86a95126c13fa532ce93410a931 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\225\205\351\232\234\350\257\212\346\226\255/\345\272\224\347\224\250.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..05859540cb88e11bd8dedaeb8e03253254574c40 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/CVE\350\257\246\346\203\205\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..f556e0e7e3c4096a89597cb08ba29133375aab07 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/cve\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..801c7f917d717499c86708b419101be3773348ac Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\212\344\274\240\345\256\211\345\205\250\345\205\254\345\221\212.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..0719bb8c0b71d0503d5d3a7d8e9e83da71169c64 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..21c9468ce4378bcadf537e543c756cf7a1347499 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..9cfd080d1a658544c559e83429a14b35dc931fc6 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..7ca43b0a82b7c4dd3e43a5e46cf3b4a79d55d033 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" new file mode 100644 index 0000000000000000000000000000000000000000..b9acfbcd7d8e3b2b551c8bb9700142dfba681afe Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\344\277\256\345\244\215\344\273\273\345\212\241\346\212\245\345\221\212.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..6bc8cc31e05d06dbd5ee4c0f62f281683db048da Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\345\233\236\346\273\232\344\273\273\345\212\241\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..3bf992f586f7fb4d87bc01cc29f961755a315c9d Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\267\273\345\212\240repo\346\272\220.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" new file mode 100644 index 0000000000000000000000000000000000000000..f73ccaf984e8ab55f8b78f7da5a570ce43685221 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\346\274\217\346\264\236\346\211\253\346\217\217.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..b183298d96b8ced8954852540c891310aeda05be Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\344\277\256\345\244\215\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8aa813bc228326b3e8db19e303e03507873a893 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\345\233\236\346\273\232\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" new file mode 100644 index 0000000000000000000000000000000000000000..8ccebe84f60b21737414b2cb3f972472114a40c5 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\347\224\237\346\210\220\347\203\255\350\241\245\344\270\201\347\247\273\351\231\244\344\273\273\345\212\241.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..619cc6d42b646df3d9c4e601f40a6ec452712668 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\350\256\276\347\275\256repo\346\272\220.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" new file mode 100644 index 0000000000000000000000000000000000000000..34b1d4095b8c017f3c66ebfb3c44d114bc8d6ca7 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\346\274\217\346\264\236\347\256\241\347\220\206/\351\202\256\344\273\266\351\200\232\347\237\245.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" "b/docs/zh/docs/server/maintenance/gala/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" new file mode 100644 index 0000000000000000000000000000000000000000..f5f8a3a95705145787e7aaf9c8d1fff404892240 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\347\203\255\350\241\245\344\270\201\347\212\266\346\200\201\345\233\276.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..b8f0a87e00d73961907167fcbe43d82b60caf445 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" new file mode 100644 index 0000000000000000000000000000000000000000..ce25657a0627e9dfc3dc9ebf323e086103c2ecdf Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\256\241\347\220\206-\346\267\273\345\212\240.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" new file mode 100644 index 0000000000000000000000000000000000000000..2f2e2e67a98a16e1ad464c794a8ef45ebb229d7f Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\345\206\205\344\270\273\346\234\272\346\237\245\347\234\213.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" new file mode 100644 index 0000000000000000000000000000000000000000..94c9b65719050b79d2cdb9d1e8f67c459925cda7 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\273\204\347\256\241\347\220\206\345\210\227\350\241\250.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..7e4f0da4e88da6f18495a4fb23bd400d0da0a8da Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\347\274\226\350\276\221\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" new file mode 100644 index 0000000000000000000000000000000000000000..1ee8f7bb2456efe6318074f46f5008da355a2cb1 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\344\270\273\346\234\272\350\257\246\346\203\205.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" new file mode 100644 index 0000000000000000000000000000000000000000..a916eebf306cca9ffa54f733143a0ac2c44313a4 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\345\267\245\344\275\234\345\217\260.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" new file mode 100644 index 0000000000000000000000000000000000000000..31684136510cfe6248adf9b8cd086140ab5b26ef Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\226\207\344\273\266\350\247\243\346\236\220.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" new file mode 100644 index 0000000000000000000000000000000000000000..df3991eb16d32d9f2296fbb36873ff26bc82fa18 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240-\346\267\273\345\212\240\347\273\223\346\236\234.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" new file mode 100644 index 0000000000000000000000000000000000000000..c83daeeb5f8a4d9ab4f40e3debbe7a96f427ce74 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\211\271\351\207\217\346\267\273\345\212\240\344\270\273\346\234\272.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..5ab697c8f9c292097356a26140750f7f615c5d81 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\214\207\346\240\207\346\263\242\345\275\242.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" new file mode 100644 index 0000000000000000000000000000000000000000..4bde1fd7330491fda6f4ed73a2be2e8c0bfabc8d Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\217\222\344\273\266\345\274\200\345\205\263.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" new file mode 100644 index 0000000000000000000000000000000000000000..2890e4934ba903324ea134d3ebee85307665270e Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\346\267\273\345\212\240\344\270\273\346\234\272\347\273\204.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" new file mode 100644 index 0000000000000000000000000000000000000000..24f94c0a9ff05897b01786aa4bc8adfe4bc8db09 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\350\265\204\344\272\247\347\256\241\347\220\206/\347\231\273\351\231\206\347\225\214\351\235\242.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" new file mode 100644 index 0000000000000000000000000000000000000000..bbead6a91468d5dee570cfdc66faf9a4ab155d7c Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chakanyuqi.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..d5f6e450fc0e1e246492ca71a6fcd8db572eb469 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chaxunshijipeizhi.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" new file mode 100644 index 0000000000000000000000000000000000000000..8849a2fc81dbd14328c6c66c53033164a0b67b52 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/chuangjianyewuyu.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" new file mode 100644 index 0000000000000000000000000000000000000000..e1e518157f8def332adfa5516b37fdb89768499c Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/conf_file_trace.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" new file mode 100644 index 0000000000000000000000000000000000000000..c8c229bf41b27f1fe6629106957fd5e47851096d Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/peizhitongbu.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..cfea2eb44f7b8aa809404b8b49b4bd2e24172568 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/shanchupeizhi.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" new file mode 100644 index 0000000000000000000000000000000000000000..d68f5e12a62548f2ec59374bda9ab07f43b8b5cb Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/tianjianode.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" new file mode 100644 index 0000000000000000000000000000000000000000..18d71c2e099c19b5d28848eec6a8d11f29ccee27 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/xinzengpeizhi.png" differ diff --git "a/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" new file mode 100644 index 0000000000000000000000000000000000000000..a3d0b3294bf6e0eeec50a2c2f8c5059bdc256376 Binary files /dev/null and "b/docs/zh/docs/server/maintenance/gala/figures/\351\205\215\347\275\256\346\272\257\346\272\220/zhuangtaichaxun.png" differ diff --git "a/docs/zh/docs/A-Ops/gala-anteater\344\275\277\347\224\250\346\211\213\345\206\214.md" b/docs/zh/docs/server/maintenance/gala/using-gala-anteater.md similarity index 98% rename from "docs/zh/docs/A-Ops/gala-anteater\344\275\277\347\224\250\346\211\213\345\206\214.md" rename to docs/zh/docs/server/maintenance/gala/using-gala-anteater.md index 5800f32170628bfa1fbaf9886dd2eb9d43a3563b..a672e4bba276eeffca8bdc4952a6b600608a8397 100644 --- "a/docs/zh/docs/A-Ops/gala-anteater\344\275\277\347\224\250\346\211\213\345\206\214.md" +++ b/docs/zh/docs/server/maintenance/gala/using-gala-anteater.md @@ -1,220 +1,220 @@ -# gala-anteater使用手册 - -gala-anteater是一款基于AI的操作系统异常检测平台。主要提供时序数据预处理、异常点发现、异常上报等功能。基于线下预训练、线上模型的增量学习与模型更新,能够很好地适用于多维多模态数据故障诊断。 - -本文主要介绍如何部署和使用gala-anteater服务,检测训练集群中的慢节点/慢卡。 - -## 安装 - -挂载repo源: - -```basic -[everything] -name=everything -baseurl=http://121.36.84.172/dailybuild/EBS-openEuler-24.03-LTS-SP1/rc4_openeuler-2024-12-05-15-40-49/everything/$basearch/ -enabled=1 -gpgcheck=0 -priority=1 - -[EPOL] -name=EPOL -baseurl=http://repo.openeuler.org/EBS-openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ -enabled=1 -gpgcheck=0 -priority=1 - -``` - -安装gala-anteater: - -```bash -yum install gala-anteater -``` - -## 配置 - ->![](./figures/icon-note.gif)**说明:** -> ->gala-anteater采用配置的config文件设置参数启动,配置文件位置: /etc/gala-anteater/config/gala-anteater.yaml。 - -### 配置文件默认参数 - -```yaml -Global: - data_source: "prometheus" - -Arangodb: - url: "http://localhost:8529" - db_name: "spider" - -Kafka: - server: "192.168.122.100" - port: "9092" - model_topic: "gala_anteater_hybrid_model" - rca_topic: "gala_cause_inference" - meta_topic: "gala_gopher_metadata" - group_id: "gala_anteater_kafka" - # auth_type: plaintext/sasl_plaintext, please set "" for no auth - auth_type: "" - username: "" - password: "" - -Prometheus: - server: "localhost" - port: "9090" - steps: "5" - -Aom: - base_url: "" - project_id: "" - auth_type: "token" - auth_info: - iam_server: "" - iam_domain: "" - iam_user_name: "" - iam_password: "" - ssl_verify: 0 - -Schedule: - duration: 1 - -Suppression: - interval: 10 -``` - -| 参数 | 含义 | 默认值 | -| ----------- | ------------------------------------------------------------ | ---------------------------- | -| Global | 全局配置 | 字典类型 | -| data_source | 设置数据来源 | "prometheus" | -| Arangodb | Arangodb图数据库配置信息 | 字典类型 | -| url | 图数据库Arangodb的ip地址 | "http://localhost:8529" | -| db_name | 图数据库名 | "spider" | -| Kafka | kafka配置信息 | 字典类型 | -| server | Kafka Server的ip地址,根据安装节点ip配置 | "192.168.122.100" | -| port | Kafka Server的port,如:9092 | "9092" | -| model_topic | 故障检测结果上报topic | "gala_anteater_hybrid_model" | -| rca_topic | 根因定位结果上报topic | "gala_cause_inference" | -| meta_topic | gopher采集指标数据topic | "gala_gopher_metadata" | -| group_id | kafka设置组名 | "gala_anteater_kafka" | -| Prometheus | 数据源prometheus配置信息 | 字典类型 | -| server | Prometheus Server的ip地址,根据安装节点ip配置 | "localhost" | -| port | Prometheus Server的port,如:9090 | "9090" | -| steps | 指标采样间隔 | "5" | -| Schedule | 循环调度配置信息 | 字典类型 | -| duration | 异常检测模型执行频率(单位:分),每x分钟,检测一次 | 1 | -| Suppression | 告警抑制配置信息 | 字典类型 | -| interval | 告警抑制间隔(单位: 分),表示距离上一次告警x分钟内相同告警过滤 | 10 | - -## 启动 - -执行如下命令启动gala-anteater - -``` -systemctl start gala-anteater -``` - ->![](./figures/icon-note.gif)**说明:** -> ->gala-anteater支持启动一个进程实例,启动多个会导致内存占用过大,日志混乱。 - -### 查询gala-anteater服务慢节点检测执行状态 - -若日志显示如下内容,说明慢节点正常运行,启动日志也会保存到当前运行目录下`/var/log/gala-anteater/gala-anteater.log`文件中。 - -```log -2024-12-02 16:25:20,727 - INFO - anteater - Groups-0, metric: npu_chip_info_hbm_used_memory, start detection. -2024-12-02 16:25:20,735 - INFO - anteater - Metric-npu_chip_info_hbm_used_memory single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] -2024-12-02 16:25:20,739 - INFO - anteater - work on npu_chip_info_hbm_used_memory, slow_node_detection start. -2024-12-02 16:25:21,128 - INFO - anteater - time_node_compare result: []. -2024-12-02 16:25:21,137 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] -2024-12-02 16:25:21,139 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] -2024-12-02 16:25:21,141 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] -2024-12-02 16:25:21,142 - INFO - anteater - space_nodes_compare result: []. -2024-12-02 16:25:21,142 - INFO - anteater - Time and space aggregated result: []. -2024-12-02 16:25:21,144 - INFO - anteater - work on npu_chip_info_hbm_used_memory, slow_node_detection end. - -2024-12-02 16:25:21,144 - INFO - anteater - Groups-0, metric: npu_chip_info_aicore_current_freq, start detection. -2024-12-02 16:25:21,153 - INFO - anteater - Metric-npu_chip_info_aicore_current_freq single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] -2024-12-02 16:25:21,157 - INFO - anteater - work on npu_chip_info_aicore_current_freq, slow_node_detection start. -2024-12-02 16:25:21,584 - INFO - anteater - time_node_compare result: []. -2024-12-02 16:25:21,592 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] -2024-12-02 16:25:21,594 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] -2024-12-02 16:25:21,597 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] -2024-12-02 16:25:21,598 - INFO - anteater - space_nodes_compare result: []. -2024-12-02 16:25:21,598 - INFO - anteater - Time and space aggregated result: []. -2024-12-02 16:25:21,598 - INFO - anteater - work on npu_chip_info_aicore_current_freq, slow_node_detection end. - -2024-12-02 16:25:21,598 - INFO - anteater - Groups-0, metric: npu_chip_roce_tx_err_pkt_num, start detection. -2024-12-02 16:25:21,607 - INFO - anteater - Metric-npu_chip_roce_tx_err_pkt_num single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] -2024-12-02 16:25:21,611 - INFO - anteater - work on npu_chip_roce_tx_err_pkt_num, slow_node_detection start. -2024-12-02 16:25:22,040 - INFO - anteater - time_node_compare result: []. -2024-12-02 16:25:22,040 - INFO - anteater - Skip space nodes compare. -2024-12-02 16:25:22,040 - INFO - anteater - Time and space aggregated result: []. -2024-12-02 16:25:22,040 - INFO - anteater - work on npu_chip_roce_tx_err_pkt_num, slow_node_detection end. - -2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 1/9 -2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 2/9 -2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 3/9 -2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 4/9 -2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 5/9 -2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 6/9 -2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 7/9 -2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 8/9 -2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 9/9 -2024-12-02 16:25:22,043 - INFO - anteater - SlowNodeDetector._execute costs 1.83 seconds! -2024-12-02 16:25:22,043 - INFO - anteater - END! -``` - -## 异常检测输出数据 - -gala-anteater如果检测到异常点,会将结果输出至kafka的model_topic,输出数据格式如下: - -```json -{ - "Timestamp": 1730732076935, - "Attributes": { - "resultCode": 201, - "compute": false, - "network": false, - "storage": true, - "abnormalDetail": [{ - "objectId": "-1", - "serverIp": "96.13.19.31", - "deviceInfo": "96.13.19.31:8888*-1", - "kpiId": "gala_gopher_disk_wspeed_kB", - "methodType": "TIME", - "kpiData": [], - "relaIds": [], - "omittedDevices": [] - }], - "normalDetail": [], - "errorMsg": "" - }, - "SeverityText": "WARN", - "SeverityNumber": 13, - "is_anomaly": true -} -``` - -## 输出字段说明 - -| 输出字段 | 单位 | 含义 | -| -------------- | ------ | ----------------------------------------------------- | -| Timestamp | ms | 检测到故障上报的时刻 | -| resultCode | int | 故障码,201表示故障,200表示无故障 | -| compute | bool | 故障类型是否为计算类型 | -| network | bool | 故障类型是否为网络类型 | -| storage | bool | 故障类型是否为存储类型 | -| abnormalDetail | list | 表示故障的细节 | -| objectId | int | 故障对象id,-1表示节点故障,0-7表示具体的故障卡号 | -| serverIp | string | 故障对象ip | -| deviceInfo | string | 详细的故障信息 | -| kpiId | string | 检测到故障的算法类型,"TIME", "SPACE" | -| kpiData | list | 故障时序数据,需开关打开,默认关闭 | -| relaIds | list | 故障卡关联的正常卡,表示在”SPACE“算法下对比的正常卡号 | -| omittedDevices | list | 忽略显示的卡号 | -| normalDetail | list | 正常卡的时序数据 | -| errorMsg | string | 错误信息 | -| SeverityText | string | 错误类型,表示"WARN", "ERROR" | -| SeverityNumber | int | 错误等级 | +# gala-anteater使用手册 + +gala-anteater是一款基于AI的操作系统异常检测平台。主要提供时序数据预处理、异常点发现、异常上报等功能。基于线下预训练、线上模型的增量学习与模型更新,能够很好地适用于多维多模态数据故障诊断。 + +本文主要介绍如何部署和使用gala-anteater服务,检测训练集群中的慢节点/慢卡。 + +## 安装 + +挂载repo源: + +```basic +[everything] +name=everything +baseurl=http://121.36.84.172/dailybuild/EBS-openEuler-24.03-LTS-SP1/rc4_openeuler-2024-12-05-15-40-49/everything/$basearch/ +enabled=1 +gpgcheck=0 +priority=1 + +[EPOL] +name=EPOL +baseurl=http://repo.openeuler.org/EBS-openEuler-24.03-LTS-SP1/EPOL/main/$basearch/ +enabled=1 +gpgcheck=0 +priority=1 + +``` + +安装gala-anteater: + +```bash +yum install gala-anteater +``` + +## 配置 + +>![](./figures/icon-note.gif)**说明:** +> +>gala-anteater采用配置的config文件设置参数启动,配置文件位置: /etc/gala-anteater/config/gala-anteater.yaml。 + +### 配置文件默认参数 + +```yaml +Global: + data_source: "prometheus" + +Arangodb: + url: "http://localhost:8529" + db_name: "spider" + +Kafka: + server: "192.168.122.100" + port: "9092" + model_topic: "gala_anteater_hybrid_model" + rca_topic: "gala_cause_inference" + meta_topic: "gala_gopher_metadata" + group_id: "gala_anteater_kafka" + # auth_type: plaintext/sasl_plaintext, please set "" for no auth + auth_type: "" + username: "" + password: "" + +Prometheus: + server: "localhost" + port: "9090" + steps: "5" + +Aom: + base_url: "" + project_id: "" + auth_type: "token" + auth_info: + iam_server: "" + iam_domain: "" + iam_user_name: "" + iam_password: "" + ssl_verify: 0 + +Schedule: + duration: 1 + +Suppression: + interval: 10 +``` + +| 参数 | 含义 | 默认值 | +| ----------- | ------------------------------------------------------------ | ---------------------------- | +| Global | 全局配置 | 字典类型 | +| data_source | 设置数据来源 | "prometheus" | +| Arangodb | Arangodb图数据库配置信息 | 字典类型 | +| url | 图数据库Arangodb的ip地址 | "http://localhost:8529" | +| db_name | 图数据库名 | "spider" | +| Kafka | kafka配置信息 | 字典类型 | +| server | Kafka Server的ip地址,根据安装节点ip配置 | "192.168.122.100" | +| port | Kafka Server的port,如:9092 | "9092" | +| model_topic | 故障检测结果上报topic | "gala_anteater_hybrid_model" | +| rca_topic | 根因定位结果上报topic | "gala_cause_inference" | +| meta_topic | gopher采集指标数据topic | "gala_gopher_metadata" | +| group_id | kafka设置组名 | "gala_anteater_kafka" | +| Prometheus | 数据源prometheus配置信息 | 字典类型 | +| server | Prometheus Server的ip地址,根据安装节点ip配置 | "localhost" | +| port | Prometheus Server的port,如:9090 | "9090" | +| steps | 指标采样间隔 | "5" | +| Schedule | 循环调度配置信息 | 字典类型 | +| duration | 异常检测模型执行频率(单位:分),每x分钟,检测一次 | 1 | +| Suppression | 告警抑制配置信息 | 字典类型 | +| interval | 告警抑制间隔(单位: 分),表示距离上一次告警x分钟内相同告警过滤 | 10 | + +## 启动 + +执行如下命令启动gala-anteater + +``` +systemctl start gala-anteater +``` + +>![](./figures/icon-note.gif)**说明:** +> +>gala-anteater支持启动一个进程实例,启动多个会导致内存占用过大,日志混乱。 + +### 查询gala-anteater服务慢节点检测执行状态 + +若日志显示如下内容,说明慢节点正常运行,启动日志也会保存到当前运行目录下`/var/log/gala-anteater/gala-anteater.log`文件中。 + +```log +2024-12-02 16:25:20,727 - INFO - anteater - Groups-0, metric: npu_chip_info_hbm_used_memory, start detection. +2024-12-02 16:25:20,735 - INFO - anteater - Metric-npu_chip_info_hbm_used_memory single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] +2024-12-02 16:25:20,739 - INFO - anteater - work on npu_chip_info_hbm_used_memory, slow_node_detection start. +2024-12-02 16:25:21,128 - INFO - anteater - time_node_compare result: []. +2024-12-02 16:25:21,137 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] +2024-12-02 16:25:21,139 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] +2024-12-02 16:25:21,141 - INFO - anteater - dnscan labels: [-1 0 0 0 -1 0 -1 -1] +2024-12-02 16:25:21,142 - INFO - anteater - space_nodes_compare result: []. +2024-12-02 16:25:21,142 - INFO - anteater - Time and space aggregated result: []. +2024-12-02 16:25:21,144 - INFO - anteater - work on npu_chip_info_hbm_used_memory, slow_node_detection end. + +2024-12-02 16:25:21,144 - INFO - anteater - Groups-0, metric: npu_chip_info_aicore_current_freq, start detection. +2024-12-02 16:25:21,153 - INFO - anteater - Metric-npu_chip_info_aicore_current_freq single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] +2024-12-02 16:25:21,157 - INFO - anteater - work on npu_chip_info_aicore_current_freq, slow_node_detection start. +2024-12-02 16:25:21,584 - INFO - anteater - time_node_compare result: []. +2024-12-02 16:25:21,592 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] +2024-12-02 16:25:21,594 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] +2024-12-02 16:25:21,597 - INFO - anteater - dnscan labels: [0 0 0 0 0 0 0 0] +2024-12-02 16:25:21,598 - INFO - anteater - space_nodes_compare result: []. +2024-12-02 16:25:21,598 - INFO - anteater - Time and space aggregated result: []. +2024-12-02 16:25:21,598 - INFO - anteater - work on npu_chip_info_aicore_current_freq, slow_node_detection end. + +2024-12-02 16:25:21,598 - INFO - anteater - Groups-0, metric: npu_chip_roce_tx_err_pkt_num, start detection. +2024-12-02 16:25:21,607 - INFO - anteater - Metric-npu_chip_roce_tx_err_pkt_num single group has data 8. ranks: [0, 1, 2, 3, 4, 5, 6, 7] +2024-12-02 16:25:21,611 - INFO - anteater - work on npu_chip_roce_tx_err_pkt_num, slow_node_detection start. +2024-12-02 16:25:22,040 - INFO - anteater - time_node_compare result: []. +2024-12-02 16:25:22,040 - INFO - anteater - Skip space nodes compare. +2024-12-02 16:25:22,040 - INFO - anteater - Time and space aggregated result: []. +2024-12-02 16:25:22,040 - INFO - anteater - work on npu_chip_roce_tx_err_pkt_num, slow_node_detection end. + +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 1/9 +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 2/9 +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 3/9 +2024-12-02 16:25:22,041 - INFO - anteater - accomplishment: 4/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 5/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 6/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 7/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 8/9 +2024-12-02 16:25:22,042 - INFO - anteater - accomplishment: 9/9 +2024-12-02 16:25:22,043 - INFO - anteater - SlowNodeDetector._execute costs 1.83 seconds! +2024-12-02 16:25:22,043 - INFO - anteater - END! +``` + +## 异常检测输出数据 + +gala-anteater如果检测到异常点,会将结果输出至kafka的model_topic,输出数据格式如下: + +```json +{ + "Timestamp": 1730732076935, + "Attributes": { + "resultCode": 201, + "compute": false, + "network": false, + "storage": true, + "abnormalDetail": [{ + "objectId": "-1", + "serverIp": "96.13.19.31", + "deviceInfo": "96.13.19.31:8888*-1", + "kpiId": "gala_gopher_disk_wspeed_kB", + "methodType": "TIME", + "kpiData": [], + "relaIds": [], + "omittedDevices": [] + }], + "normalDetail": [], + "errorMsg": "" + }, + "SeverityText": "WARN", + "SeverityNumber": 13, + "is_anomaly": true +} +``` + +## 输出字段说明 + +| 输出字段 | 单位 | 含义 | +| -------------- | ------ | ----------------------------------------------------- | +| Timestamp | ms | 检测到故障上报的时刻 | +| resultCode | int | 故障码,201表示故障,200表示无故障 | +| compute | bool | 故障类型是否为计算类型 | +| network | bool | 故障类型是否为网络类型 | +| storage | bool | 故障类型是否为存储类型 | +| abnormalDetail | list | 表示故障的细节 | +| objectId | int | 故障对象id,-1表示节点故障,0-7表示具体的故障卡号 | +| serverIp | string | 故障对象ip | +| deviceInfo | string | 详细的故障信息 | +| kpiId | string | 检测到故障的算法类型,"TIME", "SPACE" | +| kpiData | list | 故障时序数据,需开关打开,默认关闭 | +| relaIds | list | 故障卡关联的正常卡,表示在”SPACE“算法下对比的正常卡号 | +| omittedDevices | list | 忽略显示的卡号 | +| normalDetail | list | 正常卡的时序数据 | +| errorMsg | string | 错误信息 | +| SeverityText | string | 错误类型,表示"WARN", "ERROR" | +| SeverityNumber | int | 错误等级 | | is_anomaly | bool | 表示是否故障 | \ No newline at end of file diff --git "a/docs/zh/docs/A-Ops/gala-gopher\344\275\277\347\224\250\346\211\213\345\206\214.md" b/docs/zh/docs/server/maintenance/gala/using-gala-gopher.md similarity index 100% rename from "docs/zh/docs/A-Ops/gala-gopher\344\275\277\347\224\250\346\211\213\345\206\214.md" rename to docs/zh/docs/server/maintenance/gala/using-gala-gopher.md diff --git "a/docs/zh/docs/A-Ops/gala-spider\344\275\277\347\224\250\346\211\213\345\206\214.md" b/docs/zh/docs/server/maintenance/gala/using-gala-spider.md similarity index 100% rename from "docs/zh/docs/A-Ops/gala-spider\344\275\277\347\224\250\346\211\213\345\206\214.md" rename to docs/zh/docs/server/maintenance/gala/using-gala-spider.md diff --git a/docs/zh/docs/server/maintenance/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/zh/docs/server/maintenance/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001321685172.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322112990.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322219840.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322372918.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322379488.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001335457246.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001335816300.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001336448570.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001336729664.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337000118.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337039920.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337051916.jpg b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337053248.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337172594.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337212144.jpg b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337260780.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337268560.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337268820.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337419960.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337420372.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337422904.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337424024.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337424304.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337427216.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337427392.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337533690.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337536842.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337579708.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337580216.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337584296.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337696078.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337740252.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337740540.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337747132.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337748300.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337748528.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372249333.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372748125.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372821865.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372824637.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001373373585.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001373379529.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001384808269.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001385585749.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001385611905.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001385905845.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001386149037.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001386699925.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387293085.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387413509.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387413793.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387415629.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387691985.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387692269.jpg b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387692893.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387755969.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387780357.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387784693.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387787605.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387855149.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387857005.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387902849.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387907229.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387908045.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387908453.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387961737.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388020197.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388024321.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388024397.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388028161.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388028537.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388184025.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388187249.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388187325.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388188365.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388241577.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388972645.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001389098425.png b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/zh/docs/server/maintenance/images/zh-cn_other_0000001337581224.jpeg b/docs/zh/docs/server/maintenance/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/zh/docs/server/maintenance/images/zh-cn_other_0000001337581224.jpeg differ diff --git a/docs/zh/docs/server/maintenance/kernel_live_upgrade/_toc.yaml b/docs/zh/docs/server/maintenance/kernel_live_upgrade/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..410f21e22e6f1b48f47b10b6a2d73bde269f4df1 --- /dev/null +++ b/docs/zh/docs/server/maintenance/kernel_live_upgrade/_toc.yaml @@ -0,0 +1,13 @@ +label: 内核热升级指南 +isManual: true +description: 使用用户态自动化工具快速重启内核和程序热迁移实现内核热替换特性 +sections:sections: + - label: 内核热升级指南 + href: ./kernel-live-upgrade.md + sections:sections: + - label: 安装与部署 + href: ./installation-and-deployment.md + - label: 使用方法 + href: ./usage-guide.md + - label: 常见问题与解决方法 + href: ./faqs-and-solutions.md diff --git "a/docs/zh/docs/KernelLiveUpgrade/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/docs/server/maintenance/kernel_live_upgrade/faqs-and-solutions.md similarity index 100% rename from "docs/zh/docs/KernelLiveUpgrade/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/docs/server/maintenance/kernel_live_upgrade/faqs-and-solutions.md diff --git "a/docs/zh/docs/KernelLiveUpgrade/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" b/docs/zh/docs/server/maintenance/kernel_live_upgrade/installation-and-deployment.md similarity index 99% rename from "docs/zh/docs/KernelLiveUpgrade/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" rename to docs/zh/docs/server/maintenance/kernel_live_upgrade/installation-and-deployment.md index f420e5c328a48c378b637823c69e4228f6b7ee9a..6fa2f6ed3880f970222e8109973e3850301b7327 100644 --- "a/docs/zh/docs/KernelLiveUpgrade/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" +++ b/docs/zh/docs/server/maintenance/kernel_live_upgrade/installation-and-deployment.md @@ -143,7 +143,7 @@ enable_pin_memory: true + log_dir - 存放内核热升级工具产生的log信息,log模块当前未启用。内核热升级工具日志信息的查看,参考其他章节<<使用方法>> + 存放内核热升级工具产生的log信息,log模块当前未启用。内核热升级工具日志信息的查看,参考其他章节\<使用方法> - nvwa-server.yaml的配置示例 diff --git a/docs/zh/docs/KernelLiveUpgrade/KernelLiveUpgrade.md b/docs/zh/docs/server/maintenance/kernel_live_upgrade/kernel-live-upgrade.md similarity index 100% rename from docs/zh/docs/KernelLiveUpgrade/KernelLiveUpgrade.md rename to docs/zh/docs/server/maintenance/kernel_live_upgrade/kernel-live-upgrade.md diff --git "a/docs/zh/docs/KernelLiveUpgrade/\344\275\277\347\224\250\346\226\271\346\263\225.md" b/docs/zh/docs/server/maintenance/kernel_live_upgrade/usage-guide.md similarity index 96% rename from "docs/zh/docs/KernelLiveUpgrade/\344\275\277\347\224\250\346\226\271\346\263\225.md" rename to docs/zh/docs/server/maintenance/kernel_live_upgrade/usage-guide.md index e65fcbfdf3b2ad87fa99ee37d8c3a6eb3eeff729..c7355c36195b2c3980cac2d2676017006ede00b3 100644 --- "a/docs/zh/docs/KernelLiveUpgrade/\344\275\277\347\224\250\346\226\271\346\263\225.md" +++ b/docs/zh/docs/server/maintenance/kernel_live_upgrade/usage-guide.md @@ -90,13 +90,13 @@ quick kexec,是对kexec加载镜像过程中的一种加速。 - 使用quick kexec,需要在配置文件中使能相关选项,更多信息参考<<[安装与部署-配置介绍](./安装与部署.md#配置介绍)>>。 + 使用quick kexec,需要在配置文件中使能相关选项,更多信息参考\<<[安装与部署-配置介绍](./安装与部署.md#配置介绍)>>。 3. pin_memory(加速现场保存恢复过程) pin memory,是对criu进行现场保存恢复过程中的一种加速。 - 使用pin memory,需要在配置文件中使能相关选项,更多信息参考<<[安装与部署-配置介绍](./安装与部署.md#配置介绍)>>。 + 使用pin memory,需要在配置文件中使能相关选项,更多信息参考\<<[安装与部署-配置介绍](./安装与部署.md#配置介绍)>>。 ## 产生的日志信息 diff --git "a/docs/zh/docs/ops_guide/\350\277\220\347\273\264\346\246\202\350\277\260.md" b/docs/zh/docs/server/maintenance/operation-and-maintenance-overview.md similarity index 100% rename from "docs/zh/docs/ops_guide/\350\277\220\347\273\264\346\246\202\350\277\260.md" rename to docs/zh/docs/server/maintenance/operation-and-maintenance-overview.md diff --git a/docs/zh/docs/ops_guide/overview.md b/docs/zh/docs/server/maintenance/overview.md similarity index 100% rename from docs/zh/docs/ops_guide/overview.md rename to docs/zh/docs/server/maintenance/overview.md diff --git a/docs/zh/docs/server/maintenance/syscare/_toc.yaml b/docs/zh/docs/server/maintenance/syscare/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f6e1c0ce75b98b65b3f14fd812747b96129c7ce8 --- /dev/null +++ b/docs/zh/docs/server/maintenance/syscare/_toc.yaml @@ -0,0 +1,17 @@ +label: SysCare用户指南 +isManual: true +description: 提供在线的热补丁修复能力 +sections: + - label: syscare用户使用手册 + href: ./syscare-user-guide.md + sections: + - label: 认识SysCare + href: ./syscare-introduction.md + - label: 安装SysCare + href: ./installing-syscare.md + - label: 使用SysCare + href: ./using-syscare.md + - label: 约束限制 + href: ./constraints.md + - label: 常见问题与解决方法 + href: ./faqs-and-solutions.md diff --git "a/docs/zh/docs/SysCare/\347\272\246\346\235\237\351\231\220\345\210\266.md" b/docs/zh/docs/server/maintenance/syscare/constraints.md similarity index 100% rename from "docs/zh/docs/SysCare/\347\272\246\346\235\237\351\231\220\345\210\266.md" rename to docs/zh/docs/server/maintenance/syscare/constraints.md diff --git "a/docs/zh/docs/SysCare/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/docs/server/maintenance/syscare/faqs-and-solutions.md similarity index 100% rename from "docs/zh/docs/SysCare/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/docs/server/maintenance/syscare/faqs-and-solutions.md diff --git "a/docs/zh/docs/SysCare/figures/syscare\351\200\273\350\276\221\346\236\266\346\236\204.png" "b/docs/zh/docs/server/maintenance/syscare/figures/syscare\351\200\273\350\276\221\346\236\266\346\236\204.png" similarity index 100% rename from "docs/zh/docs/SysCare/figures/syscare\351\200\273\350\276\221\346\236\266\346\236\204.png" rename to "docs/zh/docs/server/maintenance/syscare/figures/syscare\351\200\273\350\276\221\346\236\266\346\236\204.png" diff --git "a/docs/zh/docs/SysCare/\345\256\211\350\243\205SysCare.md" b/docs/zh/docs/server/maintenance/syscare/installing-syscare.md similarity index 100% rename from "docs/zh/docs/SysCare/\345\256\211\350\243\205SysCare.md" rename to docs/zh/docs/server/maintenance/syscare/installing-syscare.md diff --git "a/docs/zh/docs/SysCare/\350\256\244\350\257\206SysCare.md" b/docs/zh/docs/server/maintenance/syscare/syscare-introduction.md similarity index 100% rename from "docs/zh/docs/SysCare/\350\256\244\350\257\206SysCare.md" rename to docs/zh/docs/server/maintenance/syscare/syscare-introduction.md diff --git "a/docs/zh/docs/SysCare/SysCare\347\224\250\346\210\267\346\214\207\345\215\227.md" b/docs/zh/docs/server/maintenance/syscare/syscare-user-guide.md similarity index 100% rename from "docs/zh/docs/SysCare/SysCare\347\224\250\346\210\267\346\214\207\345\215\227.md" rename to docs/zh/docs/server/maintenance/syscare/syscare-user-guide.md diff --git "a/docs/zh/docs/SysCare/\344\275\277\347\224\250SysCare.md" b/docs/zh/docs/server/maintenance/syscare/using-syscare.md similarity index 100% rename from "docs/zh/docs/SysCare/\344\275\277\347\224\250SysCare.md" rename to docs/zh/docs/server/maintenance/syscare/using-syscare.md diff --git a/docs/zh/docs/server/maintenance/sysmonitor/_toc.yaml b/docs/zh/docs/server/maintenance/sysmonitor/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e3adb629e9f9945da8077074c3eb2803a1555578 --- /dev/null +++ b/docs/zh/docs/server/maintenance/sysmonitor/_toc.yaml @@ -0,0 +1,6 @@ +label: sysmonitor用户指南 +isManual: true +description: 使用 sysmonitor 服务监控 OS 系统运行过程中的异常 +sections: + - label: sysmonitor用户指南 + href: ./sysmonitor-user-guide.md diff --git "a/docs/zh/docs/sysmonitor/figures/sysmonitor\345\212\237\350\203\275\345\210\227\350\241\250.png" "b/docs/zh/docs/server/maintenance/sysmonitor/figures/sysmonitor\345\212\237\350\203\275\345\210\227\350\241\250.png" similarity index 100% rename from "docs/zh/docs/sysmonitor/figures/sysmonitor\345\212\237\350\203\275\345\210\227\350\241\250.png" rename to "docs/zh/docs/server/maintenance/sysmonitor/figures/sysmonitor\345\212\237\350\203\275\345\210\227\350\241\250.png" diff --git "a/docs/zh/docs/sysmonitor/sysmonitor-\344\275\277\347\224\250\346\211\213\345\206\214.md" b/docs/zh/docs/server/maintenance/sysmonitor/sysmonitor-user-guide.md similarity index 100% rename from "docs/zh/docs/sysmonitor/sysmonitor-\344\275\277\347\224\250\346\211\213\345\206\214.md" rename to docs/zh/docs/server/maintenance/sysmonitor/sysmonitor-user-guide.md diff --git a/docs/zh/docs/server/maintenance/troubleshooting/_toc.yaml b/docs/zh/docs/server/maintenance/troubleshooting/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..fe9fd182f027439ca159e3481b14b3f54ae4eb04 --- /dev/null +++ b/docs/zh/docs/server/maintenance/troubleshooting/_toc.yaml @@ -0,0 +1,6 @@ +label: 故障应急处理 +isManual: true +description: 常见的故障应急处理方法 +sections: + - label: 故障应急处理 + href: ./troubleshooting.md diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/zh/docs/server/maintenance/troubleshooting/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001321685172.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322112990.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322219840.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322372918.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322379488.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001335457246.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001335816300.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001336448570.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001336729664.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337000118.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337039920.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337051916.jpg b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337053248.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337172594.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337212144.jpg b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337260780.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268560.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268820.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337419960.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337420372.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337422904.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424024.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424304.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427216.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427392.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337533690.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337536842.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337579708.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337580216.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337584296.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337696078.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740252.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740540.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337747132.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748300.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748528.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372249333.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372748125.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372821865.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372824637.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001373373585.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001373379529.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001384808269.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001385585749.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001385611905.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001385905845.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001386149037.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001386699925.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387293085.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413509.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413793.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387415629.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387691985.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692269.jpg b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692893.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387755969.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387780357.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387784693.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387787605.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387855149.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387857005.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387902849.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387907229.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908045.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908453.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387961737.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388020197.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024321.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024397.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028161.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028537.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388184025.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187249.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187325.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388188365.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388241577.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388972645.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001389098425.png b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_other_0000001337581224.jpeg b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/zh/docs/server/maintenance/troubleshooting/images/zh-cn_other_0000001337581224.jpeg differ diff --git "a/docs/zh/docs/ops_guide/\346\225\205\351\232\234\345\272\224\346\200\245\345\244\204\347\220\206.md" b/docs/zh/docs/server/maintenance/troubleshooting/troubleshooting.md similarity index 100% rename from "docs/zh/docs/ops_guide/\346\225\205\351\232\234\345\272\224\346\200\245\345\244\204\347\220\206.md" rename to docs/zh/docs/server/maintenance/troubleshooting/troubleshooting.md diff --git a/docs/zh/docs/server/memory_storage/etmem/_toc.yaml b/docs/zh/docs/server/memory_storage/etmem/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..27d9212fe25393e709fa64916773e1586fd7bb1a --- /dev/null +++ b/docs/zh/docs/server/memory_storage/etmem/_toc.yaml @@ -0,0 +1,6 @@ +label: etmem用户指南 +isManual: true +description: 使用内存分级扩展技术 etmem 扩展内存容量 +sections: + - label: 使用etmem + href: ./etmem-user-guide.md diff --git a/docs/zh/docs/Administration/memory-management.md b/docs/zh/docs/server/memory_storage/etmem/etmem-user-guide.md similarity index 100% rename from docs/zh/docs/Administration/memory-management.md rename to docs/zh/docs/server/memory_storage/etmem/etmem-user-guide.md diff --git a/docs/zh/docs/server/memory_storage/gmem/_toc.yaml b/docs/zh/docs/server/memory_storage/gmem/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..41fd03ace73caa6e003f364a5f8f74f3ef8bbbf5 --- /dev/null +++ b/docs/zh/docs/server/memory_storage/gmem/_toc.yaml @@ -0,0 +1,10 @@ +label: GMEM用户指南 +isManual: true +description: 提供异构互联内存的中心化管理 +sections: + - label: 概述 + href: ./introduction-to-gmem.md + - label: 安装与部署 + href: ./installation-and-deployment.md + - label: 使用方法 + href: ./usage-instructions.md diff --git "a/docs/zh/docs/GMEM/images/GMEM-\346\236\266\346\236\204.png" "b/docs/zh/docs/server/memory_storage/gmem/images/GMEM-\346\236\266\346\236\204.png" similarity index 100% rename from "docs/zh/docs/GMEM/images/GMEM-\346\236\266\346\236\204.png" rename to "docs/zh/docs/server/memory_storage/gmem/images/GMEM-\346\236\266\346\236\204.png" diff --git "a/docs/zh/docs/GMEM/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" b/docs/zh/docs/server/memory_storage/gmem/installation-and-deployment.md similarity index 100% rename from "docs/zh/docs/GMEM/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" rename to docs/zh/docs/server/memory_storage/gmem/installation-and-deployment.md diff --git "a/docs/zh/docs/GMEM/\350\256\244\350\257\206GMEM.md" b/docs/zh/docs/server/memory_storage/gmem/introduction-to-gmem.md similarity index 100% rename from "docs/zh/docs/GMEM/\350\256\244\350\257\206GMEM.md" rename to docs/zh/docs/server/memory_storage/gmem/introduction-to-gmem.md diff --git "a/docs/zh/docs/GMEM/\344\275\277\347\224\250\350\257\264\346\230\216.md" b/docs/zh/docs/server/memory_storage/gmem/usage-instructions.md similarity index 100% rename from "docs/zh/docs/GMEM/\344\275\277\347\224\250\350\257\264\346\230\216.md" rename to docs/zh/docs/server/memory_storage/gmem/usage-instructions.md diff --git a/docs/zh/docs/server/memory_storage/hsak/_toc.yaml b/docs/zh/docs/server/memory_storage/hsak/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..0bddfb40c1a5568e1039eb06b6742e2ed50eb91c --- /dev/null +++ b/docs/zh/docs/server/memory_storage/hsak/_toc.yaml @@ -0,0 +1,12 @@ +label: HSAK开发指南 +isManual: true +description: HSAK 针对新型存储介质提供高带宽低时延的IO软件栈 +sections: + - label: 概述 + href: ./hsak-developer-guide.md + - label: 使用HSAK开发应用程序 + href: ./development_with_hsak.md + - label: HSAK工具使用说明 + href: ./hsak_tool_usage.md + - label: HSAK接口说明 + href: ./hsak_c_apis.md diff --git a/docs/zh/docs/HSAK/develop_with_hsak.md b/docs/zh/docs/server/memory_storage/hsak/development_with_hsak.md similarity index 100% rename from docs/zh/docs/HSAK/develop_with_hsak.md rename to docs/zh/docs/server/memory_storage/hsak/development_with_hsak.md diff --git a/docs/zh/docs/HSAK/introduce_hsak.md b/docs/zh/docs/server/memory_storage/hsak/hsak-developer-guide.md similarity index 100% rename from docs/zh/docs/HSAK/introduce_hsak.md rename to docs/zh/docs/server/memory_storage/hsak/hsak-developer-guide.md diff --git a/docs/zh/docs/HSAK/hsak_interface.md b/docs/zh/docs/server/memory_storage/hsak/hsak_c_apis.md similarity index 100% rename from docs/zh/docs/HSAK/hsak_interface.md rename to docs/zh/docs/server/memory_storage/hsak/hsak_c_apis.md diff --git a/docs/zh/docs/HSAK/hsak_tools_usage.md b/docs/zh/docs/server/memory_storage/hsak/hsak_tools_usage.md similarity index 100% rename from docs/zh/docs/HSAK/hsak_tools_usage.md rename to docs/zh/docs/server/memory_storage/hsak/hsak_tools_usage.md diff --git a/docs/zh/docs/server/memory_storage/lvm/_toc.yaml b/docs/zh/docs/server/memory_storage/lvm/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..049106197cea007587f6cd626133c6dad60b5905 --- /dev/null +++ b/docs/zh/docs/server/memory_storage/lvm/_toc.yaml @@ -0,0 +1,6 @@ +label: 配置和管理逻辑卷 +isManual: true +description: 使用 LVM 管理硬盘 +sections: + - label: 使用 LVM 管理硬盘 + href: ./managing-drives-through-lvm.md diff --git "a/docs/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" b/docs/zh/docs/server/memory_storage/lvm/managing-drives-through-lvm.md similarity index 100% rename from "docs/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" rename to docs/zh/docs/server/memory_storage/lvm/managing-drives-through-lvm.md diff --git a/docs/zh/docs/Administration/overview.md b/docs/zh/docs/server/memory_storage/overview.md similarity index 97% rename from docs/zh/docs/Administration/overview.md rename to docs/zh/docs/server/memory_storage/overview.md index cfe32a7ace7639f70e282a5f1deb5f36f07b78c7..00e0746392712d842c638cab77e42eb5cd8585b5 100644 --- a/docs/zh/docs/Administration/overview.md +++ b/docs/zh/docs/server/memory_storage/overview.md @@ -1,151 +1,151 @@ -# 管理内存 - -## 基本概念 - -**内存**是计算机的重要组成部件,用于暂时存放CPU中的运算数据,以及与硬件等外部存储器交换的数据。特别地,**非统一内存访问架构**(non-uniform memory access,简称NUMA)是一种为多处理器的电脑设计的内存架构,**内存访问时间取决于内存相对于处理器的位置**。在NUMA下,处理器访问本地内存的速度比非本地内存速度(内存位于另一个处理器,或者是处理器之间共享的内存)快。 - -## 查看内存 - -1. free:可用于**显示系统内存状态**。 - - 例如: - - ```shell - # 显示系统内存状态,以MB单位显示 - free -m - ``` - - 回显信息如下: - - ```shell - [root@openEuler ~]# free -m - total used free shared buff/cache available - Mem: 2633 436 324 23 2072 2196 - Swap: 4043 0 4043 - ``` - - 在命令的输出信息中,各字段所代表的含义如下: - - |标识|含义| - |--|--| - |total|总内存数。| - |used|已经使用的内存数。| - |free|空闲的内存数。| - |shared|多个进程共享的内存总数。| - |buff/cache|缓冲和缓存内存总数。| - |available|估计有多少内存可用于启动新应用程序,而不交换。| - -2. vmstat:可以**动态地监控系统内存**,查看系统内存的使用情况。 - - 例如: - - ```shell - # 监测系统内存,显示活跃和非活跃内存 - vmstat -a - ``` - - 回显信息如下: - - ```shell - [root@openEuler ~]# vmstat -a - procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu----- - r b swpd free inact active si so bi bo in cs us sy id wa st - 2 0 520 331980 1584728 470332 0 0 0 2 15 19 0 0 100 0 0 - ``` - - 在命令的输出信息中,与内存相关的memory字段所代表的含义如下: - - |字段|含义| - |--|--| - |memory|内存信息字段。-swpd:虚拟内存的使用情况,单位为 KB。-free:空闲的内存容量,单位为 KB。-inact:非活跃的内存容量,单位为 KB。-active:活跃的内存容量,单位为 KB。| - -3. sar:可用于**监控系统的内存使用情况**。 - - 例如: - - ```shell - # 系统内存在采样时间内的使用情况,每2秒统计一次,统计 3 次 - sar -r 2 3 - ``` - - 回显信息如下: - - ```shell - [root@openEuler ~]# sar -r 2 3 - - 04:02:09 PM kbmemfree kbavail kbmemused %memused kbbuffers kbcached kbcommit %commit kbactive kbinact kb - dirty - 04:02:11 PM 332180 2249308 189420 7.02 142172 1764312 787948 11.52 470404 1584924 - 36 - 04:02:13 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 - 36 - 04:02:15 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 - 36 - Average: 332159 2249287 189441 7.03 142172 1764312 787948 11.52 470404 1584924 - 36 - ``` - - 在命令的输出信息中,各字段所代表的含义如下: - - |字段|含义| - |--|--| - |kbmemfree|内存的未使用空间。| - |kbmemused|内存的已使用空间。| - |%memused|已使用空间的百分比。| - |kbbuffers|缓冲区的数据存取量。| - |kbcached|系统全域的数据存取量。| - -4. numactl:可用于**查看NUMA节点配置和状态**。 - - 例如: - - ```shell - # 查看当前的NUMA配置 - numactl -H - ``` - - 回显信息如下: - - ```shell - [root@openEuler ~]# numactl -H - available: 1 nodes (0) - node 0 cpus: 0 1 2 3 - node 0 size: 2633 MB - node 0 free: 322 MB - node distances: - node 0 - 0: 10 - ``` - - 服务器共划分为1个NUMA节点。每个节点包含4个CPU core,每个节点的内存大小约为6GB。 - 同时,该命令还给出了不同节点间的距离,距离越远,跨NUMA内存访问的延时越大。应用程序运行时应减少跨NUMA访问内存。 - - numastat:可用于**观察各个NUMA节点的状态** - - ```shell - # 观察NUMA节点的状态 - numastat - ``` - - ```shell - [root@openEuler ~]# numastat - node0 - numa_hit 5386186 - numa_miss 0 - numa_foreign 0 - interleave_hit 17483 - local_node 5386186 - other_node 0 - ``` - - numastat命令输出字段及其含义如下: - - |标识|含义| - |--|--| - |numa_hit|节点内CPU核访问本地内存的次数。| - |numa_miss|节点内核访问其他节点内存的次数。| - |numa_foreign|初始分配在本地,最后分配在其他节点的叶数量。每个numa_foreign对应numa_miss事件。| - |interleave_hit|interleave策略页成功分配到这个节点。| - |local_node|该节点的进程成功在这个节点上分配内存访问的大小。| - |other_node|该节点的进程在其他节点上分配的内存访问大小。| +# 管理内存 + +## 基本概念 + +**内存**是计算机的重要组成部件,用于暂时存放CPU中的运算数据,以及与硬件等外部存储器交换的数据。特别地,**非统一内存访问架构**(non-uniform memory access,简称NUMA)是一种为多处理器的电脑设计的内存架构,**内存访问时间取决于内存相对于处理器的位置**。在NUMA下,处理器访问本地内存的速度比非本地内存速度(内存位于另一个处理器,或者是处理器之间共享的内存)快。 + +## 查看内存 + +1. free:可用于**显示系统内存状态**。 + + 例如: + + ```shell + # 显示系统内存状态,以MB单位显示 + free -m + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# free -m + total used free shared buff/cache available + Mem: 2633 436 324 23 2072 2196 + Swap: 4043 0 4043 + ``` + + 在命令的输出信息中,各字段所代表的含义如下: + + |标识|含义| + |--|--| + |total|总内存数。| + |used|已经使用的内存数。| + |free|空闲的内存数。| + |shared|多个进程共享的内存总数。| + |buff/cache|缓冲和缓存内存总数。| + |available|估计有多少内存可用于启动新应用程序,而不交换。| + +2. vmstat:可以**动态地监控系统内存**,查看系统内存的使用情况。 + + 例如: + + ```shell + # 监测系统内存,显示活跃和非活跃内存 + vmstat -a + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# vmstat -a + procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu----- + r b swpd free inact active si so bi bo in cs us sy id wa st + 2 0 520 331980 1584728 470332 0 0 0 2 15 19 0 0 100 0 0 + ``` + + 在命令的输出信息中,与内存相关的memory字段所代表的含义如下: + + |字段|含义| + |--|--| + |memory|内存信息字段。-swpd:虚拟内存的使用情况,单位为 KB。-free:空闲的内存容量,单位为 KB。-inact:非活跃的内存容量,单位为 KB。-active:活跃的内存容量,单位为 KB。| + +3. sar:可用于**监控系统的内存使用情况**。 + + 例如: + + ```shell + # 系统内存在采样时间内的使用情况,每2秒统计一次,统计 3 次 + sar -r 2 3 + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# sar -r 2 3 + + 04:02:09 PM kbmemfree kbavail kbmemused %memused kbbuffers kbcached kbcommit %commit kbactive kbinact kb + dirty + 04:02:11 PM 332180 2249308 189420 7.02 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:13 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + 04:02:15 PM 332148 2249276 189452 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + Average: 332159 2249287 189441 7.03 142172 1764312 787948 11.52 470404 1584924 + 36 + ``` + + 在命令的输出信息中,各字段所代表的含义如下: + + |字段|含义| + |--|--| + |kbmemfree|内存的未使用空间。| + |kbmemused|内存的已使用空间。| + |%memused|已使用空间的百分比。| + |kbbuffers|缓冲区的数据存取量。| + |kbcached|系统全域的数据存取量。| + +4. numactl:可用于**查看NUMA节点配置和状态**。 + + 例如: + + ```shell + # 查看当前的NUMA配置 + numactl -H + ``` + + 回显信息如下: + + ```shell + [root@openEuler ~]# numactl -H + available: 1 nodes (0) + node 0 cpus: 0 1 2 3 + node 0 size: 2633 MB + node 0 free: 322 MB + node distances: + node 0 + 0: 10 + ``` + + 服务器共划分为1个NUMA节点。每个节点包含4个CPU core,每个节点的内存大小约为6GB。 + 同时,该命令还给出了不同节点间的距离,距离越远,跨NUMA内存访问的延时越大。应用程序运行时应减少跨NUMA访问内存。 + + numastat:可用于**观察各个NUMA节点的状态** + + ```shell + # 观察NUMA节点的状态 + numastat + ``` + + ```shell + [root@openEuler ~]# numastat + node0 + numa_hit 5386186 + numa_miss 0 + numa_foreign 0 + interleave_hit 17483 + local_node 5386186 + other_node 0 + ``` + + numastat命令输出字段及其含义如下: + + |标识|含义| + |--|--| + |numa_hit|节点内CPU核访问本地内存的次数。| + |numa_miss|节点内核访问其他节点内存的次数。| + |numa_foreign|初始分配在本地,最后分配在其他节点的叶数量。每个numa_foreign对应numa_miss事件。| + |interleave_hit|interleave策略页成功分配到这个节点。| + |local_node|该节点的进程成功在这个节点上分配内存访问的大小。| + |other_node|该节点的进程在其他节点上分配的内存访问大小。| \ No newline at end of file diff --git a/docs/zh/docs/Quickstart/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/memory_storage/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/Quickstart/public_sys-resources/icon-caution.gif rename to docs/zh/docs/server/memory_storage/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/Quickstart/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/memory_storage/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/Quickstart/public_sys-resources/icon-danger.gif rename to docs/zh/docs/server/memory_storage/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/Releasenotes/public_sys-resources/icon-note.gif b/docs/zh/docs/server/memory_storage/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/Releasenotes/public_sys-resources/icon-note.gif rename to docs/zh/docs/server/memory_storage/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/Quickstart/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/memory_storage/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/Quickstart/public_sys-resources/icon-notice.gif rename to docs/zh/docs/server/memory_storage/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/Quickstart/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/memory_storage/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/Quickstart/public_sys-resources/icon-tip.gif rename to docs/zh/docs/server/memory_storage/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/Quickstart/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/memory_storage/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/Quickstart/public_sys-resources/icon-warning.gif rename to docs/zh/docs/server/memory_storage/public_sys-resources/icon-warning.gif diff --git a/docs/zh/docs/server/network/gazelle/_toc.yaml b/docs/zh/docs/server/network/gazelle/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ba820363fb66dca5fd1a8046f97351d76ca9354c --- /dev/null +++ b/docs/zh/docs/server/network/gazelle/_toc.yaml @@ -0,0 +1,6 @@ +label: Gazelle用户指南 +isManual: true +description: 提高应用的网络 I/O 吞吐能力 +sections: + - label: Gazelle用户指南 + href: ./gazelle-user-guide.md diff --git a/docs/zh/docs/Gazelle/Gazelle.md b/docs/zh/docs/server/network/gazelle/gazelle-user-guide.md similarity index 97% rename from docs/zh/docs/Gazelle/Gazelle.md rename to docs/zh/docs/server/network/gazelle/gazelle-user-guide.md index 7dfbbbf4875468a244369c9b5453fe57c8781a74..fc0b4dd0e5ec1acf102bda43ec968cce42d2f3a0 100644 --- a/docs/zh/docs/Gazelle/Gazelle.md +++ b/docs/zh/docs/server/network/gazelle/gazelle-user-guide.md @@ -1,290 +1,290 @@ -# 用户态协议栈Gazelle用户指南 - -## 简介 - -Gazelle是一款高性能用户态协议栈。它基于DPDK在用户态直接读写网卡报文,共享大页内存传递报文,使用轻量级LwIP协议栈。能够大幅提高应用的网络I/O吞吐能力。专注于数据库网络性能加速,如MySQL、redis等。 - -- 高性能 - - 报文零拷贝,无锁,灵活scale-out,自适应调度。 - -- 通用性 - - 完全兼容POSIX,零修改,适用不同类型的应用。 - - 单进程且网卡支持多队列时,只需使用liblstack.so有更短的报文路径。 - -## 安装 - -配置openEuler的yum源,直接使用yum命令安装 - -```sh -yum install dpdk -yum install libconfig -yum install numactl -yum install libboundscheck -yum install libpcap -yum install gazelle -``` - ->说明: -dpdk >= 21.11-2 - -## 使用方法 - -配置运行环境,使用Gazelle加速应用程序步骤如下: - -### 1. 使用root权限安装ko - -根据实际情况选择使用ko,提供绑定网卡到用户态功能。 -网卡从内核驱动绑为用户态驱动的ko,根据实际情况选择一种。 - -```sh -#若IOMMU能使用 -modprobe vfio-pci - -#若IOMMU不能使用,且VFIO支持noiommu -modprobe vfio enable_unsafe_noiommu_mode=1 -modprobe vfio-pci - -#其他情况 -modprobe igb_uio -``` - ->说明: -可根据机器BIOS配置,查看是否使能IOMMU。 - -### 2. dpdk绑定网卡 - -将网卡绑定到步骤1选择的驱动。为用户态网卡驱动提供网卡资源访问接口。 - -```sh -#使用vfio-pci -dpdk-devbind -b vfio-pci enp3s0 - -#使用igb_uio -dpdk-devbind -b igb_uio enp3s0 -``` - -### 3. 大页内存配置 - -Gazelle使用大页内存提高效率。使用root权限配置系统预留大页内存,可选用任意页大小。因每页内存都需要一个fd,使用内存较大时,建议使用1G的大页,避免占用过多fd。 -根据实际情况,选择一种页大小,配置足够的大页内存即可。配置大页操作如下: - -```sh -#配置2M大页内存:在node0上配置 2M * 1024 = 2G -echo 1024 > /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages - -#配置1G大页内存:在node0上配置1G * 5 = 5G -echo 5 > /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages -``` - ->说明: -cat查询实际预留页个数,连续内存不足时可能比预期少 - -### 4. 挂载大页内存 - -创建目录,给lstack的进程访问大页内存使用。操作步骤如下: - -```sh -mkdir -p /mnt/hugepages-lstack -chmod -R 700 /mnt/hugepages-lstack - -mount -t hugetlbfs nodev /mnt/hugepages-lstack -o pagesize=2M -``` - -### 5. 应用程序使用Gazelle - -有两种使用Gazelle方法,根据需要选择其一 - -- 重新编译应用程序,替换sockets接口 - -```sh -#makefile中添加Gazelle的Makefile --include /etc/gazelle/lstack.Makefile - -#编译添加LSTACK_LIBS变量 -gcc test.c -o test ${LSTACK_LIBS} -``` - -- 使用LD_PRELOAD加载Gazelle库 - - GAZELLE_BIND_PROCNAME环境变量指定进程名,LD_PRELOAD指定Gazelle库路径。 - - ```sh - GAZELLE_BIND_PROCNAME=test LD_PRELOAD=/usr/lib64/liblstack.so ./test - ``` - -- 使用GAZELLE_THREAD_NAME指定Gazelle绑定的线程名 - - 同一进程中的多个线程中,仅有某个线程满足gazelle的使用条件时,可以使用GAZELLE_THREAD_NAME来指定仅由对应的线程名使用gazelle,而其他线程走内核态协议栈。 - - ```sh - GAZELLE_BIND_PROCNAME=test GAZELLE_THREAD_NAME=test_thread LD_PRELOAD=/usr/lib64/liblstack.so ./test - ``` - -### 6. 配置文件 - -- lstack.conf用于指定lstack的启动参数,默认路径为/etc/gazelle/lstack.conf, 配置文件参数如下 - -|选项|参数格式|说明| -|:---|:---|:---| -|dpdk_args|--socket-mem(必需)
--huge-dir(必需)
--proc-type(必需)
--legacy-mem
--map-perfect
-d|dpdk初始化参数,参考dpdk说明
--map-perfect为扩展特性,用于防止dpdk占用多余的地址空间,保证有额外的地址空间分配给lstack。
-d参数加载指定so库文件| -|listen_shadow| 0/1 | 是否使用影子fd监听。单listen线程,多协议栈线程时是能| -|use_ltran| 0/1 | 是否使用ltran ,功能已衰退,不再支持| -|num_cpus|"0,2,4 ..."|lstack线程绑定的cpu编号,编号的数量为lstack线程个数(小于等于网卡多队列数量)。可按NUMA选择cpu| -|low_power_mode|0/1|是否开启低功耗模式,暂不支持| -|kni_switch|0/1|rte_kni开关,默认为0。功能已衰退,不再支持| -|unix_prefix|"string"|gazelle进程间通信使用的unix socket文件前缀字符串,默认为空,和需要通信的ltran.conf的unix_prefix或gazellectl的-u参数配置一致。不能含有特殊字符,最大长度为128。| -|host_addr|"192.168.xx.xx"|协议栈的IP地址,也是应用程序的IP地址| -|mask_addr|"255.255.xx.xx"|掩码地址| -|gateway_addr|"192.168.xx.1"|网关地址| -|devices|"aa:bb:cc:dd:ee:ff"|网卡通信的mac地址,在bond1模式下作为bond的主网口| -|app_bind_numa|0/1|应用的epoll和poll线程是否绑定到协议栈所在的numa,缺省值是1,即绑定| -|send_connect_number|4|设置为正整数,表示每次协议栈循环中发包处理的连接个数| -|read_connect_number|4|设置为正整数,表示每次协议栈循环中收包处理的连接个数| -|rpc_number|4|设置为正整数,表示每次协议栈循环中rpc消息处理的个数| -|nic_read_num|128|设置为正整数,表示每次协议栈循环中从网卡读取的数据包的个数| -|bond_mode|-1|设置组bond,当前支持两个网口组bond模式,默认值-1关闭bond,当前支持bond1/4/6| -|bond_slave_mac|"aa:bb:cc:dd:ee:ff;AA:BB:CC:DD:EE:FF"|设置组bond网口的mac地址信息,以;分隔| -|bond_miimon|10|设置bond模式的监听间隔,默认值10,取值范围0~1500| -|udp_enable|0/1|是否开启udp功能,默认值1开启| -|nic_vlan_mode|-1|是否开启vlan模式,默认值-1关闭,取值范围-1~4095,0和4095是业界通用预留id无实际效果| -|tcp_conn_count|1500|tcp的最大连接数,该参数乘以mbuf_count_per_conn是初始化时申请的mbuf池大小,配置过小会启动失败,tcp_conn_count * mbuf_count_per_conn * 2048字节不能大于大页大小 | -|mbuf_count_per_conn|170|每个tcp连接需要的mbuf个数,该参数乘以tcp_conn_count是初始化时申请的mbuf地址池大小,配置过小会启动失败,tcp_conn_count * mbuf_count_per_conn * 2048字节不能大于大页大小| - -lstack.conf示例: - -```sh -dpdk_args=["--socket-mem", "2048,0,0,0", "--huge-dir", "/mnt/hugepages-lstack", "--proc-type", "primary", "--legacy-mem", "--map-perfect"] - -use_ltran=0 -kni_switch=0 - -low_power_mode=0 - -num_cpus="2,22" -num_wakeup="3,23" - -host_addr="192.168.1.10" -mask_addr="255.255.255.0" -gateway_addr="192.168.1.1" -devices="aa:bb:cc:dd:ee:ff" - -send_connect_number=4 -read_connect_number=4 -rpc_number=4 -nic_read_num=128 -mbuf_pool_size=1024000 -bond_mode=1 -bond_slave_mac="aa:bb:cc:dd:ee:ff;AA:BB:CC:DD:EE:FF" -udp_enable=1 -nic_vlan_mode=-1 -``` - -- ltran模式功能已衰退,多进程使用需求可尝试使用SR-IOV组网硬件虚拟化组网模式: - -### 7. 启动应用程序 - -- 启动应用程序 - - 启动应用程序前不使用环境变量LSTACK_CONF_PATH指定配置文件,则使用默认路径/etc/gazelle/lstack.conf - - ```sh - export LSTACK_CONF_PATH=./lstack.conf - LD_PRELOAD=/usr/lib64/liblstack.so GAZELLE_BIND_PROCNAME=redis-server redis-server redis.conf - ``` - -### 8. API - -Gazelle wrap应用程序POSIX接口,应用程序无需修改代码。 - -### 9. 调测命令 - -```sh -Usage: gazellectl [-h | help] - or: gazellectl lstack {show | set} {ip | pid} [LSTACK_OPTIONS] [time] [-u UNIX_PREFIX] - - where LSTACK_OPTIONS := - show lstack all statistics - -r, rate show lstack statistics per second - -s, snmp show lstack snmp - -c, connetct show lstack connect - -l, latency show lstack latency - -x, xstats show lstack xstats - -k, nic-features show state of protocol offload and other feature - -a, aggregatin [time] show lstack send/recv aggregation - set: - loglevel {error | info | debug} set lstack loglevel - lowpower {0 | 1} set lowpower enable - [time] measure latency time default 1S -``` - --u参数指定gazelle进程间通信的unix socket前缀,和需要通信的lstack.conf的unix_prefix配置一致。 - -**抓包工具** -gazelle使用的网卡由dpdk接管,因此普通的tcpdump无法抓到gazelle的数据包。作为替代,gazelle使用dpdk-tools软件包中提供的gazelle-pdump作为数据包捕获工具,它使用dpdk的多进程模式和lstack进程共享内存。 -[详细使用方法](https://gitee.com/openeuler/gazelle/blob/master/doc/pdump.md) - -**线程名绑定** -lstack启动时可以通过指定环境变量GAZELLE_THREAD_NAME来指定lstack绑定的线程名,在业务进程中有多个不同线程时,可以通过使用此参数来指定需要lstack接管网络接口的线程名,未指定的线程将走内核态协议栈。默认为空,即绑定进程内的所有线程。 - -### 10. 使用注意 - -#### 1. dpdk配置文件的位置 - -如果是root用户,dpdk启动后的配置文件将会放到/var/run/dpdk目录下; -如果是非root用户,dpdk配置文件的路径将由环境变量XDG_RUNTIME_DIR决定; - -- 如果XDG_RUNTIME_DIR为空,dpdk配置文件放到/tmp/dpdk目录下; -- 如果XDG_RUNTIME_DIR不为空,dpdk配置文件放到变量XDG_RUNTIME_DIR下; -- 注意有些机器会默认设置XDG_RUNTIME_DIR - -## 约束限制 - -使用 Gazelle 存在一些约束限制: - -### 功能约束 - -- 不支持accept阻塞模式或者connect阻塞模式。 -- 最多支持1500个TCP连接。 -- 当前仅支持TCP、ICMP、ARP、IPv4、UDP 协议。 -- 在对端ping Gazelle时,要求指定报文长度小于等于14000B。 -- 不支持使用透明大页。 -- 虚拟机网卡不支持多队列。 - -### 操作约束 - -- 提供的命令行、配置文件默认root权限。非root用户使用,需先提权以及修改文件所有者。 -- 将用户态网卡绑回到内核驱动,必须先退出Gazelle。 -- 大页内存不支持在挂载点里创建子目录重新挂载。 -- 每个应用实例协议栈线程最低大页内存为800MB 。 -- 仅支持64位系统。 -- 构建x86版本的Gazelle使用了-march=native选项,基于构建环境的CPU(Intel® Xeon® Gold 5118 CPU @ 2.30GHz指令集进行优化。要求运行环境CPU支持 SSE4.2、AVX、AVX2、AVX-512 指令集。 -- 最大IP分片数为10(ping 最大包长14790B),TCP协议不使用IP分片。 -- sysctl配置网卡rp_filter参数为1,否则可能不按预期使用Gazelle协议栈,而是依然使用内核协议栈。 -- 不支持使用多种类型的网卡混合组bond。 -- bond1主备模式,只支持链路层故障主备切换(例如网线断开),不支持物理层故障主备切换(例如网卡下电、拔网卡)。 -- 发送udp报文包长超过45952(32 * 1436)B时,需要将send_ring_size扩大为至少64个。 - -## 注意事项 - -用户根据使用场景评估使用Gazelle - -ltran模式及kni模块由于上游社区及依赖包变更,功能在新版本中不再支持. - -共享内存 - -- 现状 - 大页内存 mount 至 /mnt/hugepages-lstack 目录,进程初始化时在 /mnt/hugepages-lstack 目录下创建文件,每个文件对应一个大页,并 mmap 这些文件。 -- 当前消减措施 - 大页文件权限 600,只有 OWNER 用户才能访问文件,默认 root 用户,支持配置成其他用户; - 大页文件有 DPDK 文件锁,不能直接写或者映射。 -- 注意 - 属于同一用户的恶意进程模仿DPDK实现逻辑,通过大页文件共享大页内存,写破坏大页内存,导致Gazelle程序crash。建议用户下的进程属于同一信任域。 - -**流量限制** -Gazelle没有做流量限制,用户有能力发送最大网卡线速流量的报文到网络,可能导致网络流量拥塞。 - -**进程仿冒** -建议lstack进程都为可信任进程。 +# 用户态协议栈Gazelle用户指南 + +## 简介 + +Gazelle是一款高性能用户态协议栈。它基于DPDK在用户态直接读写网卡报文,共享大页内存传递报文,使用轻量级LwIP协议栈。能够大幅提高应用的网络I/O吞吐能力。专注于数据库网络性能加速,如MySQL、redis等。 + +- 高性能 + + 报文零拷贝,无锁,灵活scale-out,自适应调度。 + +- 通用性 + + 完全兼容POSIX,零修改,适用不同类型的应用。 + + 单进程且网卡支持多队列时,只需使用liblstack.so有更短的报文路径。 + +## 安装 + +配置openEuler的yum源,直接使用yum命令安装 + +```sh +yum install dpdk +yum install libconfig +yum install numactl +yum install libboundscheck +yum install libpcap +yum install gazelle +``` + +>说明: +dpdk >= 21.11-2 + +## 使用方法 + +配置运行环境,使用Gazelle加速应用程序步骤如下: + +### 1. 使用root权限安装ko + +根据实际情况选择使用ko,提供绑定网卡到用户态功能。 +网卡从内核驱动绑为用户态驱动的ko,根据实际情况选择一种。 + +```sh +#若IOMMU能使用 +modprobe vfio-pci + +#若IOMMU不能使用,且VFIO支持noiommu +modprobe vfio enable_unsafe_noiommu_mode=1 +modprobe vfio-pci + +#其他情况 +modprobe igb_uio +``` + +>说明: +可根据机器BIOS配置,查看是否使能IOMMU。 + +### 2. dpdk绑定网卡 + +将网卡绑定到步骤1选择的驱动。为用户态网卡驱动提供网卡资源访问接口。 + +```sh +#使用vfio-pci +dpdk-devbind -b vfio-pci enp3s0 + +#使用igb_uio +dpdk-devbind -b igb_uio enp3s0 +``` + +### 3. 大页内存配置 + +Gazelle使用大页内存提高效率。使用root权限配置系统预留大页内存,可选用任意页大小。因每页内存都需要一个fd,使用内存较大时,建议使用1G的大页,避免占用过多fd。 +根据实际情况,选择一种页大小,配置足够的大页内存即可。配置大页操作如下: + +```sh +#配置2M大页内存:在node0上配置 2M * 1024 = 2G +echo 1024 > /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages + +#配置1G大页内存:在node0上配置1G * 5 = 5G +echo 5 > /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages +``` + +>说明: +cat查询实际预留页个数,连续内存不足时可能比预期少 + +### 4. 挂载大页内存 + +创建目录,给lstack的进程访问大页内存使用。操作步骤如下: + +```sh +mkdir -p /mnt/hugepages-lstack +chmod -R 700 /mnt/hugepages-lstack + +mount -t hugetlbfs nodev /mnt/hugepages-lstack -o pagesize=2M +``` + +### 5. 应用程序使用Gazelle + +有两种使用Gazelle方法,根据需要选择其一 + +- 重新编译应用程序,替换sockets接口 + +```sh +#makefile中添加Gazelle的Makefile +-include /etc/gazelle/lstack.Makefile + +#编译添加LSTACK_LIBS变量 +gcc test.c -o test ${LSTACK_LIBS} +``` + +- 使用LD_PRELOAD加载Gazelle库 + + GAZELLE_BIND_PROCNAME环境变量指定进程名,LD_PRELOAD指定Gazelle库路径。 + + ```sh + GAZELLE_BIND_PROCNAME=test LD_PRELOAD=/usr/lib64/liblstack.so ./test + ``` + +- 使用GAZELLE_THREAD_NAME指定Gazelle绑定的线程名 + + 同一进程中的多个线程中,仅有某个线程满足gazelle的使用条件时,可以使用GAZELLE_THREAD_NAME来指定仅由对应的线程名使用gazelle,而其他线程走内核态协议栈。 + + ```sh + GAZELLE_BIND_PROCNAME=test GAZELLE_THREAD_NAME=test_thread LD_PRELOAD=/usr/lib64/liblstack.so ./test + ``` + +### 6. 配置文件 + +- lstack.conf用于指定lstack的启动参数,默认路径为/etc/gazelle/lstack.conf, 配置文件参数如下 + +|选项|参数格式|说明| +|:---|:---|:---| +|dpdk_args|--socket-mem(必需)
--huge-dir(必需)
--proc-type(必需)
--legacy-mem
--map-perfect
-d|dpdk初始化参数,参考dpdk说明
--map-perfect为扩展特性,用于防止dpdk占用多余的地址空间,保证有额外的地址空间分配给lstack。
-d参数加载指定so库文件| +|listen_shadow| 0/1 | 是否使用影子fd监听。单listen线程,多协议栈线程时是能| +|use_ltran| 0/1 | 是否使用ltran ,功能已衰退,不再支持| +|num_cpus|"0,2,4 ..."|lstack线程绑定的cpu编号,编号的数量为lstack线程个数(小于等于网卡多队列数量)。可按NUMA选择cpu| +|low_power_mode|0/1|是否开启低功耗模式,暂不支持| +|kni_switch|0/1|rte_kni开关,默认为0。功能已衰退,不再支持| +|unix_prefix|"string"|gazelle进程间通信使用的unix socket文件前缀字符串,默认为空,和需要通信的ltran.conf的unix_prefix或gazellectl的-u参数配置一致。不能含有特殊字符,最大长度为128。| +|host_addr|"192.168.xx.xx"|协议栈的IP地址,也是应用程序的IP地址| +|mask_addr|"255.255.xx.xx"|掩码地址| +|gateway_addr|"192.168.xx.1"|网关地址| +|devices|"aa:bb:cc:dd:ee:ff"|网卡通信的mac地址,在bond1模式下作为bond的主网口| +|app_bind_numa|0/1|应用的epoll和poll线程是否绑定到协议栈所在的numa,缺省值是1,即绑定| +|send_connect_number|4|设置为正整数,表示每次协议栈循环中发包处理的连接个数| +|read_connect_number|4|设置为正整数,表示每次协议栈循环中收包处理的连接个数| +|rpc_number|4|设置为正整数,表示每次协议栈循环中rpc消息处理的个数| +|nic_read_num|128|设置为正整数,表示每次协议栈循环中从网卡读取的数据包的个数| +|bond_mode|-1|设置组bond,当前支持两个网口组bond模式,默认值-1关闭bond,当前支持bond1/4/6| +|bond_slave_mac|"aa:bb:cc:dd:ee:ff;AA:BB:CC:DD:EE:FF"|设置组bond网口的mac地址信息,以;分隔| +|bond_miimon|10|设置bond模式的监听间隔,默认值10,取值范围0~1500| +|udp_enable|0/1|是否开启udp功能,默认值1开启| +|nic_vlan_mode|-1|是否开启vlan模式,默认值-1关闭,取值范围-1~4095,0和4095是业界通用预留id无实际效果| +|tcp_conn_count|1500|tcp的最大连接数,该参数乘以mbuf_count_per_conn是初始化时申请的mbuf池大小,配置过小会启动失败,tcp_conn_count * mbuf_count_per_conn * 2048字节不能大于大页大小 | +|mbuf_count_per_conn|170|每个tcp连接需要的mbuf个数,该参数乘以tcp_conn_count是初始化时申请的mbuf地址池大小,配置过小会启动失败,tcp_conn_count * mbuf_count_per_conn * 2048字节不能大于大页大小| + +lstack.conf示例: + +```sh +dpdk_args=["--socket-mem", "2048,0,0,0", "--huge-dir", "/mnt/hugepages-lstack", "--proc-type", "primary", "--legacy-mem", "--map-perfect"] + +use_ltran=0 +kni_switch=0 + +low_power_mode=0 + +num_cpus="2,22" +num_wakeup="3,23" + +host_addr="192.168.1.10" +mask_addr="255.255.255.0" +gateway_addr="192.168.1.1" +devices="aa:bb:cc:dd:ee:ff" + +send_connect_number=4 +read_connect_number=4 +rpc_number=4 +nic_read_num=128 +mbuf_pool_size=1024000 +bond_mode=1 +bond_slave_mac="aa:bb:cc:dd:ee:ff;AA:BB:CC:DD:EE:FF" +udp_enable=1 +nic_vlan_mode=-1 +``` + +- ltran模式功能已衰退,多进程使用需求可尝试使用SR-IOV组网硬件虚拟化组网模式: + +### 7. 启动应用程序 + +- 启动应用程序 + + 启动应用程序前不使用环境变量LSTACK_CONF_PATH指定配置文件,则使用默认路径/etc/gazelle/lstack.conf + + ```sh + export LSTACK_CONF_PATH=./lstack.conf + LD_PRELOAD=/usr/lib64/liblstack.so GAZELLE_BIND_PROCNAME=redis-server redis-server redis.conf + ``` + +### 8. API + +Gazelle wrap应用程序POSIX接口,应用程序无需修改代码。 + +### 9. 调测命令 + +```sh +Usage: gazellectl [-h | help] + or: gazellectl lstack {show | set} {ip | pid} [LSTACK_OPTIONS] [time] [-u UNIX_PREFIX] + + where LSTACK_OPTIONS := + show lstack all statistics + -r, rate show lstack statistics per second + -s, snmp show lstack snmp + -c, connetct show lstack connect + -l, latency show lstack latency + -x, xstats show lstack xstats + -k, nic-features show state of protocol offload and other feature + -a, aggregatin [time] show lstack send/recv aggregation + set: + loglevel {error | info | debug} set lstack loglevel + lowpower {0 | 1} set lowpower enable + [time] measure latency time default 1S +``` + +-u参数指定gazelle进程间通信的unix socket前缀,和需要通信的lstack.conf的unix_prefix配置一致。 + +**抓包工具** +gazelle使用的网卡由dpdk接管,因此普通的tcpdump无法抓到gazelle的数据包。作为替代,gazelle使用dpdk-tools软件包中提供的gazelle-pdump作为数据包捕获工具,它使用dpdk的多进程模式和lstack进程共享内存。 +[详细使用方法](https://gitee.com/openeuler/gazelle/blob/master/doc/pdump.md) + +**线程名绑定** +lstack启动时可以通过指定环境变量GAZELLE_THREAD_NAME来指定lstack绑定的线程名,在业务进程中有多个不同线程时,可以通过使用此参数来指定需要lstack接管网络接口的线程名,未指定的线程将走内核态协议栈。默认为空,即绑定进程内的所有线程。 + +### 10. 使用注意 + +#### 1. dpdk配置文件的位置 + +如果是root用户,dpdk启动后的配置文件将会放到/var/run/dpdk目录下; +如果是非root用户,dpdk配置文件的路径将由环境变量XDG_RUNTIME_DIR决定; + +- 如果XDG_RUNTIME_DIR为空,dpdk配置文件放到/tmp/dpdk目录下; +- 如果XDG_RUNTIME_DIR不为空,dpdk配置文件放到变量XDG_RUNTIME_DIR下; +- 注意有些机器会默认设置XDG_RUNTIME_DIR + +## 约束限制 + +使用 Gazelle 存在一些约束限制: + +### 功能约束 + +- 不支持accept阻塞模式或者connect阻塞模式。 +- 最多支持1500个TCP连接。 +- 当前仅支持TCP、ICMP、ARP、IPv4、UDP 协议。 +- 在对端ping Gazelle时,要求指定报文长度小于等于14000B。 +- 不支持使用透明大页。 +- 虚拟机网卡不支持多队列。 + +### 操作约束 + +- 提供的命令行、配置文件默认root权限。非root用户使用,需先提权以及修改文件所有者。 +- 将用户态网卡绑回到内核驱动,必须先退出Gazelle。 +- 大页内存不支持在挂载点里创建子目录重新挂载。 +- 每个应用实例协议栈线程最低大页内存为800MB 。 +- 仅支持64位系统。 +- 构建x86版本的Gazelle使用了-march=native选项,基于构建环境的CPU(Intel® Xeon® Gold 5118 CPU @ 2.30GHz指令集进行优化。要求运行环境CPU支持 SSE4.2、AVX、AVX2、AVX-512 指令集。 +- 最大IP分片数为10(ping 最大包长14790B),TCP协议不使用IP分片。 +- sysctl配置网卡rp_filter参数为1,否则可能不按预期使用Gazelle协议栈,而是依然使用内核协议栈。 +- 不支持使用多种类型的网卡混合组bond。 +- bond1主备模式,只支持链路层故障主备切换(例如网线断开),不支持物理层故障主备切换(例如网卡下电、拔网卡)。 +- 发送udp报文包长超过45952(32 * 1436)B时,需要将send_ring_size扩大为至少64个。 + +## 注意事项 + +用户根据使用场景评估使用Gazelle + +ltran模式及kni模块由于上游社区及依赖包变更,功能在新版本中不再支持. + +共享内存 + +- 现状 + 大页内存 mount 至 /mnt/hugepages-lstack 目录,进程初始化时在 /mnt/hugepages-lstack 目录下创建文件,每个文件对应一个大页,并 mmap 这些文件。 +- 当前消减措施 + 大页文件权限 600,只有 OWNER 用户才能访问文件,默认 root 用户,支持配置成其他用户; + 大页文件有 DPDK 文件锁,不能直接写或者映射。 +- 注意 + 属于同一用户的恶意进程模仿DPDK实现逻辑,通过大页文件共享大页内存,写破坏大页内存,导致Gazelle程序crash。建议用户下的进程属于同一信任域。 + +**流量限制** +Gazelle没有做流量限制,用户有能力发送最大网卡线速流量的报文到网络,可能导致网络流量拥塞。 + +**进程仿冒** +建议lstack进程都为可信任进程。 diff --git a/docs/zh/docs/server/network/network_config/_toc.yaml b/docs/zh/docs/server/network/network_config/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c5a9b41ee7bd0efef6e4a944163f036d60501c48 --- /dev/null +++ b/docs/zh/docs/server/network/network_config/_toc.yaml @@ -0,0 +1,6 @@ +label: 配置网络 +isManual: true +description: 配置ip,主机名,网络绑定等 +sections: + - label: 配置网络 + href: ./network-configuration.md diff --git "a/docs/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" b/docs/zh/docs/server/network/network_config/network-configuration.md similarity index 100% rename from "docs/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" rename to docs/zh/docs/server/network/network_config/network-configuration.md diff --git a/docs/zh/docs/Releasenotes/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/network/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/Releasenotes/public_sys-resources/icon-caution.gif rename to docs/zh/docs/server/network/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/Releasenotes/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/network/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/Releasenotes/public_sys-resources/icon-danger.gif rename to docs/zh/docs/server/network/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-note.gif b/docs/zh/docs/server/network/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/SecHarden/public_sys-resources/icon-note.gif rename to docs/zh/docs/server/network/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/Releasenotes/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/network/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/Releasenotes/public_sys-resources/icon-notice.gif rename to docs/zh/docs/server/network/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/Releasenotes/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/network/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/Releasenotes/public_sys-resources/icon-tip.gif rename to docs/zh/docs/server/network/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/Releasenotes/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/network/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/Releasenotes/public_sys-resources/icon-warning.gif rename to docs/zh/docs/server/network/public_sys-resources/icon-warning.gif diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/_toc.yaml b/docs/zh/docs/server/performance/cpu_optimization/kae/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1123f0ce7515b755d1d653cfedd763f70f2fbeb6 --- /dev/null +++ b/docs/zh/docs/server/performance/cpu_optimization/kae/_toc.yaml @@ -0,0 +1,6 @@ +label: 使用KAE加速引擎 +isManual: true +description: 使用 KAE 加速引擎降低处理器消耗,提高处理器效率 +sections: + - label: 使用KAE加速引擎 + href: ./using-the-kae.md diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/1665628542704.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/1665628542704.png new file mode 100644 index 0000000000000000000000000000000000000000..58907e0ed31c79b260be80480d4fd4c27e4e2e24 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/1665628542704.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/AT_CHECK_Process.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/AT_CHECK_Process.png new file mode 100644 index 0000000000000000000000000000000000000000..f32d5af3a31c740febf1a4783a1dd0daafacb0df Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/AT_CHECK_Process.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/PostgreSql_architecture.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/PostgreSql_architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..f780ad9cb56378e7baa3497da68ca1610a6dfadb Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/PostgreSql_architecture.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/Process_Of_EXECVAT_ATCHECK.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/Process_Of_EXECVAT_ATCHECK.png new file mode 100644 index 0000000000000000000000000000000000000000..c8f54fe96648f0c012462073a8cd118fd552483c Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/Process_Of_EXECVAT_ATCHECK.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/RA-arch-1.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/RA-arch-1.png new file mode 100644 index 0000000000000000000000000000000000000000..bc55e411637b825b0ce44a7efca08f7e52e0fa70 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/RA-arch-1.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/RA-arch-2.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/RA-arch-2.png new file mode 100644 index 0000000000000000000000000000000000000000..7effbaf881ffe42823142561b9135237989d7153 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/RA-arch-2.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/TPCM.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/TPCM.png new file mode 100644 index 0000000000000000000000000000000000000000..290bdb3471b46dca3e9f0c0907c3855367bd5b65 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/TPCM.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/creat_datadisk.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/creat_datadisk.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/creat_datadisk.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/creat_datadisk1.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/creat_datadisk1.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/creat_datadisk1.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/dim_architecture.jpg b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/dim_architecture.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a1e672d01dd7174c6f631bc0443cea5717a27bfb Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/dim_architecture.jpg differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/etmem-system-architecture.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/etmem-system-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..1e077e00f44c0404526a4742d49c6e866601eee1 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/etmem-system-architecture.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/ima_digest_list_update.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/ima_digest_list_update.png new file mode 100644 index 0000000000000000000000000000000000000000..771067e31cee84591fbb914d7be4e8c576d7f5d2 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/ima_digest_list_update.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/ima_performance.gif b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/ima_performance.gif new file mode 100644 index 0000000000000000000000000000000000000000..72fad8a8333f7357c64a160c1d1c174c31201eaa Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/ima_performance.gif differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/ima_verification.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/ima_verification.png new file mode 100644 index 0000000000000000000000000000000000000000..d022b9d4ea08d4af386c7b76ca28115ad90e5451 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/ima_verification.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/logical_architectureofMariaDB.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/logical_architectureofMariaDB.png new file mode 100644 index 0000000000000000000000000000000000000000..8caa189a6fbf37bf4e9fd863c2ebb24e25547789 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/logical_architectureofMariaDB.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/login.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/login.png new file mode 100644 index 0000000000000000000000000000000000000000..d15c2cad98fba16320d587f3c7b0c80f435c5d3a Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/login.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/nginx_deployed_success.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/nginx_deployed_success.png new file mode 100644 index 0000000000000000000000000000000000000000..9ffb2c142defbd690e5407659116bf8e5582ba73 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/nginx_deployed_success.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/nginx_start_failed.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/nginx_start_failed.png new file mode 100644 index 0000000000000000000000000000000000000000..c8b855453433796265de42d7ffd0189c7ff9be2b Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/nginx_start_failed.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/nginx_start_success.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/nginx_start_success.png new file mode 100644 index 0000000000000000000000000000000000000000..bc6929772fd98fac3494b4436f26910b09818cb7 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/nginx_start_success.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/postgres.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/postgres.png new file mode 100644 index 0000000000000000000000000000000000000000..e7fc36882718587ec949133fe9892185cb4c2158 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/postgres.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/root_of_trust_framework.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/root_of_trust_framework.png new file mode 100644 index 0000000000000000000000000000000000000000..354b40fa4c4f0ed6f7312e0ce3848ed42155732e Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/root_of_trust_framework.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/top_display.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/top_display.png new file mode 100644 index 0000000000000000000000000000000000000000..2d77d3dc2934763b5da896a827b9805da34d1c09 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/top_display.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/trusted_chain.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/trusted_chain.png new file mode 100644 index 0000000000000000000000000000000000000000..034f0f092f41fb500ee4122339c447d10d4138ec Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/trusted_chain.png differ diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0213178480.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0229622729.png similarity index 100% rename from docs/zh/docs/A-Tune/figures/zh-cn_image_0213178480.png rename to docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0229622729.png diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0213178479.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0229622789.png similarity index 100% rename from docs/zh/docs/A-Tune/figures/zh-cn_image_0213178479.png rename to docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0229622789.png diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0230050789.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0230050789.png new file mode 100644 index 0000000000000000000000000000000000000000..0b785be2a026fe059c6ee41700a971a11cfff7ae Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0230050789.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143176.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143176.png new file mode 100644 index 0000000000000000000000000000000000000000..300165189e6d3e8fa356f3d463cfc627c2ece0e2 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143176.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143177.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143177.png new file mode 100644 index 0000000000000000000000000000000000000000..ccafce4b0c58a4da0a9f7aece335ede24e5030c0 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143177.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143178.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143178.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143178.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143180.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143180.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143180.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143181.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143181.png new file mode 100644 index 0000000000000000000000000000000000000000..d3698e6c0e021a56be46b9f4944c858a425eb66c Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143181.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143183.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143183.png new file mode 100644 index 0000000000000000000000000000000000000000..55ffdfa2616ee259543c1539e46c3e05f9335354 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143183.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143185.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143185.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143185.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143187.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143187.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143187.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143189.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143189.png new file mode 100644 index 0000000000000000000000000000000000000000..7656f3aa5f5907f1e9f981c0cb5d44d4fcb84ef3 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143189.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143191.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143191.png new file mode 100644 index 0000000000000000000000000000000000000000..a82d1bcb2b719e3a372f63ae099cb5d52a93b536 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143191.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143193.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143193.png new file mode 100644 index 0000000000000000000000000000000000000000..94614045bddb0871b44d2f6603402f914871ad61 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143193.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143195.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143195.png new file mode 100644 index 0000000000000000000000000000000000000000..05011dbabe2d245c37ec68de646851bf955a2361 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143195.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143196.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143196.png new file mode 100644 index 0000000000000000000000000000000000000000..9bdbac969920af77721980804bd1c5433bea5bc9 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143196.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143197.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143197.png new file mode 100644 index 0000000000000000000000000000000000000000..5ea4eec4002374096d8ac18eb973ed3bf874b632 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143197.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143198.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143198.png new file mode 100644 index 0000000000000000000000000000000000000000..7d6360c150495d204da4b069e6dc62677580888f Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231143198.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563132.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563132.png new file mode 100644 index 0000000000000000000000000000000000000000..bb801a9471f3f3541ba96491654f25e2df9ce8bf Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563132.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563134.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563134.png new file mode 100644 index 0000000000000000000000000000000000000000..398d15376d29d3aa406abb2e7e065d4625428c4d Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563134.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563135.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563135.png new file mode 100644 index 0000000000000000000000000000000000000000..785977142a6bf0e1c1815b82dea73d75fa206a75 Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563135.png differ diff --git a/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563136.png b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563136.png new file mode 100644 index 0000000000000000000000000000000000000000..c274db4d0ca9d8758267a916e19fdef4aa22d0ba Binary files /dev/null and b/docs/zh/docs/server/performance/cpu_optimization/kae/figures/zh-cn_image_0231563136.png differ diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/SecHarden/public_sys-resources/icon-caution.gif rename to docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/SecHarden/public_sys-resources/icon-danger.gif rename to docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/secGear/public_sys-resources/icon-note.gif b/docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/secGear/public_sys-resources/icon-note.gif rename to docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/SecHarden/public_sys-resources/icon-notice.gif rename to docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/SecHarden/public_sys-resources/icon-tip.gif rename to docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/SecHarden/public_sys-resources/icon-warning.gif rename to docs/zh/docs/server/performance/cpu_optimization/kae/public_sys-resources/icon-warning.gif diff --git "a/docs/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" b/docs/zh/docs/server/performance/cpu_optimization/kae/using-the-kae.md similarity index 100% rename from "docs/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" rename to docs/zh/docs/server/performance/cpu_optimization/kae/using-the-kae.md diff --git a/docs/zh/docs/server/performance/cpu_optimization/sysboost/_toc.yaml b/docs/zh/docs/server/performance/cpu_optimization/sysboost/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6ab68eb55d7ddf3d287d5200cf28b4a967de7a43 --- /dev/null +++ b/docs/zh/docs/server/performance/cpu_optimization/sysboost/_toc.yaml @@ -0,0 +1,13 @@ +label: sysBoost用户指南 +isManual: true +description: 优化代码与运行环境的 CPU 微架构的适应性,提升程序性能 +sections: + - label: sysBoost用户指南 + href: ./sysboost.md + sections: + - label: 认识sysBoost + href: ./getting-to-know-sysBoost.md + - label: 安装与部署 + href: ./installation-and-deployment.md + - label: 使用方法 + href: ./usage-instructions.md diff --git a/docs/zh/docs/sysBoost/figures/icon-note.gif b/docs/zh/docs/server/performance/cpu_optimization/sysboost/figures/icon-note.gif similarity index 100% rename from docs/zh/docs/sysBoost/figures/icon-note.gif rename to docs/zh/docs/server/performance/cpu_optimization/sysboost/figures/icon-note.gif diff --git "a/docs/zh/docs/sysBoost/figures/\346\236\266\346\236\204.png" "b/docs/zh/docs/server/performance/cpu_optimization/sysboost/figures/\346\236\266\346\236\204.png" similarity index 100% rename from "docs/zh/docs/sysBoost/figures/\346\236\266\346\236\204.png" rename to "docs/zh/docs/server/performance/cpu_optimization/sysboost/figures/\346\236\266\346\236\204.png" diff --git "a/docs/zh/docs/sysBoost/\350\256\244\350\257\206sysBoost.md" b/docs/zh/docs/server/performance/cpu_optimization/sysboost/getting-to-know-sysBoost.md similarity index 100% rename from "docs/zh/docs/sysBoost/\350\256\244\350\257\206sysBoost.md" rename to docs/zh/docs/server/performance/cpu_optimization/sysboost/getting-to-know-sysBoost.md diff --git "a/docs/zh/docs/sysBoost/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" b/docs/zh/docs/server/performance/cpu_optimization/sysboost/installation-and-deployment.md similarity index 100% rename from "docs/zh/docs/sysBoost/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" rename to docs/zh/docs/server/performance/cpu_optimization/sysboost/installation-and-deployment.md diff --git a/docs/zh/docs/sysBoost/sysBoost.md b/docs/zh/docs/server/performance/cpu_optimization/sysboost/sysboost.md similarity index 100% rename from docs/zh/docs/sysBoost/sysBoost.md rename to docs/zh/docs/server/performance/cpu_optimization/sysboost/sysboost.md diff --git "a/docs/zh/docs/sysBoost/\344\275\277\347\224\250\346\226\271\346\263\225.md" b/docs/zh/docs/server/performance/cpu_optimization/sysboost/usage-instructions.md similarity index 100% rename from "docs/zh/docs/sysBoost/\344\275\277\347\224\250\346\226\271\346\263\225.md" rename to docs/zh/docs/server/performance/cpu_optimization/sysboost/usage-instructions.md diff --git a/docs/zh/docs/server/performance/overall/system_resource/_toc.yaml b/docs/zh/docs/server/performance/overall/system_resource/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b6a8243dda65617faabf9f0a84b0479d177712e5 --- /dev/null +++ b/docs/zh/docs/server/performance/overall/system_resource/_toc.yaml @@ -0,0 +1,6 @@ +label: 系统资源与性能 +isManual: true +description: 介绍CPU,内存,I/O 及常用性能分析工具 +sections: + - label: 系统资源与性能 + href: ./system-resources-and-performance.md diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/c50cb9df64f4659787c810167c89feb4_1884x257.png b/docs/zh/docs/server/performance/overall/system_resource/images/c50cb9df64f4659787c810167c89feb4_1884x257.png new file mode 100644 index 0000000000000000000000000000000000000000..01081f25627731c56764c196e3fae32d55bc7023 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/c50cb9df64f4659787c810167c89feb4_1884x257.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001321685172.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001321685172.png new file mode 100644 index 0000000000000000000000000000000000000000..a98265bdf251608c0ff394fefe545cd3192bdb28 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001321685172.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322112990.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322112990.png new file mode 100644 index 0000000000000000000000000000000000000000..6f4b32bf2b36595abe10f2550cda5714bc355553 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322112990.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322219840.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322219840.png new file mode 100644 index 0000000000000000000000000000000000000000..48b28664df46ddf9aa38c7570bb9e9edb8080ac9 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322219840.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322372918.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322372918.png new file mode 100644 index 0000000000000000000000000000000000000000..5424367c9bc564e713220ba87f963096881833b8 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322372918.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322379488.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322379488.png new file mode 100644 index 0000000000000000000000000000000000000000..8b18cdca066be43b74443498edc5500ea9e1e608 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001322379488.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001335457246.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001335457246.png new file mode 100644 index 0000000000000000000000000000000000000000..325d6a8ce097db0b92b1a883bc4b3d4ad0bc6a49 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001335457246.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001335816300.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001335816300.png new file mode 100644 index 0000000000000000000000000000000000000000..619f0c33503cd27d92f227216c722d554b9132f2 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001335816300.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001336448570.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001336448570.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd494d78d83fef2e8a89c80e17c9b6db892a2e9 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001336448570.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001336729664.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001336729664.png new file mode 100644 index 0000000000000000000000000000000000000000..4d73507cceab2e0b123d6864d9f86c86eb1eee2f Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001336729664.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337000118.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337000118.png new file mode 100644 index 0000000000000000000000000000000000000000..37131647778506f24be4ff401392a9cc209a36eb Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337000118.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337039920.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337039920.png new file mode 100644 index 0000000000000000000000000000000000000000..40c07e9b6ec27cdbe47d39788736b892f1174cc8 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337039920.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337051916.jpg b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337051916.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a2083b7783041884394f796222352d8772ada6cc Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337051916.jpg differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337053248.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337053248.png new file mode 100644 index 0000000000000000000000000000000000000000..8859f37749a4f8a4394e24ddfb54fc473e8c10c2 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337053248.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337172594.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337172594.png new file mode 100644 index 0000000000000000000000000000000000000000..4e806f83c57880543a777807778f14eeb0105aba Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337172594.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337212144.jpg b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337212144.jpg new file mode 100644 index 0000000000000000000000000000000000000000..c6f0874250475f598efa7375516109b540918fb8 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337212144.jpg differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337260780.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337260780.png new file mode 100644 index 0000000000000000000000000000000000000000..09d521d933f5fa0caacc592ea92acee959786051 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337260780.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337268560.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337268560.png new file mode 100644 index 0000000000000000000000000000000000000000..663f67428487d88e23aa9c3291c31399fec2f2c3 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337268560.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337268820.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337268820.png new file mode 100644 index 0000000000000000000000000000000000000000..cd1732ee870a6dde0acc54642f34793933ce3356 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337268820.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337419960.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337419960.png new file mode 100644 index 0000000000000000000000000000000000000000..c3b493bf1e57f130e122b59e99ff45cd44539dad Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337419960.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337420372.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337420372.png new file mode 100644 index 0000000000000000000000000000000000000000..2300bcd7426748236fd48b85688bd3d1fa3315df Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337420372.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337422904.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337422904.png new file mode 100644 index 0000000000000000000000000000000000000000..01e250c6f7cbb64abe0b136cd80fda7ae68b629d Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337422904.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337424024.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337424024.png new file mode 100644 index 0000000000000000000000000000000000000000..6532d98885f756c6704bc4bacc0f9133d78405a7 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337424024.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337424304.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337424304.png new file mode 100644 index 0000000000000000000000000000000000000000..9ecb384ed58458c24d8e3ae729c4de197b982b86 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337424304.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337427216.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337427216.png new file mode 100644 index 0000000000000000000000000000000000000000..8633dbdd658f98501dfc91a704395260f2d4df3c Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337427216.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337427392.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337427392.png new file mode 100644 index 0000000000000000000000000000000000000000..74f5cb24520c94de8628b2e64e6916c563f9f5a2 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337427392.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337533690.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337533690.png new file mode 100644 index 0000000000000000000000000000000000000000..1f02d9b155754a113347a54a7d35ba9b060175a8 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337533690.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337536842.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337536842.png new file mode 100644 index 0000000000000000000000000000000000000000..5a9ee2c989638c9a6aad3fcfb35bb9b9f2d4683c Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337536842.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337579708.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337579708.png new file mode 100644 index 0000000000000000000000000000000000000000..5cd8ed939434e6447dd55679eeaa3756d861751f Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337579708.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337580216.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337580216.png new file mode 100644 index 0000000000000000000000000000000000000000..5516b8d261b769287c74cf860a6708fcde6bbb8a Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337580216.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337584296.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337584296.png new file mode 100644 index 0000000000000000000000000000000000000000..fa76ecb59018fb154ffe1d9f6da1484d652f3ac1 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337584296.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337696078.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337696078.png new file mode 100644 index 0000000000000000000000000000000000000000..3864852e345eaf01794042feaa85b012b8af71de Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337696078.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337740252.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337740252.png new file mode 100644 index 0000000000000000000000000000000000000000..fd83fb600a54ab8bc39ee2ae54210be8b6c48973 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337740252.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337740540.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337740540.png new file mode 100644 index 0000000000000000000000000000000000000000..b8e25128a47dccaed733fc192f52f2ca7828e516 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337740540.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337747132.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337747132.png new file mode 100644 index 0000000000000000000000000000000000000000..41ea7d47f5fe5fca46816d93cb08b5da00abc0ad Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337747132.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337748300.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337748300.png new file mode 100644 index 0000000000000000000000000000000000000000..32488dc1740408834954cf8d57a2843d98f09c2e Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337748300.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337748528.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337748528.png new file mode 100644 index 0000000000000000000000000000000000000000..f2d62c85c844c2756f4d27a48711560dfb9615ea Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001337748528.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372249333.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372249333.png new file mode 100644 index 0000000000000000000000000000000000000000..48cd37225954e212cb3e159acc137866d8edc362 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372249333.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372748125.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372748125.png new file mode 100644 index 0000000000000000000000000000000000000000..5f6326b9415cf766dd8379dbadd5aa1a0dc6861f Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372748125.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372821865.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372821865.png new file mode 100644 index 0000000000000000000000000000000000000000..21e8dad1cd90755440cf858523b12c036a91e1ad Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372821865.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372824637.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372824637.png new file mode 100644 index 0000000000000000000000000000000000000000..aefb5d83c079e6718ef88fd934b4b496cdc29565 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001372824637.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001373373585.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001373373585.png new file mode 100644 index 0000000000000000000000000000000000000000..c4e5e47c9beca2c7c7630d78916f80eda652b52a Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001373373585.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001373379529.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001373379529.png new file mode 100644 index 0000000000000000000000000000000000000000..daa40b49e679668905632f25ff42bf8599ba0ead Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001373379529.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001384808269.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001384808269.png new file mode 100644 index 0000000000000000000000000000000000000000..be18ecef3a149d5742f18535552f66f26ab34832 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001384808269.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001385585749.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001385585749.png new file mode 100644 index 0000000000000000000000000000000000000000..c13604ab7095c2a7717bde1384f0aea3d53f69e3 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001385585749.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001385611905.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001385611905.png new file mode 100644 index 0000000000000000000000000000000000000000..8c233e40a21e678ddf4115c2e2e80c96e25a60ce Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001385611905.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001385905845.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001385905845.png new file mode 100644 index 0000000000000000000000000000000000000000..a6cb8bc4a188ef444919d71f7f16baa06422788b Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001385905845.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001386149037.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001386149037.png new file mode 100644 index 0000000000000000000000000000000000000000..da73fead24d8805bb43287f53c757e80ff0d597f Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001386149037.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001386699925.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001386699925.png new file mode 100644 index 0000000000000000000000000000000000000000..cf5b13b35e65ed0143a01a5bcad1e11eaddaded7 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001386699925.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387293085.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387293085.png new file mode 100644 index 0000000000000000000000000000000000000000..7f56b020949c53d018eba016952c2409f0d7dca9 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387293085.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387413509.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387413509.png new file mode 100644 index 0000000000000000000000000000000000000000..2245427058fc31f3e5d7f40062c0551936a67199 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387413509.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387413793.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387413793.png new file mode 100644 index 0000000000000000000000000000000000000000..aa649bf7215662819766d897513fb711d9d1e7f8 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387413793.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387415629.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387415629.png new file mode 100644 index 0000000000000000000000000000000000000000..01189358354090591de6580f8ef88ef78ddba3a1 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387415629.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387691985.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387691985.png new file mode 100644 index 0000000000000000000000000000000000000000..31c3096fa837c1b397ab2fe27acdd87e2cec36de Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387691985.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387692269.jpg b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387692269.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b79e3ddf78520277046b933c4662c6b72f45ab85 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387692269.jpg differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387692893.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387692893.png new file mode 100644 index 0000000000000000000000000000000000000000..49ea515d834b58d4ded14c55a6a2b07034d76137 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387692893.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387755969.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387755969.png new file mode 100644 index 0000000000000000000000000000000000000000..b2daa95d6b757e7bd443d8fd961922f248dd6853 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387755969.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387780357.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387780357.png new file mode 100644 index 0000000000000000000000000000000000000000..1aab3b8be2cd0c906253d70036a9fee3050a1055 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387780357.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387784693.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387784693.png new file mode 100644 index 0000000000000000000000000000000000000000..62a40117a892ba6c163be81bce1d198c2920f0e9 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387784693.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387787605.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387787605.png new file mode 100644 index 0000000000000000000000000000000000000000..8c1893e16fb929f77bb6b9a70cb25d3479dd684c Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387787605.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387855149.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387855149.png new file mode 100644 index 0000000000000000000000000000000000000000..731e957c367cb05e4229f53cf97dcee2cde69dff Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387855149.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387857005.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387857005.png new file mode 100644 index 0000000000000000000000000000000000000000..872f5c9eb05169831df4ba49d017629e8a943c64 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387857005.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387902849.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387902849.png new file mode 100644 index 0000000000000000000000000000000000000000..ffe2043c199308ed2033e3eb02a0662a65141ece Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387902849.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387907229.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387907229.png new file mode 100644 index 0000000000000000000000000000000000000000..084fbea1aee4d09b1e623c66b4f07641c7a0208d Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387907229.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387908045.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387908045.png new file mode 100644 index 0000000000000000000000000000000000000000..1fca645598e7a67da6e75b98c44f3c9a740be374 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387908045.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387908453.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387908453.png new file mode 100644 index 0000000000000000000000000000000000000000..b97804a0a575fd18235e7a0c7e4f2d0183e3b460 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387908453.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387961737.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387961737.png new file mode 100644 index 0000000000000000000000000000000000000000..ae4ddce8cf2629b811e9711c61186b3efa4dfe3c Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001387961737.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388020197.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388020197.png new file mode 100644 index 0000000000000000000000000000000000000000..1816e1e068ee0294677ebb357ffd158a14bb86cf Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388020197.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388024321.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388024321.png new file mode 100644 index 0000000000000000000000000000000000000000..da3ba54203ded0093b7c2b5308de0e2afd85a146 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388024321.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388024397.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388024397.png new file mode 100644 index 0000000000000000000000000000000000000000..4e4531dd19dc703399c9d4dd0e95236fa9a064c8 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388024397.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388028161.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388028161.png new file mode 100644 index 0000000000000000000000000000000000000000..b3beb92520c34ba771d096a8a146fb2c5b5edbb7 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388028161.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388028537.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388028537.png new file mode 100644 index 0000000000000000000000000000000000000000..ffb244306787c397ef4a9f4d9c3eb504172d3777 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388028537.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388184025.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388184025.png new file mode 100644 index 0000000000000000000000000000000000000000..cbce6fe1e32c547426319923c0fdb13e95554b99 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388184025.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388187249.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388187249.png new file mode 100644 index 0000000000000000000000000000000000000000..0ac83f21e269d909e550b68cb0bdc6347c05dcac Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388187249.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388187325.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388187325.png new file mode 100644 index 0000000000000000000000000000000000000000..02dbdf218da2cb1c844dfc13a463875df5124d48 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388187325.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388188365.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388188365.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe3bfb48446bab88e3e622b9f8066383f269590 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388188365.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388241577.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388241577.png new file mode 100644 index 0000000000000000000000000000000000000000..8dacb6e343ea4c750904fa090bb99213e012379d Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388241577.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388972645.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388972645.png new file mode 100644 index 0000000000000000000000000000000000000000..e32606925f4bb4380b262d9f946d4cd106202b87 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001388972645.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001389098425.png b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001389098425.png new file mode 100644 index 0000000000000000000000000000000000000000..c63903009ab9ba454f169250632dbec1b3c94467 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_image_0000001389098425.png differ diff --git a/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_other_0000001337581224.jpeg b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_other_0000001337581224.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..2c019b828bdf9c699f203f09ba3542968ff21262 Binary files /dev/null and b/docs/zh/docs/server/performance/overall/system_resource/images/zh-cn_other_0000001337581224.jpeg differ diff --git "a/docs/zh/docs/ops_guide/\347\263\273\347\273\237\350\265\204\346\272\220\344\270\216\346\200\247\350\203\275.md" b/docs/zh/docs/server/performance/overall/system_resource/syatem-resources-and-performance.md similarity index 100% rename from "docs/zh/docs/ops_guide/\347\263\273\347\273\237\350\265\204\346\272\220\344\270\216\346\200\247\350\203\275.md" rename to docs/zh/docs/server/performance/overall/system_resource/syatem-resources-and-performance.md diff --git a/docs/zh/docs/server/performance/system_optimzation/atune/_toc.yaml b/docs/zh/docs/server/performance/system_optimzation/atune/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..239bfa9952c68ecb22582bc7f55d30a58d39c017 --- /dev/null +++ b/docs/zh/docs/server/performance/system_optimzation/atune/_toc.yaml @@ -0,0 +1,19 @@ +label: A-Tune用户指南 +isManual: true +description: 利用人工智能技术,实现对 openEuler 系统性能的智能化、自动化调优 +sections: + - label: A-Tune用户指南 + href: ./a-tune.md + sections: + - label: 认识A-Tune + href: ./getting-to-know-a-tune.md + - label: 安装与部署 + href: ./installation-and-deployment.md + - label: 使用方法 + href: ./usage-instructions.md + - label: native-turbo特性 + href: ./native-turbo.md + - label: 附录 + href: ./appendix.md + - label: 常见问题与解决方法 + href: ./faqs-and-solutions.md diff --git a/docs/zh/docs/A-Tune/A-Tune.md b/docs/zh/docs/server/performance/system_optimzation/atune/a-tune.md similarity index 100% rename from docs/zh/docs/A-Tune/A-Tune.md rename to docs/zh/docs/server/performance/system_optimzation/atune/a-tune.md diff --git "a/docs/zh/docs/A-Tune/\351\231\204\345\275\225.md" b/docs/zh/docs/server/performance/system_optimzation/atune/appendix.md similarity index 100% rename from "docs/zh/docs/A-Tune/\351\231\204\345\275\225.md" rename to docs/zh/docs/server/performance/system_optimzation/atune/appendix.md diff --git "a/docs/zh/docs/A-Tune/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" b/docs/zh/docs/server/performance/system_optimzation/atune/faqs-and-solutions.md similarity index 100% rename from "docs/zh/docs/A-Tune/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to docs/zh/docs/server/performance/system_optimzation/atune/faqs-and-solutions.md diff --git a/docs/zh/docs/A-Tune/figures/picture1.png b/docs/zh/docs/server/performance/system_optimzation/atune/figures/picture1.png similarity index 100% rename from docs/zh/docs/A-Tune/figures/picture1.png rename to docs/zh/docs/server/performance/system_optimzation/atune/figures/picture1.png diff --git a/docs/zh/docs/A-Tune/figures/picture4.png b/docs/zh/docs/server/performance/system_optimzation/atune/figures/picture4.png similarity index 100% rename from docs/zh/docs/A-Tune/figures/picture4.png rename to docs/zh/docs/server/performance/system_optimzation/atune/figures/picture4.png diff --git a/docs/zh/docs/SecHarden/figures/zh-cn_image_0221925211.png b/docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0213178479.png similarity index 100% rename from docs/zh/docs/SecHarden/figures/zh-cn_image_0221925211.png rename to docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0213178479.png diff --git a/docs/zh/docs/SecHarden/figures/zh-cn_image_0221925212.png b/docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0213178480.png similarity index 100% rename from docs/zh/docs/SecHarden/figures/zh-cn_image_0221925212.png rename to docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0213178480.png diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0214540398.png b/docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0214540398.png similarity index 100% rename from docs/zh/docs/A-Tune/figures/zh-cn_image_0214540398.png rename to docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0214540398.png diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png b/docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0227497000.png similarity index 100% rename from docs/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png rename to docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0227497000.png diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png b/docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0227497343.png similarity index 100% rename from docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png rename to docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0227497343.png diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0231122163.png b/docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0231122163.png similarity index 100% rename from docs/zh/docs/A-Tune/figures/zh-cn_image_0231122163.png rename to docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0231122163.png diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0245342444.png b/docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0245342444.png similarity index 100% rename from docs/zh/docs/A-Tune/figures/zh-cn_image_0245342444.png rename to docs/zh/docs/server/performance/system_optimzation/atune/figures/zh-cn_image_0245342444.png diff --git "a/docs/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" b/docs/zh/docs/server/performance/system_optimzation/atune/getting-to-know-a-tune.md similarity index 100% rename from "docs/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" rename to docs/zh/docs/server/performance/system_optimzation/atune/getting-to-know-a-tune.md diff --git "a/docs/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" b/docs/zh/docs/server/performance/system_optimzation/atune/installation-and-deployment.md similarity index 99% rename from "docs/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" rename to docs/zh/docs/server/performance/system_optimzation/atune/installation-and-deployment.md index 2b9bb426ebb658d6c6f714cb8f47eff78c6274ac..91f0bb00ae51e6e7adc4c209d49b430556d2867e 100644 --- "a/docs/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" +++ b/docs/zh/docs/server/performance/system_optimzation/atune/installation-and-deployment.md @@ -121,9 +121,9 @@ A-Tune配置文件/etc/atuned/atuned.cnf的配置项说明如下: - interval:系统执行analysis流程时采集样本的间隔时间,默认为5s。 - grpc_tls:系统gRPC的SSL/TLS证书校验开关,默认不开启。开启grpc_tls后,atune-adm命令在使用前需要设置以下环境变量方可与服务端进行通讯: - export ATUNE_TLS=yes - - export ATUNED_CACERT=<客户端CA证书路径> - - export ATUNED_CLIENTCERT=<客户端证书路径> - - export ATUNED_CLIENTKEY=<客户端密钥路径> + - export ATUNED_CACERT=\<客户端CA证书路径> + - export ATUNED_CLIENTCERT=\<客户端证书路径> + - export ATUNED_CLIENTKEY=\<客户端密钥路径> - export ATUNED_SERVERCN=server - tlsservercafile:gRPC服务端CA证书路径。 - tlsservercertfile:gRPC服务端证书路径。 diff --git a/docs/zh/docs/A-Tune/native-turbo.md b/docs/zh/docs/server/performance/system_optimzation/atune/native-turbo.md similarity index 100% rename from docs/zh/docs/A-Tune/native-turbo.md rename to docs/zh/docs/server/performance/system_optimzation/atune/native-turbo.md diff --git a/docs/zh/docs/sysMaster/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-caution.gif similarity index 100% rename from docs/zh/docs/sysMaster/public_sys-resources/icon-caution.gif rename to docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-caution.gif diff --git a/docs/zh/docs/sysMaster/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-danger.gif similarity index 100% rename from docs/zh/docs/sysMaster/public_sys-resources/icon-danger.gif rename to docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-danger.gif diff --git a/docs/zh/docs/sysMaster/public_sys-resources/icon-note.gif b/docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-note.gif similarity index 100% rename from docs/zh/docs/sysMaster/public_sys-resources/icon-note.gif rename to docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-note.gif diff --git a/docs/zh/docs/sysMaster/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-notice.gif similarity index 100% rename from docs/zh/docs/sysMaster/public_sys-resources/icon-notice.gif rename to docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-notice.gif diff --git a/docs/zh/docs/sysMaster/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-tip.gif similarity index 100% rename from docs/zh/docs/sysMaster/public_sys-resources/icon-tip.gif rename to docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-tip.gif diff --git a/docs/zh/docs/sysMaster/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-warning.gif similarity index 100% rename from docs/zh/docs/sysMaster/public_sys-resources/icon-warning.gif rename to docs/zh/docs/server/performance/system_optimzation/atune/public_sys-resources/icon-warning.gif diff --git "a/docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" b/docs/zh/docs/server/performance/system_optimzation/atune/usage-instructions.md similarity index 100% rename from "docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" rename to docs/zh/docs/server/performance/system_optimzation/atune/usage-instructions.md diff --git a/docs/zh/docs/server/performance/tuning_framework/oeaware/_toc.yaml b/docs/zh/docs/server/performance/tuning_framework/oeaware/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3ff9122cfb5c8fad0cd0fb55762fc8c37fb7a67b --- /dev/null +++ b/docs/zh/docs/server/performance/tuning_framework/oeaware/_toc.yaml @@ -0,0 +1,6 @@ +label: oeAware用户指南 +isManual: true +description: 动态感知系统行为后,智能使能系统的调优特性 +sections: + - label: oeAware用户指南 + href: ./oeaware-user-guide.md diff --git a/docs/zh/docs/oeAware/figures/dep.png b/docs/zh/docs/server/performance/tuning_framework/oeaware/figures/dep.png similarity index 100% rename from docs/zh/docs/oeAware/figures/dep.png rename to docs/zh/docs/server/performance/tuning_framework/oeaware/figures/dep.png diff --git "a/docs/zh/docs/oeAware/oeAware\347\224\250\346\210\267\346\214\207\345\215\227.md" b/docs/zh/docs/server/performance/tuning_framework/oeaware/oeaware-user-guide.md similarity index 96% rename from "docs/zh/docs/oeAware/oeAware\347\224\250\346\210\267\346\214\207\345\215\227.md" rename to docs/zh/docs/server/performance/tuning_framework/oeaware/oeaware-user-guide.md index 775aab7256003fee5f0ffd64adbfb9280286f446..cdb4b3b0e7d219bb39bf6b1239ced3fa70ab7d1f 100644 --- "a/docs/zh/docs/oeAware/oeAware\347\224\250\346\210\267\346\214\207\345\215\227.md" +++ b/docs/zh/docs/server/performance/tuning_framework/oeaware/oeaware-user-guide.md @@ -1,582 +1,582 @@ -# oeAware用户指南 - -## 简介 - -oeAware是在openEuler上实现低负载采集感知调优的框架,目标是动态感知系统行为后智能使能系统的调优特性。传统调优特性都以独立运行且静态打开关闭为主,oeAware将调优拆分采集、感知和调优三层,每层通过订阅方式关联,各层采用插件式开发尽可能复用。 - -## 安装 - -配置openEuler的yum源,使用yum命令安装。在openEuler-22.03-LTS-SP4版本中会默认安装。 - -```shell -yum install oeAware-manager -``` - -## 使用方法 - -首先启动oeaware服务,然后通过`oeawarectl`命令进行使用。 - -### 服务启动 - -通过systemd服务启动。安装完成后会默认启动。 - -```shell -systemctl start oeaware -``` - -配置文件 - -配置文件路径:/etc/oeAware/config.yaml - -```yaml -log_path: /var/log/oeAware #日志存储路径 -log_level: 1 #日志等级 1:DEBUG 2:NFO 3:WARN 4:ERROR -enable_list: #默认使能插件 - - name: libtest.so #只配置插件,使能本插件的所有实例 - - name: libtest1.so #配置插件实例,使能配置的插件实例 - instances: - - instance1 - - instance2 - ... - ... -plugin_list: #可支持下载的包 - - name: test #名称需要唯一,如果重复取第一个配置 - description: hello world - url: https://gitee.com/openeuler/oeAware-manager/raw/master/README.md #url非空 - ... -``` - -修改配置文件后,通过以下命令重启服务。 - -```shell -systemctl restart oeaware -``` - -### 插件说明 - -**插件定义**:一个插件对应一个.so文件,插件分为采集插件、感知插件和调优插件。 - -**实例定义**:服务中的调度单位是实例,一个插件中包括多个实例。例如,一个采集插件包括多个采集项,每个采集项是一个实例。 - - -### 插件加载 - -服务会默认加载插件存储路径下的插件。 - -插件路径:/usr/lib64/oeAware-plugin/ - - -另外也可以通过手动加载的方式加载插件。 - -```shell -oeawarectl -l | --load <插件名> -``` - -示例 - -```shell -[root@localhost ~]# oeawarectl -l libthread_collect.so -Plugin loaded successfully. -``` - -失败返回错误说明。 - -### 插件卸载 - -```shell -oeawarectl -r <插件名> | --remove <插件名> -``` - -示例 - -```shell -[root@localhost ~]# oeawarectl -r libthread_collect.so -Plugin remove successfully. -``` - -失败返回错误说明。 - -### 插件查询 - -#### 查询插件状态信息 - -```shell -oeawarectl -q #查询系统中已经加载的所有插件 -oeawarectl --query <插件名> #查询指定插件 -``` - -示例 - -```shell -[root@localhost ~]# oeawarectl -q -Show plugins and instances status. ------------------------------------------------------------- -libsystem_tune.so - stealtask_tune(available, close, count: 0) - smc_tune(available, close, count: 0) - xcall_tune(available, close, count: 0) - seep_tune(available, close, count: 0) -libpmu.so - pmu_counting_collector(available, close, count: 0) - pmu_sampling_collector(available, close, count: 0) - pmu_spe_collector(available, close, count: 0) - pmu_uncore_collector(available, close, count: 0) -libdocker_tune.so - docker_cpu_burst(available, close, count: 0) -libthread_scenario.so - thread_scenario(available, close, count: 0) -libsystem_collector.so - thread_collector(available, close, count: 0) - kernel_config(available, close, count: 0) - command_collector(available, close, count: 0) -libdocker_collector.so - docker_collector(available, close, count: 0) -libub_tune.so - unixbench_tune(available, close, count: 0) -libanalysis_oeaware.so - analysis_aware(available, close, count: 0) ------------------------------------------------------------- -format: -[plugin] - [instance]([dependency status], [running status], [enable cnt]) -dependency status: available means satisfying dependency, otherwise unavailable. -running status: running means that instance is running, otherwise close. -enable cnt: number of instances enabled. -``` - -失败返回错误说明。 - -#### 查询运行实例订阅关系 - -```shell -oeawarectl -Q #查询所有运行实例的订阅关系图 -oeawarectl --query-dep= <插件实例> #查询运行实例订阅关系图 -``` - -在当前目录下生成dep.png,显示订阅关系。 - -实例未运行,不会显示订阅关系。 - -示例 - -```sh -oeawarectl -e thread_scenario -oeawarectl -Q -``` -![img](./figures/dep.png) - - -### 插件实例使能 - -#### 使能插件实例 - -```shell -oeawarectl -e | --enable <插件实例> -``` - -使能某个插件实例,会将其订阅的topic实例一起使能。 - -失败返回错误说明。 - -推荐使能插件列表: -- libsystem_tune.so:stealtask_tune,smc_tune,xcall_tune,seep_tune。 -- libub_tune.so:unixbench_tune。 -- libtune_numa.so:tune_numa_mem_access。 - -其他插件主要用来提供数据,可通过sdk获取插件数据。 -#### 关闭插件实例 - -```shell -oeawarectl -d | --disable <插件实例> -``` -关闭某个插件实例,会将其订阅的topic实例一起关闭。 - -失败返回错误说明。 - -### 插件下载安装 - -通过`--list`命令查询支持下载的rpm包和已安装的插件。 - -```shell -oeawarectl --list -``` - -查询结果如下。 - -```shell -Supported Packages: #可下载的包 -[name1] #config中配置的plugin_list -[name2] -... -Installed Plugins: #已安装的插件 -[name1] -[name2] -... -``` - -通过`--install`命令下载安装rpm包。 - -```shell -oeawarectl -i | --install #指定--list下查询得到的包名称(Supported Packages下的包) -``` - -失败返回错误说明。 - -### 分析模式 - -```sh -oeawarectl analysis -h -usage: oeawarectl analysis [options]... - options - -t|--time set analysis duration in seconds(default 30s), range from 1 to 100. - -r|--realtime show real time report. - -v|--verbose show verbose information. - -h|--help show this help message. -``` -示例 - -执行以下命令,输出系统分析报告。 -```sh -oeawarectl analysis -t 10 -``` -结果如下 -```bash -============================================================================================ - Summary Analysis Report -============================================================================================ - ========================================= Suggest ========================================= - Tune Instance | Suggest | Note - stealtask_tune | No | CpuRatio(average) : 0.17% - smc_tune | No | Collecting very little network access - gazelle | No | Collecting very little network access - tune_numa_mem_access | No | No access - ========================================= Network ========================================= - - Local network communication distribution - Node0 Node1 Node2 Node3 - 0.00% 0.00% 0.00% 0.00% - Remote network communication distribution(receive) - matrix representation of network thread nodes to irq nodes - Node0 Node1 Node2 Node3 - Node0 100.00% 0.00% 0.00% 0.00% - Node1 0.00% 0.00% 0.00% 0.00% - Node2 0.00% 0.00% 0.00% 0.00% - Node3 0.00% 0.00% 0.00% 0.00% - ======================================== Solution ======================================== - No solution. -``` -报告分为三部分 - - Suggest:根据系统运行状态,给出调优建议。 - - Network:网络使用情况。 - - Solution:给出具体调优方法。 -### 帮助 -通过`--help`查看帮助。 -```shell -usage: oeawarectl [options]... - options - -l|--load [plugin] load plugin. - -r|--remove [plugin] remove plugin from system. - -e|--enable [instance] enable the plugin instance. - -d|--disable [instance] disable the plugin instance. - -q query all plugins information. - --query [plugin] query the plugin information. - -Q query all instances dependencies. - --query-dep [instance] query the instance dependency. - --list the list of supported plugins. - -i|--install [plugin] install plugin from the list. - --help show this help message. -``` - -## 插件开发说明 - -### 基础数据结构 -```c++ -typedef struct { - char *instanceName; // 实例名称 - char *topicName; // 主题名称 - char *params; // 参数 -} CTopic; - -typedef struct { - CTopic topic; - unsigned long long len; // data数组的长度 - void **data; // 存储的数据 -} DataList; - -const int OK = 0; -const int FAILED = -1; - -typedef struct { - int code; // 成功返回OK,失败返回FAILED - char *payload; // 附带信息 -} Result; - -``` - -### 实例基类 - -```c++ -namespace oeaware { -// Instance type. -const int TUNE = 0b10000; -const int SCENARIO = 0b01000; -const int RUN_ONCE = 0b00010; -class Interface { -public: - virtual Result OpenTopic(const Topic &topic) = 0; - virtual void CloseTopic(const Topic &topic) = 0; - virtual void UpdateData(const DataList &dataList) = 0; - virtual Result Enable(const std::string ¶m = "") = 0; - virtual void Disable() = 0; - virtual void Run() = 0; -protected: - std::string name; - std::string version; - std::string description; - std::vector supportTopics; - int priority; - int type; - int period; -} -} -``` -实例开发继承实例基类,实现6个虚函数,并对类的7个属性赋值。 - -实例采用订阅发布模式,通过Subscribe获取数据,通过Publish接口发布数据。 - -### 属性说明 -| 属性 | 类型 | 说明 | -| --- | --- | --- | -| name | string | 实例名称 | -| version | string | 实例版本(预留) | -| description | string | 实例描述 | -| supportTopics | vector | 支持的topic | -| priority | int | 实例执行的优先级 (调优 > 感知 > 采集)| -| type | int | 实例类型,通过比特位标识,第二位表示单次执行实例,第三位表示采集实例,第四位表示感知实例,第5位表示调优实例| -| period | int | 实例执行周期,单位ms,period为10的倍数 | - -### 接口说明 -| 函数名 | 参数 | 返回值 | 说明 | -| --- | --- | --- | --- | -|Result OpenTopic(const Topic &topic) | topic:打开的主题 | | 打开对应的topic | -| void CloseTopic(const Topic &topic) | topic:关闭的主题| |关闭对应的topic | -| void UpdateData(const DataList &dataList) | dataList:订阅的数据 | | 当订阅topic时,被订阅的topic每周期会通过UpdateData更新数据 | -| Result Enable(const std::string ¶m = "") | param:预留 | | 使能本实例 | -| void Disable() | | | 关闭本实例 | -| void Run() | | | 每周期会执行run函数 | -### 实例示例 -```C++ -#include -#include - -class Test : public oeaware::Interface { -public: - Test() { - name = "TestA"; - version = "1.0"; - description = "this is a test plugin"; - supportTopics; - priority = 0; - type = 0; - period = 20; - } - oeaware::Result OpenTopic(const oeaware::Topic &topic) override { - return oeaware::Result(OK); - } - void CloseTopic(const oeaware::Topic &topic) override { - - } - void UpdateData(const DataList &dataList) override { - for (int i = 0; i < dataList.len; ++i) { - ThreadInfo *info = static_cast(dataList.data[i]); - INFO(logger, "pid: " << info->pid << ", name: " << info->name); - } - } - oeaware::Result Enable(const std::string ¶m = "") override { - Subscribe(oeaware::Topic{"thread_collector", "thread_collector", ""}); - return oeaware::Result(OK); - } - void Disable() override { - - } - void Run() override { - DataList dataList; - oeaware::SetDataListTopic(&dataList, "test", "test", ""); - dataList.len = 1; - dataList.data = new void* [1]; - dataList.data[0] = &pubData; - Publish(dataList); - } -private: - int pubData = 1; -}; - -extern "C" void GetInstance(std::vector> &interfaces) -{ - interfaces.emplace_back(std::make_shared()); -} -``` -## 内部插件 -### libpmu.so - -| 实例名称 | 架构 | 说明 | topic | -| --- | --- | --- | --- | -| pmu_counting_collector | aarch64 | 采集count相关事件 |cycles,net:netif_rx,L1-dcache-load-misses,L1-dcache-loads,L1-icache-load-misses,L1-icache-loads,branch-load-misses,branch-loads,dTLB-load-misses,dTLB-loads,iTLB-load-misses,iTLB-loads,cache-references,cache-misses,l2d_tlb_refill,l2d_cache_refill,l1d_tlb_refill,l1d_cache_refill,inst_retired,instructions | -| pmu_sampling_collector | aarch64 | 采集sample相关事件 | cycles, skb:skb_copy_datagram_iovec,net:napi_gro_receive_entry | -| pmu_spe_collector | aarch64 | 采集spe事件 | spe | -| pmu_uncore_collector | aarch64 | 采集uncore事件 | uncore | -#### 限制条件 -采集spe事件需要依赖硬件能力,此插件运行依赖 BIOS 的 SPE,运行前需要将 SPE 打开。 - -运行perf list | grep arm_spe查看是否已经开启SPE,如果开启,则有如下显示 -``` -arm_spe_0// [Kernel PMU event] -``` -如果没有开启,则按下述步骤开启。 - -检查BIOS配置项 MISC Config --> SPE 的状态, 如果状态为 Disable,则需要更改为 Enable。如果找不到这个选项,可能是BIOS版本过低。 - -进入系统 vim /etc/grub2-efi.cfg,定位到内核版本对应的开机启动项,在末尾增加“kpti=off”。例如: -``` -linux /vmlinuz-4.19.90-2003.4.0.0036.oe1.aarch64 root=/dev/mapper/openeuler-root ro rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap video=VGA-1:640x480-32@60me rhgb quiet smmu.bypassdev=0x1000:0x17 smmu.bypassdev=0x1000:0x15 crashkernel=1024M,high video=efifb:off video=VGA-1:640x480-32@60me kpti=off -``` -按“ESC”,输入“:wq”,按“Enter”保存并退出。执行reboot命令重启服务器。 -### libsystem_collector.so -系统信息采集插件。 -| 实例名称 | 架构 | 说明 | topic | -| --- | --- | --- | --- | -| thread_collector | aarch64/x86 | 采集系统中的线程信息 | thread_collector | -| kernel_config | aarch64/x86| 采集内核相关参数,包括sysctl所有参数、lscpu、meminfo等 | get_kernel_config,get_cmd,set_kernel_config | -| command_collector | aarch64/x86 | 采集sysstat相关数据 | mpstat,iostat,vmstat,sar,pidstat | - -### libdocker_collector.so -docker信息采集插件。 -| 实例名称 | 架构 | 说明 | topic | -| --- | --- | --- | --- | -| docker_collector | aarch64/x86 | 采集docker相关信息 | docker_collector | -### libthread_scenario.so -线程感知插件。 -| 实例名称 | 架构 | 说明 | 订阅 | -| --- | --- | --- | --- | -| thread_scenario | aarch64/x86 | 通过配置文件获取对应线程信息 | thread_collector::thread_collector | -#### 配置文件 -thread_scenario.conf -``` -redis -fstime -fsbuffer -fsdisk -``` -### libanalysis_oeaware.so -| 实例名称 | 架构 | 说明 | 订阅 | -| --- | --- | --- | --- | -| analysis_aware | 分析当前环境的业务特征,并给出优化建议 | aarch64 | pmu_spe_collector::spe, pmu_counting_collector::net:netif_rx, pmu_sampling_collector::cycles, pmu_sampling_collector::skb:skb_copy_datagram_iovec, pmu_sampling_collector::net:napi_gro_receive_entry | -### libsystem_tune.so -系统调优插件。 -| 实例名称 | 架构 | 说明 | 订阅 | -| --- | --- | --- | --- | -| stealtask_tune | aarch64 | 高负载场景下,通过轻量级搜索算法,实现多核间快速负载均衡,最大化cpu资源利用率 | 无 | -| smc_tune | aarch64 | 使能smc加速,对使用tcp协议的连接无感加速 | 无 | -| xcall_tune | aarch64 | 通过减少系统调用底噪,提升系统性能 | thread_collector::thread_collector | -| seep_tune | aarch64 | 使能智能功耗模式,降低系统能耗 | 无 | -#### 配置文件 -xcall.yaml -``` yaml -redis: # 线程名称 - - xcall_1: 1 #xcall_1表示xcall优化方式,目前只有xcall_1; 1表示需要优化系统调用号 -mysql: - - xcall_1: 1 -node: - - xcall_1: 1 -``` -#### 限制条件 - -xcall_tune依赖内核特性,需要开启FAST_SYSCALL编译内核,并且增加在cmdline里增加xcall字段。 - -### libub_tune.so -unixbench调优插件。 -| 实例名称 | 架构 | 说明 | 订阅 | -| --- | --- | --- | --- | -| unixbench_tune | aarch64/x86 | 通过减少远端内存访问,优化ub性能 | thread_collector::thread_collector | -### libdocker_tune.so - -| 实例名称 | 架构 | 说明 | 订阅 | -| --- | --- | --- | --- | -| docker_cpu_burst | aarch64 | 在出现突发负载时,CPUBurst可以为容器临时提供额外的CPU资源,缓解CPU限制带来的性能瓶颈 | pmu_counting_collector::cycles,docker_collector::docker_collector | -## 外部插件 -外部插件需要通过以下命令安装,例如安装numafast相关插件 -``` -oeawarectl -i numafast -``` -### libscenario_numa.so -| 实例名称 | 架构 | 说明 | 订阅 | topic | -| --- | --- | --- | --- | --- | -| scenario_numa | aarch64 | 感知当前环境跨NUMA访存比例,用于实例或sdk订阅(无法单独使能) | pmu_uncore_collector::uncore | system_score | -### libtune_numa.so -| 实例名称 | 架构 | 说明 | 订阅 | -| --- | --- | --- | --- | -| tune_numa_mem_access | aarch64 | 周期性迁移线程和内存,减少跨NUMA内存访问 | scenario_numa::system_score, pmu_spe_collector::spe, pmu_counting_collector::cycles | -## SDK使用说明 -```C -typedef int(*Callback)(const DataList *); -int OeInit(); // 初始化资源,与server建立链接 -int OeSubscribe(const CTopic *topic, Callback callback); // 订阅topic,异步执行callback -int OeUnsubscribe(const CTopic *topic); // 取消订阅topic -int OePublish(const DataList *dataList); // 发布数据到server -void OeClose(); // 释放资源 -``` -**示例** -```C -#include "oe_client.h" -#include "command_data.h" -int f(const DataList *dataList) -{ - int i = 0; - for (; i < dataList->len; i++) { - CommandData *data = (CommandData*)dataList->data[i]; - for (int j = 0; j < data->attrLen; ++j) { - printf("%s ", data->itemAttr[j]); - } - printf("\n"); - } - return 0; -} -int main() { - OeInit(); - CTopic topic = { - "command_collector", - "sar", - "-q 1", - }; - if (OeSubscribe(&topic, f) < 0) { - printf("failed\n"); - } else { - printf("success\n"); - } - sleep(10); - OeClose(); -} -``` -## 约束限制 - -### 功能约束 - -oeAware默认集成了arm的微架构采集libkperf模块,该模块同一时间只能有一个进程进行调用,如其他进程调用或者使用perf命令可能存在冲突。 - -### 操作约束 - -当前oeAware仅支持root组用户进行操作,sdk支持root组和oeaware组用户使用。 - -## 注意事项 - -oeAware的配置文件和插件用户组和权限有严格校验,不要对oeAware的相关文件进行权限和用户组进行修改。 - -权限说明: - -- 插件文件:440 - -- 客户端执行文件:750 - -- 服务端执行文件:750 - -- 服务配置文件:640 +# oeAware用户指南 + +## 简介 + +oeAware是在openEuler上实现低负载采集感知调优的框架,目标是动态感知系统行为后智能使能系统的调优特性。传统调优特性都以独立运行且静态打开关闭为主,oeAware将调优拆分采集、感知和调优三层,每层通过订阅方式关联,各层采用插件式开发尽可能复用。 + +## 安装 + +配置openEuler的yum源,使用yum命令安装。在openEuler-22.03-LTS-SP4版本中会默认安装。 + +```shell +yum install oeAware-manager +``` + +## 使用方法 + +首先启动oeaware服务,然后通过`oeawarectl`命令进行使用。 + +### 服务启动 + +通过systemd服务启动。安装完成后会默认启动。 + +```shell +systemctl start oeaware +``` + +配置文件 + +配置文件路径:/etc/oeAware/config.yaml + +```yaml +log_path: /var/log/oeAware #日志存储路径 +log_level: 1 #日志等级 1:DEBUG 2:NFO 3:WARN 4:ERROR +enable_list: #默认使能插件 + - name: libtest.so #只配置插件,使能本插件的所有实例 + - name: libtest1.so #配置插件实例,使能配置的插件实例 + instances: + - instance1 + - instance2 + ... + ... +plugin_list: #可支持下载的包 + - name: test #名称需要唯一,如果重复取第一个配置 + description: hello world + url: https://gitee.com/openeuler/oeAware-manager/raw/master/README.md #url非空 + ... +``` + +修改配置文件后,通过以下命令重启服务。 + +```shell +systemctl restart oeaware +``` + +### 插件说明 + +**插件定义**:一个插件对应一个.so文件,插件分为采集插件、感知插件和调优插件。 + +**实例定义**:服务中的调度单位是实例,一个插件中包括多个实例。例如,一个采集插件包括多个采集项,每个采集项是一个实例。 + + +### 插件加载 + +服务会默认加载插件存储路径下的插件。 + +插件路径:/usr/lib64/oeAware-plugin/ + + +另外也可以通过手动加载的方式加载插件。 + +```shell +oeawarectl -l | --load <插件名> +``` + +示例 + +```shell +[root@localhost ~]# oeawarectl -l libthread_collect.so +Plugin loaded successfully. +``` + +失败返回错误说明。 + +### 插件卸载 + +```shell +oeawarectl -r <插件名> | --remove <插件名> +``` + +示例 + +```shell +[root@localhost ~]# oeawarectl -r libthread_collect.so +Plugin remove successfully. +``` + +失败返回错误说明。 + +### 插件查询 + +#### 查询插件状态信息 + +```shell +oeawarectl -q #查询系统中已经加载的所有插件 +oeawarectl --query <插件名> #查询指定插件 +``` + +示例 + +```shell +[root@localhost ~]# oeawarectl -q +Show plugins and instances status. +------------------------------------------------------------ +libsystem_tune.so + stealtask_tune(available, close, count: 0) + smc_tune(available, close, count: 0) + xcall_tune(available, close, count: 0) + seep_tune(available, close, count: 0) +libpmu.so + pmu_counting_collector(available, close, count: 0) + pmu_sampling_collector(available, close, count: 0) + pmu_spe_collector(available, close, count: 0) + pmu_uncore_collector(available, close, count: 0) +libdocker_tune.so + docker_cpu_burst(available, close, count: 0) +libthread_scenario.so + thread_scenario(available, close, count: 0) +libsystem_collector.so + thread_collector(available, close, count: 0) + kernel_config(available, close, count: 0) + command_collector(available, close, count: 0) +libdocker_collector.so + docker_collector(available, close, count: 0) +libub_tune.so + unixbench_tune(available, close, count: 0) +libanalysis_oeaware.so + analysis_aware(available, close, count: 0) +------------------------------------------------------------ +format: +[plugin] + [instance]([dependency status], [running status], [enable cnt]) +dependency status: available means satisfying dependency, otherwise unavailable. +running status: running means that instance is running, otherwise close. +enable cnt: number of instances enabled. +``` + +失败返回错误说明。 + +#### 查询运行实例订阅关系 + +```shell +oeawarectl -Q #查询所有运行实例的订阅关系图 +oeawarectl --query-dep= <插件实例> #查询运行实例订阅关系图 +``` + +在当前目录下生成dep.png,显示订阅关系。 + +实例未运行,不会显示订阅关系。 + +示例 + +```sh +oeawarectl -e thread_scenario +oeawarectl -Q +``` +![img](./figures/dep.png) + + +### 插件实例使能 + +#### 使能插件实例 + +```shell +oeawarectl -e | --enable <插件实例> +``` + +使能某个插件实例,会将其订阅的topic实例一起使能。 + +失败返回错误说明。 + +推荐使能插件列表: +- libsystem_tune.so:stealtask_tune,smc_tune,xcall_tune,seep_tune。 +- libub_tune.so:unixbench_tune。 +- libtune_numa.so:tune_numa_mem_access。 + +其他插件主要用来提供数据,可通过sdk获取插件数据。 +#### 关闭插件实例 + +```shell +oeawarectl -d | --disable <插件实例> +``` +关闭某个插件实例,会将其订阅的topic实例一起关闭。 + +失败返回错误说明。 + +### 插件下载安装 + +通过`--list`命令查询支持下载的rpm包和已安装的插件。 + +```shell +oeawarectl --list +``` + +查询结果如下。 + +```shell +Supported Packages: #可下载的包 +[name1] #config中配置的plugin_list +[name2] +... +Installed Plugins: #已安装的插件 +[name1] +[name2] +... +``` + +通过`--install`命令下载安装rpm包。 + +```shell +oeawarectl -i | --install #指定--list下查询得到的包名称(Supported Packages下的包) +``` + +失败返回错误说明。 + +### 分析模式 + +```sh +oeawarectl analysis -h +usage: oeawarectl analysis [options]... + options + -t|--time set analysis duration in seconds(default 30s), range from 1 to 100. + -r|--realtime show real time report. + -v|--verbose show verbose information. + -h|--help show this help message. +``` +示例 + +执行以下命令,输出系统分析报告。 +```sh +oeawarectl analysis -t 10 +``` +结果如下 +```bash +============================================================================================ + Summary Analysis Report +============================================================================================ + ========================================= Suggest ========================================= + Tune Instance | Suggest | Note + stealtask_tune | No | CpuRatio(average) : 0.17% + smc_tune | No | Collecting very little network access + gazelle | No | Collecting very little network access + tune_numa_mem_access | No | No access + ========================================= Network ========================================= + + Local network communication distribution + Node0 Node1 Node2 Node3 + 0.00% 0.00% 0.00% 0.00% + Remote network communication distribution(receive) + matrix representation of network thread nodes to irq nodes + Node0 Node1 Node2 Node3 + Node0 100.00% 0.00% 0.00% 0.00% + Node1 0.00% 0.00% 0.00% 0.00% + Node2 0.00% 0.00% 0.00% 0.00% + Node3 0.00% 0.00% 0.00% 0.00% + ======================================== Solution ======================================== + No solution. +``` +报告分为三部分 + - Suggest:根据系统运行状态,给出调优建议。 + - Network:网络使用情况。 + - Solution:给出具体调优方法。 +### 帮助 +通过`--help`查看帮助。 +```shell +usage: oeawarectl [options]... + options + -l|--load [plugin] load plugin. + -r|--remove [plugin] remove plugin from system. + -e|--enable [instance] enable the plugin instance. + -d|--disable [instance] disable the plugin instance. + -q query all plugins information. + --query [plugin] query the plugin information. + -Q query all instances dependencies. + --query-dep [instance] query the instance dependency. + --list the list of supported plugins. + -i|--install [plugin] install plugin from the list. + --help show this help message. +``` + +## 插件开发说明 + +### 基础数据结构 +```c++ +typedef struct { + char *instanceName; // 实例名称 + char *topicName; // 主题名称 + char *params; // 参数 +} CTopic; + +typedef struct { + CTopic topic; + unsigned long long len; // data数组的长度 + void **data; // 存储的数据 +} DataList; + +const int OK = 0; +const int FAILED = -1; + +typedef struct { + int code; // 成功返回OK,失败返回FAILED + char *payload; // 附带信息 +} Result; + +``` + +### 实例基类 + +```c++ +namespace oeaware { +// Instance type. +const int TUNE = 0b10000; +const int SCENARIO = 0b01000; +const int RUN_ONCE = 0b00010; +class Interface { +public: + virtual Result OpenTopic(const Topic &topic) = 0; + virtual void CloseTopic(const Topic &topic) = 0; + virtual void UpdateData(const DataList &dataList) = 0; + virtual Result Enable(const std::string ¶m = "") = 0; + virtual void Disable() = 0; + virtual void Run() = 0; +protected: + std::string name; + std::string version; + std::string description; + std::vector supportTopics; + int priority; + int type; + int period; +} +} +``` +实例开发继承实例基类,实现6个虚函数,并对类的7个属性赋值。 + +实例采用订阅发布模式,通过Subscribe获取数据,通过Publish接口发布数据。 + +### 属性说明 +| 属性 | 类型 | 说明 | +| --- | --- | --- | +| name | string | 实例名称 | +| version | string | 实例版本(预留) | +| description | string | 实例描述 | +| supportTopics | vector\ | 支持的topic | +| priority | int | 实例执行的优先级 (调优 > 感知 > 采集)| +| type | int | 实例类型,通过比特位标识,第二位表示单次执行实例,第三位表示采集实例,第四位表示感知实例,第5位表示调优实例| +| period | int | 实例执行周期,单位ms,period为10的倍数 | + +### 接口说明 +| 函数名 | 参数 | 返回值 | 说明 | +| --- | --- | --- | --- | +|Result OpenTopic(const Topic &topic) | topic:打开的主题 | | 打开对应的topic | +| void CloseTopic(const Topic &topic) | topic:关闭的主题| |关闭对应的topic | +| void UpdateData(const DataList &dataList) | dataList:订阅的数据 | | 当订阅topic时,被订阅的topic每周期会通过UpdateData更新数据 | +| Result Enable(const std::string ¶m = "") | param:预留 | | 使能本实例 | +| void Disable() | | | 关闭本实例 | +| void Run() | | | 每周期会执行run函数 | +### 实例示例 +```C++ +#include +#include + +class Test : public oeaware::Interface { +public: + Test() { + name = "TestA"; + version = "1.0"; + description = "this is a test plugin"; + supportTopics; + priority = 0; + type = 0; + period = 20; + } + oeaware::Result OpenTopic(const oeaware::Topic &topic) override { + return oeaware::Result(OK); + } + void CloseTopic(const oeaware::Topic &topic) override { + + } + void UpdateData(const DataList &dataList) override { + for (int i = 0; i < dataList.len; ++i) { + ThreadInfo *info = static_cast(dataList.data[i]); + INFO(logger, "pid: " << info->pid << ", name: " << info->name); + } + } + oeaware::Result Enable(const std::string ¶m = "") override { + Subscribe(oeaware::Topic{"thread_collector", "thread_collector", ""}); + return oeaware::Result(OK); + } + void Disable() override { + + } + void Run() override { + DataList dataList; + oeaware::SetDataListTopic(&dataList, "test", "test", ""); + dataList.len = 1; + dataList.data = new void* [1]; + dataList.data[0] = &pubData; + Publish(dataList); + } +private: + int pubData = 1; +}; + +extern "C" void GetInstance(std::vector> &interfaces) +{ + interfaces.emplace_back(std::make_shared()); +} +``` +## 内部插件 +### libpmu.so + +| 实例名称 | 架构 | 说明 | topic | +| --- | --- | --- | --- | +| pmu_counting_collector | aarch64 | 采集count相关事件 |cycles,net:netif_rx,L1-dcache-load-misses,L1-dcache-loads,L1-icache-load-misses,L1-icache-loads,branch-load-misses,branch-loads,dTLB-load-misses,dTLB-loads,iTLB-load-misses,iTLB-loads,cache-references,cache-misses,l2d_tlb_refill,l2d_cache_refill,l1d_tlb_refill,l1d_cache_refill,inst_retired,instructions | +| pmu_sampling_collector | aarch64 | 采集sample相关事件 | cycles, skb:skb_copy_datagram_iovec,net:napi_gro_receive_entry | +| pmu_spe_collector | aarch64 | 采集spe事件 | spe | +| pmu_uncore_collector | aarch64 | 采集uncore事件 | uncore | +#### 限制条件 +采集spe事件需要依赖硬件能力,此插件运行依赖 BIOS 的 SPE,运行前需要将 SPE 打开。 + +运行perf list | grep arm_spe查看是否已经开启SPE,如果开启,则有如下显示 +``` +arm_spe_0// [Kernel PMU event] +``` +如果没有开启,则按下述步骤开启。 + +检查BIOS配置项 MISC Config --> SPE 的状态, 如果状态为 Disable,则需要更改为 Enable。如果找不到这个选项,可能是BIOS版本过低。 + +进入系统 vim /etc/grub2-efi.cfg,定位到内核版本对应的开机启动项,在末尾增加“kpti=off”。例如: +``` +linux /vmlinuz-4.19.90-2003.4.0.0036.oe1.aarch64 root=/dev/mapper/openeuler-root ro rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap video=VGA-1:640x480-32@60me rhgb quiet smmu.bypassdev=0x1000:0x17 smmu.bypassdev=0x1000:0x15 crashkernel=1024M,high video=efifb:off video=VGA-1:640x480-32@60me kpti=off +``` +按“ESC”,输入“:wq”,按“Enter”保存并退出。执行reboot命令重启服务器。 +### libsystem_collector.so +系统信息采集插件。 +| 实例名称 | 架构 | 说明 | topic | +| --- | --- | --- | --- | +| thread_collector | aarch64/x86 | 采集系统中的线程信息 | thread_collector | +| kernel_config | aarch64/x86| 采集内核相关参数,包括sysctl所有参数、lscpu、meminfo等 | get_kernel_config,get_cmd,set_kernel_config | +| command_collector | aarch64/x86 | 采集sysstat相关数据 | mpstat,iostat,vmstat,sar,pidstat | + +### libdocker_collector.so +docker信息采集插件。 +| 实例名称 | 架构 | 说明 | topic | +| --- | --- | --- | --- | +| docker_collector | aarch64/x86 | 采集docker相关信息 | docker_collector | +### libthread_scenario.so +线程感知插件。 +| 实例名称 | 架构 | 说明 | 订阅 | +| --- | --- | --- | --- | +| thread_scenario | aarch64/x86 | 通过配置文件获取对应线程信息 | thread_collector::thread_collector | +#### 配置文件 +thread_scenario.conf +``` +redis +fstime +fsbuffer +fsdisk +``` +### libanalysis_oeaware.so +| 实例名称 | 架构 | 说明 | 订阅 | +| --- | --- | --- | --- | +| analysis_aware | 分析当前环境的业务特征,并给出优化建议 | aarch64 | pmu_spe_collector::spe, pmu_counting_collector::net:netif_rx, pmu_sampling_collector::cycles, pmu_sampling_collector::skb:skb_copy_datagram_iovec, pmu_sampling_collector::net:napi_gro_receive_entry | +### libsystem_tune.so +系统调优插件。 +| 实例名称 | 架构 | 说明 | 订阅 | +| --- | --- | --- | --- | +| stealtask_tune | aarch64 | 高负载场景下,通过轻量级搜索算法,实现多核间快速负载均衡,最大化cpu资源利用率 | 无 | +| smc_tune | aarch64 | 使能smc加速,对使用tcp协议的连接无感加速 | 无 | +| xcall_tune | aarch64 | 通过减少系统调用底噪,提升系统性能 | thread_collector::thread_collector | +| seep_tune | aarch64 | 使能智能功耗模式,降低系统能耗 | 无 | +#### 配置文件 +xcall.yaml +``` yaml +redis: # 线程名称 + - xcall_1: 1 #xcall_1表示xcall优化方式,目前只有xcall_1; 1表示需要优化系统调用号 +mysql: + - xcall_1: 1 +node: + - xcall_1: 1 +``` +#### 限制条件 + +xcall_tune依赖内核特性,需要开启FAST_SYSCALL编译内核,并且增加在cmdline里增加xcall字段。 + +### libub_tune.so +unixbench调优插件。 +| 实例名称 | 架构 | 说明 | 订阅 | +| --- | --- | --- | --- | +| unixbench_tune | aarch64/x86 | 通过减少远端内存访问,优化ub性能 | thread_collector::thread_collector | +### libdocker_tune.so + +| 实例名称 | 架构 | 说明 | 订阅 | +| --- | --- | --- | --- | +| docker_cpu_burst | aarch64 | 在出现突发负载时,CPUBurst可以为容器临时提供额外的CPU资源,缓解CPU限制带来的性能瓶颈 | pmu_counting_collector::cycles,docker_collector::docker_collector | +## 外部插件 +外部插件需要通过以下命令安装,例如安装numafast相关插件 +``` +oeawarectl -i numafast +``` +### libscenario_numa.so +| 实例名称 | 架构 | 说明 | 订阅 | topic | +| --- | --- | --- | --- | --- | +| scenario_numa | aarch64 | 感知当前环境跨NUMA访存比例,用于实例或sdk订阅(无法单独使能) | pmu_uncore_collector::uncore | system_score | +### libtune_numa.so +| 实例名称 | 架构 | 说明 | 订阅 | +| --- | --- | --- | --- | +| tune_numa_mem_access | aarch64 | 周期性迁移线程和内存,减少跨NUMA内存访问 | scenario_numa::system_score, pmu_spe_collector::spe, pmu_counting_collector::cycles | +## SDK使用说明 +```C +typedef int(*Callback)(const DataList *); +int OeInit(); // 初始化资源,与server建立链接 +int OeSubscribe(const CTopic *topic, Callback callback); // 订阅topic,异步执行callback +int OeUnsubscribe(const CTopic *topic); // 取消订阅topic +int OePublish(const DataList *dataList); // 发布数据到server +void OeClose(); // 释放资源 +``` +**示例** +```C +#include "oe_client.h" +#include "command_data.h" +int f(const DataList *dataList) +{ + int i = 0; + for (; i < dataList->len; i++) { + CommandData *data = (CommandData*)dataList->data[i]; + for (int j = 0; j < data->attrLen; ++j) { + printf("%s ", data->itemAttr[j]); + } + printf("\n"); + } + return 0; +} +int main() { + OeInit(); + CTopic topic = { + "command_collector", + "sar", + "-q 1", + }; + if (OeSubscribe(&topic, f) < 0) { + printf("failed\n"); + } else { + printf("success\n"); + } + sleep(10); + OeClose(); +} +``` +## 约束限制 + +### 功能约束 + +oeAware默认集成了arm的微架构采集libkperf模块,该模块同一时间只能有一个进程进行调用,如其他进程调用或者使用perf命令可能存在冲突。 + +### 操作约束 + +当前oeAware仅支持root组用户进行操作,sdk支持root组和oeaware组用户使用。 + +## 注意事项 + +oeAware的配置文件和插件用户组和权限有严格校验,不要对oeAware的相关文件进行权限和用户组进行修改。 + +权限说明: + +- 插件文件:440 + +- 客户端执行文件:750 + +- 服务端执行文件:750 + +- 服务配置文件:640 diff --git a/docs/zh/docs/server/quickstart/quickstart/_toc.yaml b/docs/zh/docs/server/quickstart/quickstart/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8f4fcc74618851fe784c256ad367c47126ba49e2 --- /dev/null +++ b/docs/zh/docs/server/quickstart/quickstart/_toc.yaml @@ -0,0 +1,6 @@ +label: 快速入门 +isManual: true +description: 快速地安装和使用 openEuler 操作系统 +sections: + - label: 快速入门 + href: ./quick-start.md diff --git a/docs/zh/docs/Quickstart/figures/Advanced_User_Configuration.png b/docs/zh/docs/server/quickstart/quickstart/figures/Advanced_User_Configuration.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/Advanced_User_Configuration.png rename to docs/zh/docs/server/quickstart/quickstart/figures/Advanced_User_Configuration.png diff --git a/docs/zh/docs/Quickstart/figures/CD-ROM_drive_icon.png b/docs/zh/docs/server/quickstart/quickstart/figures/CD-ROM_drive_icon.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/CD-ROM_drive_icon.png rename to docs/zh/docs/server/quickstart/quickstart/figures/CD-ROM_drive_icon.png diff --git a/docs/zh/docs/Quickstart/figures/Image_dialog_box.png b/docs/zh/docs/server/quickstart/quickstart/figures/Image_dialog_box.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/Image_dialog_box.png rename to docs/zh/docs/server/quickstart/quickstart/figures/Image_dialog_box.png diff --git a/docs/zh/docs/Quickstart/figures/Installation_Overview.png b/docs/zh/docs/server/quickstart/quickstart/figures/Installation_Overview.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/Installation_Overview.png rename to docs/zh/docs/server/quickstart/quickstart/figures/Installation_Overview.png diff --git a/docs/zh/docs/Quickstart/figures/Installation_Procedure.png b/docs/zh/docs/server/quickstart/quickstart/figures/Installation_Procedure.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/Installation_Procedure.png rename to docs/zh/docs/server/quickstart/quickstart/figures/Installation_Procedure.png diff --git a/docs/zh/docs/Quickstart/figures/Installation_wizard.png b/docs/zh/docs/server/quickstart/quickstart/figures/Installation_wizard.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/Installation_wizard.png rename to docs/zh/docs/server/quickstart/quickstart/figures/Installation_wizard.png diff --git a/docs/zh/docs/Quickstart/figures/Setting_the_System_Boot_Option.png b/docs/zh/docs/server/quickstart/quickstart/figures/Setting_the_System_Boot_Option.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/Setting_the_System_Boot_Option.png rename to docs/zh/docs/server/quickstart/quickstart/figures/Setting_the_System_Boot_Option.png diff --git a/docs/zh/docs/Quickstart/figures/Target_installation_position.png b/docs/zh/docs/server/quickstart/quickstart/figures/Target_installation_position.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/Target_installation_position.png rename to docs/zh/docs/server/quickstart/quickstart/figures/Target_installation_position.png diff --git a/docs/zh/docs/Quickstart/figures/choosesoftware.png b/docs/zh/docs/server/quickstart/quickstart/figures/choosesoftware.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/choosesoftware.png rename to docs/zh/docs/server/quickstart/quickstart/figures/choosesoftware.png diff --git a/docs/zh/docs/Quickstart/figures/createuser.png b/docs/zh/docs/server/quickstart/quickstart/figures/createuser.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/createuser.png rename to docs/zh/docs/server/quickstart/quickstart/figures/createuser.png diff --git a/docs/zh/docs/Quickstart/figures/restarticon.png b/docs/zh/docs/server/quickstart/quickstart/figures/restarticon.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/restarticon.png rename to docs/zh/docs/server/quickstart/quickstart/figures/restarticon.png diff --git a/docs/zh/docs/Quickstart/figures/root_password.png b/docs/zh/docs/server/quickstart/quickstart/figures/root_password.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/root_password.png rename to docs/zh/docs/server/quickstart/quickstart/figures/root_password.png diff --git a/docs/zh/docs/Quickstart/figures/selectlanguage.png b/docs/zh/docs/server/quickstart/quickstart/figures/selectlanguage.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/selectlanguage.png rename to docs/zh/docs/server/quickstart/quickstart/figures/selectlanguage.png diff --git a/docs/zh/docs/Quickstart/figures/zh-cn_image_0229420473.png b/docs/zh/docs/server/quickstart/quickstart/figures/zh-cn_image_0229420473.png similarity index 100% rename from docs/zh/docs/Quickstart/figures/zh-cn_image_0229420473.png rename to docs/zh/docs/server/quickstart/quickstart/figures/zh-cn_image_0229420473.png diff --git a/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-note.gif b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/quickstart/quickstart/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/docs/Quickstart/quick-start.md b/docs/zh/docs/server/quickstart/quickstart/quick-start.md similarity index 100% rename from docs/zh/docs/Quickstart/quick-start.md rename to docs/zh/docs/server/quickstart/quickstart/quick-start.md diff --git a/docs/zh/docs/server/releasenotes/releasenotes/_toc.yaml b/docs/zh/docs/server/releasenotes/releasenotes/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a809d2e6b36586e8654e27ddb648859b3ed0346d --- /dev/null +++ b/docs/zh/docs/server/releasenotes/releasenotes/_toc.yaml @@ -0,0 +1,28 @@ +label: 发行说明 +isManual: true +description: openEuler 25.03 版本的发行说明 +sections: + - label: 简介 + href: ./introduction.md + - label: 法律声明 + href: ./terms-of-use.md + - label: 用户须知 + href: ./user-notice.md + - label: 帐号清单 + href: ./account-list.md + - label: 系统安装 + href: ./os-installation.md + - label: 关键特性 + href: ./key-features.md + - label: 已知问题 + href: ./known-issues.md + - label: 已修复问题 + href: ./resolved-issues.md + - label: CVE漏洞 + href: ./cve.md + - label: 源代码 + href: ./source-code.md + - label: 参与贡献 + href: ./contribution.md + - label: 致谢 + href: ./acknowledgment.md diff --git "a/docs/zh/docs/Releasenotes/\345\270\220\345\217\267\346\270\205\345\215\225.md" b/docs/zh/docs/server/releasenotes/releasenotes/account-list.md similarity index 100% rename from "docs/zh/docs/Releasenotes/\345\270\220\345\217\267\346\270\205\345\215\225.md" rename to docs/zh/docs/server/releasenotes/releasenotes/account-list.md diff --git "a/docs/zh/docs/Releasenotes/\350\207\264\350\260\242.md" b/docs/zh/docs/server/releasenotes/releasenotes/acknowledgment.md similarity index 100% rename from "docs/zh/docs/Releasenotes/\350\207\264\350\260\242.md" rename to docs/zh/docs/server/releasenotes/releasenotes/acknowledgment.md diff --git "a/docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" b/docs/zh/docs/server/releasenotes/releasenotes/contribution.md similarity index 100% rename from "docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" rename to docs/zh/docs/server/releasenotes/releasenotes/contribution.md diff --git "a/docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" b/docs/zh/docs/server/releasenotes/releasenotes/cve.md similarity index 100% rename from "docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" rename to docs/zh/docs/server/releasenotes/releasenotes/cve.md diff --git "a/docs/zh/docs/Releasenotes/\347\256\200\344\273\213.md" b/docs/zh/docs/server/releasenotes/releasenotes/introduction.md similarity index 100% rename from "docs/zh/docs/Releasenotes/\347\256\200\344\273\213.md" rename to docs/zh/docs/server/releasenotes/releasenotes/introduction.md diff --git "a/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" b/docs/zh/docs/server/releasenotes/releasenotes/key-features.md similarity index 100% rename from "docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" rename to docs/zh/docs/server/releasenotes/releasenotes/key-features.md diff --git "a/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" b/docs/zh/docs/server/releasenotes/releasenotes/know-issues.md similarity index 100% rename from "docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" rename to docs/zh/docs/server/releasenotes/releasenotes/know-issues.md diff --git "a/docs/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" b/docs/zh/docs/server/releasenotes/releasenotes/os-installation.md similarity index 100% rename from "docs/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" rename to docs/zh/docs/server/releasenotes/releasenotes/os-installation.md diff --git a/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-note.gif b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/releasenotes/releasenotes/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/docs/Releasenotes/release_notes.md b/docs/zh/docs/server/releasenotes/releasenotes/release_notes.md similarity index 100% rename from docs/zh/docs/Releasenotes/release_notes.md rename to docs/zh/docs/server/releasenotes/releasenotes/release_notes.md diff --git "a/docs/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" b/docs/zh/docs/server/releasenotes/releasenotes/resolved-issues.md similarity index 100% rename from "docs/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" rename to docs/zh/docs/server/releasenotes/releasenotes/resolved-issues.md diff --git "a/docs/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md" b/docs/zh/docs/server/releasenotes/releasenotes/source-code.md similarity index 100% rename from "docs/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md" rename to docs/zh/docs/server/releasenotes/releasenotes/source-code.md diff --git "a/docs/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" b/docs/zh/docs/server/releasenotes/releasenotes/terms-of-uese.md similarity index 100% rename from "docs/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" rename to docs/zh/docs/server/releasenotes/releasenotes/terms-of-uese.md diff --git "a/docs/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" b/docs/zh/docs/server/releasenotes/releasenotes/user-notice.md similarity index 100% rename from "docs/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" rename to docs/zh/docs/server/releasenotes/releasenotes/user-notice.md diff --git a/docs/zh/docs/server/security/cert_signature/_toc.yaml b/docs/zh/docs/server/security/cert_signature/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a661dbbf71a1cc4698a7ad3807a03706539a8e30 --- /dev/null +++ b/docs/zh/docs/server/security/cert_signature/_toc.yaml @@ -0,0 +1,10 @@ +label: 证书签名 +isManual: true +description: openEuler 签名平台提供签名服务,保护系统文件的完整性 +sections: + - label: 认识证书和签名 + href: ./overview_of_certificates_and_signatures.md + - label: 签名证书介绍 + href: ./introduction_to_signature_certificates.md + - label: 安全启动 + href: ./secure_boot.md diff --git a/docs/zh/docs/CertSignature/figures/cert-tree.png b/docs/zh/docs/server/security/cert_signature/figures/cert-tree.png similarity index 100% rename from docs/zh/docs/CertSignature/figures/cert-tree.png rename to docs/zh/docs/server/security/cert_signature/figures/cert-tree.png diff --git a/docs/zh/docs/CertSignature/figures/mokutil-db.png b/docs/zh/docs/server/security/cert_signature/figures/mokutil-db.png similarity index 100% rename from docs/zh/docs/CertSignature/figures/mokutil-db.png rename to docs/zh/docs/server/security/cert_signature/figures/mokutil-db.png diff --git a/docs/zh/docs/CertSignature/figures/mokutil-sb-off.png b/docs/zh/docs/server/security/cert_signature/figures/mokutil-sb-off.png similarity index 100% rename from docs/zh/docs/CertSignature/figures/mokutil-sb-off.png rename to docs/zh/docs/server/security/cert_signature/figures/mokutil-sb-off.png diff --git a/docs/zh/docs/CertSignature/figures/mokutil-sb-on.png b/docs/zh/docs/server/security/cert_signature/figures/mokutil-sb-on.png similarity index 100% rename from docs/zh/docs/CertSignature/figures/mokutil-sb-on.png rename to docs/zh/docs/server/security/cert_signature/figures/mokutil-sb-on.png diff --git a/docs/zh/docs/CertSignature/figures/mokutil-sb-unsupport.png b/docs/zh/docs/server/security/cert_signature/figures/mokutil-sb-unsupport.png similarity index 100% rename from docs/zh/docs/CertSignature/figures/mokutil-sb-unsupport.png rename to docs/zh/docs/server/security/cert_signature/figures/mokutil-sb-unsupport.png diff --git "a/docs/zh/docs/CertSignature/\347\255\276\345\220\215\350\257\201\344\271\246\344\273\213\347\273\215.md" b/docs/zh/docs/server/security/cert_signature/introduction_to_signature_certificates.md similarity index 100% rename from "docs/zh/docs/CertSignature/\347\255\276\345\220\215\350\257\201\344\271\246\344\273\213\347\273\215.md" rename to docs/zh/docs/server/security/cert_signature/introduction_to_signature_certificates.md diff --git "a/docs/zh/docs/CertSignature/\346\200\273\344\275\223\346\246\202\350\277\260.md" b/docs/zh/docs/server/security/cert_signature/overview_of_certificates_and_signatures.md similarity index 100% rename from "docs/zh/docs/CertSignature/\346\200\273\344\275\223\346\246\202\350\277\260.md" rename to docs/zh/docs/server/security/cert_signature/overview_of_certificates_and_signatures.md diff --git "a/docs/zh/docs/CertSignature/\345\256\211\345\205\250\345\220\257\345\212\250.md" b/docs/zh/docs/server/security/cert_signature/secure_boot.md similarity index 100% rename from "docs/zh/docs/CertSignature/\345\256\211\345\205\250\345\220\257\345\212\250.md" rename to docs/zh/docs/server/security/cert_signature/secure_boot.md diff --git a/docs/zh/docs/server/security/cve-ease/_toc.yaml b/docs/zh/docs/server/security/cve-ease/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ace313d837debdbc2a048aa3bb3d226c4345c1ec --- /dev/null +++ b/docs/zh/docs/server/security/cve-ease/_toc.yaml @@ -0,0 +1,8 @@ +label: CVE-ease设计指南 +isManual: true +description: 帮助用户快速应对系统漏洞 +sections: + - label: CVE-ease设计介绍 + href: ./cve-ease-design-introduction.md + - label: CVE-ease介绍和安装说明 + href: ./cve-ease-introduction-and-installation-instructions.md diff --git "a/docs/zh/docs/CVE-ease/CVE-ease\350\256\276\350\256\241\344\273\213\347\273\215.md" b/docs/zh/docs/server/security/cve-ease/cve-ease-design-introduction.md similarity index 100% rename from "docs/zh/docs/CVE-ease/CVE-ease\350\256\276\350\256\241\344\273\213\347\273\215.md" rename to docs/zh/docs/server/security/cve-ease/cve-ease-design-introduction.md diff --git "a/docs/zh/docs/CVE-ease/CVE-ease\344\273\213\347\273\215\345\222\214\345\256\211\350\243\205\350\257\264\346\230\216.md" b/docs/zh/docs/server/security/cve-ease/cve-ease-introduction-and-installation-instructions.md similarity index 100% rename from "docs/zh/docs/CVE-ease/CVE-ease\344\273\213\347\273\215\345\222\214\345\256\211\350\243\205\350\257\264\346\230\216.md" rename to docs/zh/docs/server/security/cve-ease/cve-ease-introduction-and-installation-instructions.md diff --git a/docs/zh/docs/CVE-ease/figures/CVE-ease_desigin_table.png b/docs/zh/docs/server/security/cve-ease/figures/CVE-ease_desigin_table.png similarity index 100% rename from docs/zh/docs/CVE-ease/figures/CVE-ease_desigin_table.png rename to docs/zh/docs/server/security/cve-ease/figures/CVE-ease_desigin_table.png diff --git a/docs/zh/docs/CVE-ease/figures/CVE-ease_function.png b/docs/zh/docs/server/security/cve-ease/figures/CVE-ease_function.png similarity index 100% rename from docs/zh/docs/CVE-ease/figures/CVE-ease_function.png rename to docs/zh/docs/server/security/cve-ease/figures/CVE-ease_function.png diff --git a/docs/zh/docs/server/security/secgear/_toc.yaml b/docs/zh/docs/server/security/secgear/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..93f1de5044884ef84dcabda2b4eb8b92f520c344 --- /dev/null +++ b/docs/zh/docs/server/security/secgear/_toc.yaml @@ -0,0 +1,16 @@ +label: secGear开发指南 +isManual: true +description: 使用 secGear 统一机密计算编程框架开发应用程序,保障云端数据运行时的安全性 +sections: + - label: 认识secGear + href: ./introduction-to-secGear.md + - label: 安装与部署 + href: ./secgear-installation.md + - label: 接口说明 + href: ./api-reference.md + - label: 开发secGear应用程序 + href: ./developer-guide.md + - label: 使用secGear工具 + href: ./using-secgear-tools.md + - label: 应用场景 + href: ./application-scenarios.md diff --git "a/docs/zh/docs/secGear/\346\216\245\345\217\243\345\217\202\350\200\203.md" b/docs/zh/docs/server/security/secgear/api-refernce.md similarity index 99% rename from "docs/zh/docs/secGear/\346\216\245\345\217\243\345\217\202\350\200\203.md" rename to docs/zh/docs/server/security/secgear/api-refernce.md index 2938b917ef8d17da0eb66cb9a3e94c1e64f5aaf9..c774731a8cd56575f75df6e156d1aea90cfeba9c 100644 --- "a/docs/zh/docs/secGear/\346\216\245\345\217\243\345\217\202\350\200\203.md" +++ b/docs/zh/docs/server/security/secgear/api-refernce.md @@ -39,8 +39,6 @@ cc_enclave_result_t cc_enclave_create(const char* path, enclave_type_t type, uin - CC_ERROR_INVALID_PATH:安全二进制路径无效 - CC_ERROR_NO_FIND_REGFUNC:enclave 引擎搜索失败 - - ## cc_enclave_destroy 销毁 enclave 接口 @@ -66,7 +64,6 @@ cc_enclave_result_t cc_enclave_destroy (cc_enclave_t ** enclave); - CC_FAIL:通用错误 - CC_ERROR_UNEXPECTED:不可预期错误 - ## cc_malloc_shared_memory 创建共享内存 @@ -89,7 +86,6 @@ void *cc_malloc_shared_memory(cc_enclave_t *enclave, size_t size); - NULL:共享内存申请失败 - 其他:为创建的共享内存的首地址 - ## cc_free_shared_memory 释放共享内存 @@ -117,7 +113,6 @@ cc_enclave_result_t cc_free_shared_memory(cc_enclave_t *enclave, void *ptr); - CC_FAIL:一般性错误 - CC_SUCCESS:成功 - ## cc_enclave_generate_random 随机数生成 @@ -141,8 +136,6 @@ cc_enclave_result_t cc_enclave_generate_random(void *buffer, size_t size); - CE_ERROR_INVALID_PARAMETER:输入参数有误 - CE_ERROR_OUT_OF_MEMORY:无可用内存 - - ## cc_enclave_seal_data 数据持久化 @@ -251,8 +244,6 @@ uint32_t cc_enclave_get_encrypted_text_size(const cc_enclave_sealed_data_t *seal - UINT32_MAX:参数错误或函数执行错误 - others:函数执行成功,返回值为当前 sealed_data 中加密消息的长度 - - ## cc_enclave_get_add_text_size 获取附加消息的长度 @@ -274,8 +265,6 @@ uint32_t cc_enclave_get_add_text_size(const cc_enclave_sealed_data_t *sealed_dat - UINT32_MAX:参数错误或函数执行错误 - others:函数执行成功,返回值为当前sealed_data中附加消息的长度 - - ## cc_enclave_memory_in_enclave 安全内存检查 @@ -337,7 +326,6 @@ void PrintInfo(int level, const char *fmt, ...); - level:入参,日志打印等级,可选项为PRINT_ERROR, PRINT_WARNING, PRINT_STRACE, PRINT_DEBUG - fmt: 入参,需要输出的字符串 - **返回值:** - 无 diff --git "a/docs/zh/docs/secGear/\345\272\224\347\224\250\345\234\272\346\231\257.md" b/docs/zh/docs/server/security/secgear/application-scenarios.md similarity index 100% rename from "docs/zh/docs/secGear/\345\272\224\347\224\250\345\234\272\346\231\257.md" rename to docs/zh/docs/server/security/secgear/application-scenarios.md diff --git "a/docs/zh/docs/secGear/\345\274\200\345\217\221secGear\345\272\224\347\224\250\347\250\213\345\272\217.md" b/docs/zh/docs/server/security/secgear/developer-guide.md similarity index 100% rename from "docs/zh/docs/secGear/\345\274\200\345\217\221secGear\345\272\224\347\224\250\347\250\213\345\272\217.md" rename to docs/zh/docs/server/security/secgear/developer-guide.md diff --git a/docs/zh/docs/secGear/figures/BJCA_Crypto_Module.png b/docs/zh/docs/server/security/secgear/figures/BJCA_Crypto_Module.png similarity index 100% rename from docs/zh/docs/secGear/figures/BJCA_Crypto_Module.png rename to docs/zh/docs/server/security/secgear/figures/BJCA_Crypto_Module.png diff --git a/docs/zh/docs/secGear/figures/Mindspore.png b/docs/zh/docs/server/security/secgear/figures/Mindspore.png similarity index 100% rename from docs/zh/docs/secGear/figures/Mindspore.png rename to docs/zh/docs/server/security/secgear/figures/Mindspore.png diff --git a/docs/zh/docs/secGear/figures/Mindspore_original.png b/docs/zh/docs/server/security/secgear/figures/Mindspore_original.png similarity index 100% rename from docs/zh/docs/secGear/figures/Mindspore_original.png rename to docs/zh/docs/server/security/secgear/figures/Mindspore_original.png diff --git a/docs/zh/docs/secGear/figures/develop_step.png b/docs/zh/docs/server/security/secgear/figures/develop_step.png similarity index 100% rename from docs/zh/docs/secGear/figures/develop_step.png rename to docs/zh/docs/server/security/secgear/figures/develop_step.png diff --git a/docs/zh/docs/secGear/figures/openLooKeng.png b/docs/zh/docs/server/security/secgear/figures/openLooKeng.png similarity index 100% rename from docs/zh/docs/secGear/figures/openLooKeng.png rename to docs/zh/docs/server/security/secgear/figures/openLooKeng.png diff --git a/docs/zh/docs/secGear/figures/secGear_arch.png b/docs/zh/docs/server/security/secgear/figures/secGear_arch.png similarity index 100% rename from docs/zh/docs/secGear/figures/secGear_arch.png rename to docs/zh/docs/server/security/secgear/figures/secGear_arch.png diff --git a/docs/zh/docs/secGear/figures/secret_gaussdb.png b/docs/zh/docs/server/security/secgear/figures/secret_gaussdb.png similarity index 100% rename from docs/zh/docs/secGear/figures/secret_gaussdb.png rename to docs/zh/docs/server/security/secgear/figures/secret_gaussdb.png diff --git "a/docs/zh/docs/secGear/\350\256\244\350\257\206secGear.md" b/docs/zh/docs/server/security/secgear/introduction-to-secGear.md similarity index 100% rename from "docs/zh/docs/secGear/\350\256\244\350\257\206secGear.md" rename to docs/zh/docs/server/security/secgear/introduction-to-secGear.md diff --git a/docs/zh/docs/server/security/secgear/public_sys-resources/icon-note.gif b/docs/zh/docs/server/security/secgear/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/server/security/secgear/public_sys-resources/icon-note.gif differ diff --git "a/docs/zh/docs/secGear/\345\256\211\350\243\205secGear.md" b/docs/zh/docs/server/security/secgear/secgear-installation.md similarity index 100% rename from "docs/zh/docs/secGear/\345\256\211\350\243\205secGear.md" rename to docs/zh/docs/server/security/secgear/secgear-installation.md diff --git a/docs/zh/docs/secGear/secGear.md b/docs/zh/docs/server/security/secgear/secgear.md similarity index 100% rename from docs/zh/docs/secGear/secGear.md rename to docs/zh/docs/server/security/secgear/secgear.md diff --git "a/docs/zh/docs/secGear/\344\275\277\347\224\250secGear\345\267\245\345\205\267.md" b/docs/zh/docs/server/security/secgear/using-secgear-tools.md similarity index 100% rename from "docs/zh/docs/secGear/\344\275\277\347\224\250secGear\345\267\245\345\205\267.md" rename to docs/zh/docs/server/security/secgear/using-secgear-tools.md diff --git a/docs/zh/docs/server/security/secharden/_toc.yaml b/docs/zh/docs/server/security/secharden/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..ec2478af835a52a0d7bc6714174ac599f73e1b40 --- /dev/null +++ b/docs/zh/docs/server/security/secharden/_toc.yaml @@ -0,0 +1,29 @@ +label: 安全加固指南 +isManual: true +description: 指导用户进行安全加固 +sections: + - label: 操作系统加固概述 + href: ./os-hardening-overview.md + - label: 安全配置说明 + href: ./security-configuration-benchmark.md + - label: 加固指导 + href: ./secHarden.md + sections: + - label: 帐户口令 + href: ./account-passwords.md + - label: 授权认证 + href: ./authentication-and-authorization.md + - label: 系统服务 + href: ./system-services.md + - label: 文件权限 + href: ./file-permissions.md + - label: 内核参数 + href: ./kernel-parameters.md + - label: SELinux配置 + href: ./selinux-configuration.md + - label: 安全加固工具 + href: ./security-hardening-tools.md + - label: 附录 + href: ./appendix.md + - label: 安全配置加固工具 + href: ./security-configuration-hardening-tools.md diff --git "a/docs/zh/docs/SecHarden/\350\264\246\346\210\267\345\217\243\344\273\244.md" b/docs/zh/docs/server/security/secharden/account-passwords.md similarity index 100% rename from "docs/zh/docs/SecHarden/\350\264\246\346\210\267\345\217\243\344\273\244.md" rename to docs/zh/docs/server/security/secharden/account-passwords.md diff --git "a/docs/zh/docs/SecHarden/\351\231\204\345\275\225.md" b/docs/zh/docs/server/security/secharden/appendix.md similarity index 100% rename from "docs/zh/docs/SecHarden/\351\231\204\345\275\225.md" rename to docs/zh/docs/server/security/secharden/appendix.md diff --git "a/docs/zh/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md" b/docs/zh/docs/server/security/secharden/authentication-and-authorization.md similarity index 100% rename from "docs/zh/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md" rename to docs/zh/docs/server/security/secharden/authentication-and-authorization.md diff --git a/docs/zh/docs/server/security/secharden/figures/zh-cn_image_0221925211.png b/docs/zh/docs/server/security/secharden/figures/zh-cn_image_0221925211.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/zh/docs/server/security/secharden/figures/zh-cn_image_0221925211.png differ diff --git a/docs/zh/docs/server/security/secharden/figures/zh-cn_image_0221925212.png b/docs/zh/docs/server/security/secharden/figures/zh-cn_image_0221925212.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/zh/docs/server/security/secharden/figures/zh-cn_image_0221925212.png differ diff --git "a/docs/zh/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md" b/docs/zh/docs/server/security/secharden/file-permissions.md similarity index 100% rename from "docs/zh/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md" rename to docs/zh/docs/server/security/secharden/file-permissions.md diff --git "a/docs/zh/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md" b/docs/zh/docs/server/security/secharden/kernel-parameters.md similarity index 100% rename from "docs/zh/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md" rename to docs/zh/docs/server/security/secharden/kernel-parameters.md diff --git "a/docs/zh/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md" b/docs/zh/docs/server/security/secharden/os-hardening-overview.md similarity index 100% rename from "docs/zh/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md" rename to docs/zh/docs/server/security/secharden/os-hardening-overview.md diff --git a/docs/zh/docs/server/security/secharden/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/docs/server/security/secharden/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/docs/server/security/secharden/public_sys-resources/icon-note.gif b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/docs/server/security/secharden/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/docs/server/security/secharden/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/docs/server/security/secharden/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/security/secharden/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/docs/SecHarden/secHarden.md b/docs/zh/docs/server/security/secharden/secHarden.md similarity index 100% rename from docs/zh/docs/SecHarden/secHarden.md rename to docs/zh/docs/server/security/secharden/secHarden.md diff --git "a/docs/zh/docs/SecHarden/\345\256\211\345\205\250\351\205\215\347\275\256\350\247\204\350\214\203\345\237\272\347\272\277.md" b/docs/zh/docs/server/security/secharden/security-configuration-benchmark.md similarity index 98% rename from "docs/zh/docs/SecHarden/\345\256\211\345\205\250\351\205\215\347\275\256\350\247\204\350\214\203\345\237\272\347\272\277.md" rename to docs/zh/docs/server/security/secharden/security-configuration-benchmark.md index f74f16956196fc645b15bf893e8c6468a5d94e09..1f12011defdaf8af964a937023d798d6b08302b1 100644 --- "a/docs/zh/docs/SecHarden/\345\256\211\345\205\250\351\205\215\347\275\256\350\247\204\350\214\203\345\237\272\347\272\277.md" +++ b/docs/zh/docs/server/security/secharden/security-configuration-benchmark.md @@ -1,3 +1,3 @@ -# openEuler安全配置说明 - -详细内容请参考[openEuler安全配置说明](https://gitee.com/openeuler/security-committee/tree/master/secure-configuration-benchmark)。 +# openEuler安全配置说明 + +详细内容请参考[openEuler安全配置说明](https://gitee.com/openeuler/security-committee/tree/master/secure-configuration-benchmark)。 diff --git "a/docs/zh/docs/SecHarden/\345\256\211\345\205\250\351\205\215\347\275\256\345\212\240\345\233\272\345\267\245\345\205\267.md" b/docs/zh/docs/server/security/secharden/security-configuration-hardening-tools.md similarity index 100% rename from "docs/zh/docs/SecHarden/\345\256\211\345\205\250\351\205\215\347\275\256\345\212\240\345\233\272\345\267\245\345\205\267.md" rename to docs/zh/docs/server/security/secharden/security-configuration-hardening-tools.md diff --git "a/docs/zh/docs/SecHarden/\345\212\240\345\233\272\346\214\207\345\257\274.md" b/docs/zh/docs/server/security/secharden/security-hardening-guide.md similarity index 100% rename from "docs/zh/docs/SecHarden/\345\212\240\345\233\272\346\214\207\345\257\274.md" rename to docs/zh/docs/server/security/secharden/security-hardening-guide.md diff --git "a/docs/zh/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md" b/docs/zh/docs/server/security/secharden/security-hardening-tools.md similarity index 100% rename from "docs/zh/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md" rename to docs/zh/docs/server/security/secharden/security-hardening-tools.md diff --git "a/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" b/docs/zh/docs/server/security/secharden/selinux-configuration.md similarity index 100% rename from "docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" rename to docs/zh/docs/server/security/secharden/selinux-configuration.md diff --git "a/docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md" b/docs/zh/docs/server/security/secharden/system-services.md similarity index 100% rename from "docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md" rename to docs/zh/docs/server/security/secharden/system-services.md diff --git a/docs/zh/docs/server/security/shangmi/_toc.yaml b/docs/zh/docs/server/security/shangmi/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..84301b90927d1af563380489cd49f12895fda591 --- /dev/null +++ b/docs/zh/docs/server/security/shangmi/_toc.yaml @@ -0,0 +1,26 @@ +label: 国密 +isManual: true +description: 对操作系统的关键安全特性进行国密算法使能 +sections: + - label: 概述 + href: ./overview.md + - label: 磁盘加密 + href: ./drive-encryption.md + - label: 内核模块签名 + href: ./kernel-module-signing.md + - label: 算法库 + href: ./algorithm-library.md + - label: 文件完整性保护 + href: ./file-integrity-protection.md + - label: 用户身份鉴别 + href: ./user-identity-authentication.md + - label: 证书 + href: ./certificates.md + - label: 安全启动 + href: ./secure-boot.md + - label: SSH协议栈 + href: ./ssh-stack.md + - label: TLCP协议栈 + href: ./tlcp-stack.md + - label: RPM支持国密签名验签 + href: ./rpm-signature-verification.md diff --git "a/docs/zh/docs/ShangMi/\347\256\227\346\263\225\345\272\223.md" b/docs/zh/docs/server/security/shangmi/algorithm-library.md similarity index 96% rename from "docs/zh/docs/ShangMi/\347\256\227\346\263\225\345\272\223.md" rename to docs/zh/docs/server/security/shangmi/algorithm-library.md index 94bc3d5958ff6f68779c438f46a0311dd8a9a9de..b6f6f7e2c5e1157a2d8afb5f1c8f1b8ec1e7db0d 100644 --- "a/docs/zh/docs/ShangMi/\347\256\227\346\263\225\345\272\223.md" +++ b/docs/zh/docs/server/security/shangmi/algorithm-library.md @@ -1,194 +1,194 @@ -# 算法库 - -## openSSL加密接口 - -openSSL是常用的密码算法库软件,当前已经支持商密算法SM2/3/4,用户可以通过命令行或API调用商密算法的加解密功能。 - -### 前置条件 - -openSSL大于或等于1.1.1m-6版本: - -``` -$ rpm -qa openssl -openssl-1.1.1m-6.oe2209.x86_64 -``` - -### 如何使用 - -#### 场景1:使用命令行调用密码算法 - -1. SM2公钥算法 - -生成SM2私钥: - -``` -$ openssl ecparam -genkey -name SM2 -out priv.key -``` - -根据私钥生成公钥: - -``` -$ openssl ec -in priv.key -pubout -out pub.key -read EC key -writing EC key -``` - -使用SM2算法对文件进行签名,摘要算法指定为SM3: - -``` -$ openssl dgst -sm3 -sign priv.key -out data.sig data -``` - -使用公钥进行验签: - -``` -$ openssl dgst -sm3 -verify pub.key -signature data.sig data -Verified OK -``` - -2. SM3摘要算法 - -使用SM3算法计算数据摘要: - -``` -$ openssl dgst -sm3 data -SM3(data)= a794922bb9f0a034257f6c7090a3e8429801a42d422c21f1473e83b7f7eac385 -``` - -3. SM4对称加密算法 - -使用SM4算法对数据进行加密,其中-K和-iv分别指定加密所使用的key值和iv值,通常需要随机生成: - -``` -$ openssl enc -sm4 -in data -K 123456789ABCDEF0123456789ABCDEF0 -iv 123456789ABCDEF0123456789ABCDEF0 -out data.enc -``` - -使用SM4算法对数据进行解密: - -``` -$ openssl enc -d -sm4 -in data.enc -K 123456789ABCDEF0123456789ABCDEF0 -iv 123456789ABCDEF0123456789ABCDEF0 -out data.raw -``` - -对比加解密数据,结果一致: - -``` -$ diff data data.raw -``` - -#### 场景2:使用API调用密码算法 - -可直接安装openssl-help并查询man手册: - -``` -$ yum install openssl-help -$ man sm2 -$ man EVP_sm3 -$ man EVP_sm4_cbc -``` - -## 内核加密接口 - -### 概述 - -Linux内核的加密算法采用crypto框架管理,不同的算法实现在crypto框架中分别进行注册和调用。openEuler提供的5.10内核提供了对商密算法(SM2/3/4)的支持,其中SM2/3算法默认编译在内核中,SM4算法以内核模块的形式提供。 - -### 前置条件 - -内核大于或等于5.10.0-106版本: - -``` -# rpm -qa kernel -kernel-5.10.0-106.1.0.55.oe2209.x86_64 -``` - -### 如何使用 - -#### 场景1:查询内核支持的加密算法 - -通过/proc/crypto查询已注册的商密算法,其中SM2/SM3算法默认加载: - -``` -$ cat /proc/crypto | grep sm3 -A8 -name : sm3 -driver : sm3-generic -module : kernel -priority : 100 -refcnt : 1 -selftest : passed -internal : no -type : shash -blocksize : 64 -digestsize : 32 - -$ cat /proc/crypto | grep sm2 -A6 -name : sm2 -driver : sm2-generic -module : kernel -priority : 100 -refcnt : 1 -selftest : passed -internal : no -type : akcipher -``` - -sm4算法默认不加载,需要先插入对应模块: - -``` -$ modprobe sm4-generic -$ cat /proc/crypto | grep sm4 -A8 -name : sm4 -driver : sm4-generic -module : sm4_generic -priority : 100 -refcnt : 1 -selftest : passed -internal : no -type : cipher -blocksize : 16 -min keysize : 16 -max keysize : 16 -``` - -#### 场景2:算法API调用 - -商密算法的调用和其他相同类型的算法调用方法一致,可参考Linux内核文档: - -``` -https://www.kernel.org/doc/html/v5.10/crypto/userspace-if.html -``` - -#### 场景3:指令集优化 - -Crypto框架支持注册架构相关的算法实现,可以通过特定指令集实现算法性能的优化。当前openEuler 5.10内核支持的指令集优化包括: - -| 驱动 | 指令集支持 | 优先级 | -| -------------------------------- | ---------------------- | ------ | -| sm4-neon(ecb/cbc/cfb/ctr) | ARM64-NEON指令集 | 200 | -| sm3-avx | X86-AVX指令集 | 300 | -| sm4-aesni-avx (ecb/cbc/cfb/ctr) | X86-AVX指令集 | 400 | -| sm4-aesni-avx 2(ecb/cbc/cfb/ctr) | X86-AVX2指令集 | 500 | - -当同一个算法注册多个实例时,按照各个算法实例注册的priority选择默认的算法实现,priority数值越大则优先级越高,纯软件的算法实现(后缀为-generic)的priority固定为100。商密算法的指令集优化不默认使能,以内核模块的形式对用户提供,如使能SM3算法的AVX指令集优化的方法为: - -``` -$ modprobe sm3-avx -$ cat /proc/crypto | grep sm3 -A8 -name : sm3 -driver : sm3-avx -module : sm3_avx_x86_64 -priority : 300 -refcnt : 1 -selftest : passed -internal : no -type : shash -blocksize : 64 -digestsize : 32 - -...... -``` - -#### 注意事项 - -1. 算法指令集优化使能的前提是CPU支持对应指令集,可以通过/proc/cpuinfo接口查询当前CPU支持的指令集; -2. 特定指令集的调用本身存在一定开销,因此并不能保证在所有的场景下,指令集优化的性能都高于软件实现; +# 算法库 + +## openSSL加密接口 + +openSSL是常用的密码算法库软件,当前已经支持商密算法SM2/3/4,用户可以通过命令行或API调用商密算法的加解密功能。 + +### 前置条件 + +openSSL大于或等于1.1.1m-6版本: + +``` +$ rpm -qa openssl +openssl-1.1.1m-6.oe2209.x86_64 +``` + +### 如何使用 + +#### 场景1:使用命令行调用密码算法 + +1. SM2公钥算法 + +生成SM2私钥: + +``` +$ openssl ecparam -genkey -name SM2 -out priv.key +``` + +根据私钥生成公钥: + +``` +$ openssl ec -in priv.key -pubout -out pub.key +read EC key +writing EC key +``` + +使用SM2算法对文件进行签名,摘要算法指定为SM3: + +``` +$ openssl dgst -sm3 -sign priv.key -out data.sig data +``` + +使用公钥进行验签: + +``` +$ openssl dgst -sm3 -verify pub.key -signature data.sig data +Verified OK +``` + +2. SM3摘要算法 + +使用SM3算法计算数据摘要: + +``` +$ openssl dgst -sm3 data +SM3(data)= a794922bb9f0a034257f6c7090a3e8429801a42d422c21f1473e83b7f7eac385 +``` + +3. SM4对称加密算法 + +使用SM4算法对数据进行加密,其中-K和-iv分别指定加密所使用的key值和iv值,通常需要随机生成: + +``` +$ openssl enc -sm4 -in data -K 123456789ABCDEF0123456789ABCDEF0 -iv 123456789ABCDEF0123456789ABCDEF0 -out data.enc +``` + +使用SM4算法对数据进行解密: + +``` +$ openssl enc -d -sm4 -in data.enc -K 123456789ABCDEF0123456789ABCDEF0 -iv 123456789ABCDEF0123456789ABCDEF0 -out data.raw +``` + +对比加解密数据,结果一致: + +``` +$ diff data data.raw +``` + +#### 场景2:使用API调用密码算法 + +可直接安装openssl-help并查询man手册: + +``` +$ yum install openssl-help +$ man sm2 +$ man EVP_sm3 +$ man EVP_sm4_cbc +``` + +## 内核加密接口 + +### 概述 + +Linux内核的加密算法采用crypto框架管理,不同的算法实现在crypto框架中分别进行注册和调用。openEuler提供的5.10内核提供了对商密算法(SM2/3/4)的支持,其中SM2/3算法默认编译在内核中,SM4算法以内核模块的形式提供。 + +### 前置条件 + +内核大于或等于5.10.0-106版本: + +``` +# rpm -qa kernel +kernel-5.10.0-106.1.0.55.oe2209.x86_64 +``` + +### 如何使用 + +#### 场景1:查询内核支持的加密算法 + +通过/proc/crypto查询已注册的商密算法,其中SM2/SM3算法默认加载: + +``` +$ cat /proc/crypto | grep sm3 -A8 +name : sm3 +driver : sm3-generic +module : kernel +priority : 100 +refcnt : 1 +selftest : passed +internal : no +type : shash +blocksize : 64 +digestsize : 32 + +$ cat /proc/crypto | grep sm2 -A6 +name : sm2 +driver : sm2-generic +module : kernel +priority : 100 +refcnt : 1 +selftest : passed +internal : no +type : akcipher +``` + +sm4算法默认不加载,需要先插入对应模块: + +``` +$ modprobe sm4-generic +$ cat /proc/crypto | grep sm4 -A8 +name : sm4 +driver : sm4-generic +module : sm4_generic +priority : 100 +refcnt : 1 +selftest : passed +internal : no +type : cipher +blocksize : 16 +min keysize : 16 +max keysize : 16 +``` + +#### 场景2:算法API调用 + +商密算法的调用和其他相同类型的算法调用方法一致,可参考Linux内核文档: + +``` +https://www.kernel.org/doc/html/v5.10/crypto/userspace-if.html +``` + +#### 场景3:指令集优化 + +Crypto框架支持注册架构相关的算法实现,可以通过特定指令集实现算法性能的优化。当前openEuler 5.10内核支持的指令集优化包括: + +| 驱动 | 指令集支持 | 优先级 | +| -------------------------------- | ---------------------- | ------ | +| sm4-neon(ecb/cbc/cfb/ctr) | ARM64-NEON指令集 | 200 | +| sm3-avx | X86-AVX指令集 | 300 | +| sm4-aesni-avx (ecb/cbc/cfb/ctr) | X86-AVX指令集 | 400 | +| sm4-aesni-avx 2(ecb/cbc/cfb/ctr) | X86-AVX2指令集 | 500 | + +当同一个算法注册多个实例时,按照各个算法实例注册的priority选择默认的算法实现,priority数值越大则优先级越高,纯软件的算法实现(后缀为-generic)的priority固定为100。商密算法的指令集优化不默认使能,以内核模块的形式对用户提供,如使能SM3算法的AVX指令集优化的方法为: + +``` +$ modprobe sm3-avx +$ cat /proc/crypto | grep sm3 -A8 +name : sm3 +driver : sm3-avx +module : sm3_avx_x86_64 +priority : 300 +refcnt : 1 +selftest : passed +internal : no +type : shash +blocksize : 64 +digestsize : 32 + +...... +``` + +#### 注意事项 + +1. 算法指令集优化使能的前提是CPU支持对应指令集,可以通过/proc/cpuinfo接口查询当前CPU支持的指令集; +2. 特定指令集的调用本身存在一定开销,因此并不能保证在所有的场景下,指令集优化的性能都高于软件实现; 3. 部分指令集优化存在一定限制,如neon指令集仅在支持并行计算的加密模式下存在优化效果。 \ No newline at end of file diff --git "a/docs/zh/docs/ShangMi/\350\257\201\344\271\246.md" b/docs/zh/docs/server/security/shangmi/certificates.md similarity index 96% rename from "docs/zh/docs/ShangMi/\350\257\201\344\271\246.md" rename to docs/zh/docs/server/security/shangmi/certificates.md index f1ce7fdd9b6e18dac287e58544b75a1f131f15f7..78986136cdbb3235ed77d81acdf13f11e1cac539 100644 --- "a/docs/zh/docs/ShangMi/\350\257\201\344\271\246.md" +++ b/docs/zh/docs/server/security/shangmi/certificates.md @@ -1,89 +1,89 @@ -# 证书 - -## 概述 - -商密证书指的是满足《SM2椭圆曲线公钥密码算法》以及《基于SM2密码算法的数字证书格式规范》等标准的数字证书。openEuler发布的openSSL软件提供了对商密证书的支持。 - -## 前置条件 - -openSSL大于或等于1.1.1m-6版本: - -``` -$ rpm -qa openssl -openssl-1.1.1m-6.oe2209.x86_64 -``` - -## 如何使用 - -### 场景1:生成商密证书 - -1. 生成SM2签名私钥: - -``` -$ openssl ecparam -genkey -name SM2 -out sm2.key -``` - -2. 生成签名请求: - -``` -$ openssl req -new -sm3 -key sm2.key -out sm2.csr -``` - -3. 生成商密证书(可使用-extfile指定证书配置文件): - -``` -$ openssl x509 -req -days 3650 -signkey sm2.key -in sm2.csr -out sm2.crt -``` - -4. 查看证书信息: - -``` -$ openssl x509 -text -in sm2.crt -``` - -### 场景2:构建证书链 - -#### 使用x509命令(一般用于功能测试) - -1. 生成CA私钥和证书: - -``` -$ openssl ecparam -genkey -name SM2 -out ca.key -$ openssl req -new -sm3 -key ca.key -out ca.csr -$ openssl x509 -req -days 3650 -signkey ca.key -in ca.csr -out ca.crt -``` - -1. 生成二级签名私钥和签名请求: - -``` -$ openssl ecparam -genkey -name SM2 -out sm2.key -$ openssl req -new -sm3 -key sm2.key -out sm2.csr -``` - -2. 基于一级证书生成二级证书(可使用-extfile指定证书配置文件): - -``` -$ openssl x509 -req -sm3 -CAcreateserial -CA ca.crt -CAkey ca.key -in sm2.csr -out sm2.crt -``` - -#### 使用ca配置文件(一般用于正式场景) - -1. 准备用于生成证书的配置文件(可使用openssl源码目录下的apps/openssl.cnf); -2. 生成自签名CA证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.0以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): - -``` -$ openssl ecparam -name SM2 -out SM2.pem -$ openssl req -config ./openssl.cnf -nodes -keyout CA.key -newkey ec:SM2.pem -new -out CA.csr -$ openssl x509 -sm3 -req -days 30 -in CA.csr -extfile ./openssl.cnf -extensions v3_ca -signkey CA.key -out CA.crt -``` - -3. 生成二级证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.9及以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): - -``` -$ openssl req -config ./openssl.cnf -nodes -keyout SS.key -newkey ec:SM2.pem -new -out SS.csr -$ openssl x509 -sm3 -req -days 30 -in SS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out SS.crt -CAcreateserial -``` - -### 场景3:生成TLCP通信证书 - +# 证书 + +## 概述 + +商密证书指的是满足《SM2椭圆曲线公钥密码算法》以及《基于SM2密码算法的数字证书格式规范》等标准的数字证书。openEuler发布的openSSL软件提供了对商密证书的支持。 + +## 前置条件 + +openSSL大于或等于1.1.1m-6版本: + +``` +$ rpm -qa openssl +openssl-1.1.1m-6.oe2209.x86_64 +``` + +## 如何使用 + +### 场景1:生成商密证书 + +1. 生成SM2签名私钥: + +``` +$ openssl ecparam -genkey -name SM2 -out sm2.key +``` + +2. 生成签名请求: + +``` +$ openssl req -new -sm3 -key sm2.key -out sm2.csr +``` + +3. 生成商密证书(可使用-extfile指定证书配置文件): + +``` +$ openssl x509 -req -days 3650 -signkey sm2.key -in sm2.csr -out sm2.crt +``` + +4. 查看证书信息: + +``` +$ openssl x509 -text -in sm2.crt +``` + +### 场景2:构建证书链 + +#### 使用x509命令(一般用于功能测试) + +1. 生成CA私钥和证书: + +``` +$ openssl ecparam -genkey -name SM2 -out ca.key +$ openssl req -new -sm3 -key ca.key -out ca.csr +$ openssl x509 -req -days 3650 -signkey ca.key -in ca.csr -out ca.crt +``` + +1. 生成二级签名私钥和签名请求: + +``` +$ openssl ecparam -genkey -name SM2 -out sm2.key +$ openssl req -new -sm3 -key sm2.key -out sm2.csr +``` + +2. 基于一级证书生成二级证书(可使用-extfile指定证书配置文件): + +``` +$ openssl x509 -req -sm3 -CAcreateserial -CA ca.crt -CAkey ca.key -in sm2.csr -out sm2.crt +``` + +#### 使用ca配置文件(一般用于正式场景) + +1. 准备用于生成证书的配置文件(可使用openssl源码目录下的apps/openssl.cnf); +2. 生成自签名CA证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.0以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): + +``` +$ openssl ecparam -name SM2 -out SM2.pem +$ openssl req -config ./openssl.cnf -nodes -keyout CA.key -newkey ec:SM2.pem -new -out CA.csr +$ openssl x509 -sm3 -req -days 30 -in CA.csr -extfile ./openssl.cnf -extensions v3_ca -signkey CA.key -out CA.crt +``` + +3. 生成二级证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.9及以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): + +``` +$ openssl req -config ./openssl.cnf -nodes -keyout SS.key -newkey ec:SM2.pem -new -out SS.csr +$ openssl x509 -sm3 -req -days 30 -in SS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out SS.crt -CAcreateserial +``` + +### 场景3:生成TLCP通信证书 + 详见《TLCP协议栈》章节。 \ No newline at end of file diff --git "a/docs/zh/docs/ShangMi/\347\243\201\347\233\230\345\212\240\345\257\206.md" b/docs/zh/docs/server/security/shangmi/drive-encryption.md similarity index 96% rename from "docs/zh/docs/ShangMi/\347\243\201\347\233\230\345\212\240\345\257\206.md" rename to docs/zh/docs/server/security/shangmi/drive-encryption.md index 3738629ad8116956c326ff99fc654ea9281eec3b..5d90f5afc82dfaa1ca99589d3a38abe5a42ab283 100644 --- "a/docs/zh/docs/ShangMi/\347\243\201\347\233\230\345\212\240\345\257\206.md" +++ b/docs/zh/docs/server/security/shangmi/drive-encryption.md @@ -1,90 +1,90 @@ -# 磁盘加密 - -## 概述 - -磁盘加密是对重要数据存储机密性进行保护,按照给定加密算法对数据进行加密后写入磁盘,从而保障重要数据的机密性。该特性主要涉及用户态工具cryptsetup和内核态的dm-crypt模块。当前openEuler操作系统提供的磁盘加密特性已支持商密算法。相关参数如下: - -- 加密模式:支持luks2和plain两种模式; -- 密钥长度:支持256位; -- 摘要算法:支持商密SM3算法; -- 加密算法:支持商密sm4-xts-plain64算法。 - -## 前置条件 - -1. 内核大于或等于5.10.0-106版本: - -``` -$ rpm -qa kernel -kernel-5.10.0-106.1.0.55.oe2209.x86_64 -``` - -2. cryptsetup大于或等于2.4.1-1版本: - -``` -$ rpm -qa cryptsetup -cryptsetup-2.4.1-1.oe2209.x86_64 -``` - -## 如何使用 - -通过将磁盘格式化成指定加密模式的磁盘,然后映射到/dev/mapper下作为dm设备,后续对磁盘的读写都通过该dm设备进行,数据的加解密过程由内核态完成,用户态不感知。参考步骤如下: - -1. 格式化磁盘,将磁盘映射为dm设备: - -a. luks2模式 - -加密模式使用luks2,加密算法使用sm4-xts-plain64,密钥大小为256位,摘要算法使用sm3: - -``` -# cryptsetup luksFormat /dev/sdd -c sm4-xts-plain64 --key-size 256 --hash sm3 -# cryptsetup luksOpen /dev/sdd crypt1 -``` - -b. plain模式 - -加密模式使用plain,加密算法使用sm4-xts-plain64,密钥大小为256位,摘要算法使用sm3: - -``` -# cryptsetup plainOpen /dev/sdd crypt1 -c sm4-xts-plain64 --key-size 256 --hash sm3 -``` - -2. 映射成功后可通过lsblk查看设备信息: - -``` -# lsblk -NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS -...... -sdd 8:48 0 50G 0 disk -└─crypt1 253:3 0 50G 0 crypt -...... -``` - -3. 对加密后的设备进行IO读写: - -直接对裸盘下发IO: - -``` -# dd if=/dev/random of=/dev/mapper/crypt1 bs=4k count=10240 -``` - -通过文件系统下发IO: - -``` -# mkfs.ext4 /dev/mapper/crypt1 -# mount /dev/mapper/crypt1 /mnt/crypt/ -# dd if=/dev/random of=/mnt/crypt/tmp bs=4k count=10240 -``` - -4. 关闭设备映射: - -如果挂载了文件系统,需要先卸载: - -``` -# umount /mnt/crypt -``` - -关闭设备: - -``` -# cryptsetup close crypt1 +# 磁盘加密 + +## 概述 + +磁盘加密是对重要数据存储机密性进行保护,按照给定加密算法对数据进行加密后写入磁盘,从而保障重要数据的机密性。该特性主要涉及用户态工具cryptsetup和内核态的dm-crypt模块。当前openEuler操作系统提供的磁盘加密特性已支持商密算法。相关参数如下: + +- 加密模式:支持luks2和plain两种模式; +- 密钥长度:支持256位; +- 摘要算法:支持商密SM3算法; +- 加密算法:支持商密sm4-xts-plain64算法。 + +## 前置条件 + +1. 内核大于或等于5.10.0-106版本: + +``` +$ rpm -qa kernel +kernel-5.10.0-106.1.0.55.oe2209.x86_64 +``` + +2. cryptsetup大于或等于2.4.1-1版本: + +``` +$ rpm -qa cryptsetup +cryptsetup-2.4.1-1.oe2209.x86_64 +``` + +## 如何使用 + +通过将磁盘格式化成指定加密模式的磁盘,然后映射到/dev/mapper下作为dm设备,后续对磁盘的读写都通过该dm设备进行,数据的加解密过程由内核态完成,用户态不感知。参考步骤如下: + +1. 格式化磁盘,将磁盘映射为dm设备: + +a. luks2模式 + +加密模式使用luks2,加密算法使用sm4-xts-plain64,密钥大小为256位,摘要算法使用sm3: + +``` +# cryptsetup luksFormat /dev/sdd -c sm4-xts-plain64 --key-size 256 --hash sm3 +# cryptsetup luksOpen /dev/sdd crypt1 +``` + +b. plain模式 + +加密模式使用plain,加密算法使用sm4-xts-plain64,密钥大小为256位,摘要算法使用sm3: + +``` +# cryptsetup plainOpen /dev/sdd crypt1 -c sm4-xts-plain64 --key-size 256 --hash sm3 +``` + +2. 映射成功后可通过lsblk查看设备信息: + +``` +# lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS +...... +sdd 8:48 0 50G 0 disk +└─crypt1 253:3 0 50G 0 crypt +...... +``` + +3. 对加密后的设备进行IO读写: + +直接对裸盘下发IO: + +``` +# dd if=/dev/random of=/dev/mapper/crypt1 bs=4k count=10240 +``` + +通过文件系统下发IO: + +``` +# mkfs.ext4 /dev/mapper/crypt1 +# mount /dev/mapper/crypt1 /mnt/crypt/ +# dd if=/dev/random of=/mnt/crypt/tmp bs=4k count=10240 +``` + +4. 关闭设备映射: + +如果挂载了文件系统,需要先卸载: + +``` +# umount /mnt/crypt +``` + +关闭设备: + +``` +# cryptsetup close crypt1 ``` \ No newline at end of file diff --git "a/docs/zh/docs/ShangMi/\346\226\207\344\273\266\345\256\214\346\225\264\346\200\247\344\277\235\346\212\244.md" b/docs/zh/docs/server/security/shangmi/file-integrity-protection.md similarity index 100% rename from "docs/zh/docs/ShangMi/\346\226\207\344\273\266\345\256\214\346\225\264\346\200\247\344\277\235\346\212\244.md" rename to docs/zh/docs/server/security/shangmi/file-integrity-protection.md diff --git "a/docs/zh/docs/ShangMi/\345\206\205\346\240\270\346\250\241\345\235\227\347\255\276\345\220\215.md" b/docs/zh/docs/server/security/shangmi/kernel-module-signing.md similarity index 100% rename from "docs/zh/docs/ShangMi/\345\206\205\346\240\270\346\250\241\345\235\227\347\255\276\345\220\215.md" rename to docs/zh/docs/server/security/shangmi/kernel-module-signing.md diff --git "a/docs/zh/docs/ShangMi/\346\246\202\350\277\260.md" b/docs/zh/docs/server/security/shangmi/overview.md similarity index 100% rename from "docs/zh/docs/ShangMi/\346\246\202\350\277\260.md" rename to docs/zh/docs/server/security/shangmi/overview.md diff --git "a/docs/zh/docs/ShangMi/RPM\347\255\276\345\220\215\351\252\214\347\255\276.md" b/docs/zh/docs/server/security/shangmi/rpm-signature-verification.md similarity index 100% rename from "docs/zh/docs/ShangMi/RPM\347\255\276\345\220\215\351\252\214\347\255\276.md" rename to docs/zh/docs/server/security/shangmi/rpm-signature-verification.md diff --git "a/docs/zh/docs/ShangMi/\345\256\211\345\205\250\345\220\257\345\212\250.md" b/docs/zh/docs/server/security/shangmi/secure-boot.md similarity index 97% rename from "docs/zh/docs/ShangMi/\345\256\211\345\205\250\345\220\257\345\212\250.md" rename to docs/zh/docs/server/security/shangmi/secure-boot.md index d4cf5b791b34f52fc9b6e67cab01160e013d6395..a61fe41cd2b488ae470bdfd69543586ee0eccedd 100644 --- "a/docs/zh/docs/ShangMi/\345\256\211\345\205\250\345\220\257\345\212\250.md" +++ b/docs/zh/docs/server/security/shangmi/secure-boot.md @@ -1,186 +1,186 @@ -# 安全启动 - -安全启动是UEFI规范的标准功能,通过对系统启动中的各个组件进行逐级签名验证,实现启动过程的完整性和真实性保证。Linux系统的UEFI安全启动主要包括以下三个流程: - -1. BIOS通过内置证书验证shim组件的签名信息; -2. shim组件通过内置证书验证grub组件的签名信息; -3. grub组件通过shim组件提供的接口验证kernel组件的签名信息。 - -openEuler对EFI签名工具(pesign及其算法库nss)和shim进行了商密算法扩展支持,即支持使用SM3算法进行EFI文件的哈希计算,使用SM2数字签名算法进行EFI文件的签名/验签,从而建立基于商密算法的操作系统启动安全保障。 - -## 约束限制 - -- openEuler shim组件支持商密安全启动,即支持shim验签grub,grub验签kernel流程。shim组件的验签依赖BIOS支持; -- 需要基于支持UEFI安全启动的arm64/x86物理机运行; -- pesign工具最多支持二级证书签名; -- pesign工具当前仅支持生成签名,不支持验证签名。 - -## 前置条件 - -1. 系统中安装下列软件包且高于指定版本: - -```shell -openssl-1.1.1m-15.oe2203.aarch64 -nss-3.72.0-4.oe2203.aarch64 -pesign-115-2.oe2203.aarch64 -shim-15.6-7.oe2203.aarch64 -crypto-policies-20200619-3.git781bbd4.oe2203.noarch -``` - -2. 下载openEuler shim组件源码,注意需要检查spec文件中的版本号大于15.6-7: - -```shell -git clone https://gitee.com/src-openeuler/shim.git -b openEuler-{version} --depth 1 -``` - -3. 安装编译shim组件所需要的软件包: - -```shell -yum install elfutils-libelf-devel gcc gnu-efi gnu-efi-devel openssl-devel make git rpm-build -``` - -4. 检查nss是否使能SM3算法,如果未使能则按照如下所示修改: - -```shell -cat /usr/share/crypto-policies/DEFAULT/nss.txt | grep SM3 -config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:SHA224:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048:SM3" -``` - -## 生成密钥和证书 - -1. 生成用于签名shim组件的密钥和证书,shim组件由BIOS校验签名,由于当前大部分BIOS不支持商密算法,此处选择使用RSA算法,如支持商密算法,可按照步骤2生成SM2密钥和证书: - -```shell -openssl genrsa -out rsa.key 4096 -openssl req -new -key rsa.key -out rsa.csr -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=secure boot BIOS' -openssl x509 -req -days 365 -in rsa.csr -signkey rsa.key -out rsa.crt -openssl x509 -in rsa.crt -out rsa.der -outform der -``` - -2. 生成用签名grub和kernel组件的SM2密钥和证书: - -```shell -openssl ecparam -genkey -name SM2 -out sm2.key -openssl req -new -sm3 -key sm2.key -out sm2.csr -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=secure boot shim' -openssl x509 -req -days 3650 -signkey sm2.key -in sm2.csr -out sm2.crt -openssl x509 -in sm2.crt -out sm2.der -outform der -``` - -3. 建立NSS数据库,并将以上两步骤生成的密钥和证书导入NSS数据库: - -```shell -# NSS数据库以目录形式组织,存放位置可自定义 -mkdir certdb -certutil -N -d certdb -# 将SM2证书和RSA证书导入NSS数据库,分别命名为sm2和rsa -certutil -A -n sm2 -d certdb -t CT,CT,CT -i sm2.crt -certutil -A -n rsa -d certdb -t CT,CT,CT -i rsa.crt -# 将SM2密钥和RSA密钥导入NSS数据库,需要先打包成pkcs12文件 -openssl pkcs12 -export -out rsa.p12 -inkey rsa.key -in rsa.crt -openssl pkcs12 -export -out sm2.p12 -inkey sm2.key -in sm2.crt -pk12util -d certdb -i rsa.p12 -pk12util -d certdb -i sm2.p12 -``` - -## 编译shim组件 - -1. 进入shim源码目录,修改shim.spec中的配置变量,开启商密算法支持,并指定内置SM2证书: - -```shell -%global enable_sm 1 -%global vendor_cert /path/to/sm2.der -``` - -2. 编译shim软件包: - -```shell -rpmbuild -ba shim.spec --define "_sourcedir $PWD" -``` - -3. 安装编译完成的shim软件包: - -```shell -rpm -Uvh ~/rpmbuild/RPMS/aarch64/shim-xxx.rpm -``` - -## UEFI文件商密签名 - -1. 使用RSA密钥和证书签名shim组件并替换: - -```shell -# arm64架构 -pesign -n certdb -c rsa -s -i /boot/efi/EFI/openEuler/shimaa64.efi -o shimaa64.efi.signed -cp shimaa64.efi.signed /boot/efi/EFI/openEuler/shimaa64.efi -# x86架构 -pesign -n certdb -c rsa -s -i /boot/efi/EFI/openEuler/shimx64.efi -o shimx64.efi.signed -cp shimx64.efi.signed /boot/efi/EFI/openEuler/shimx64.efi -``` - -2. 使用SM2密钥和证书签名grub组件并替换: - -```shell -# arm64架构 -pesign -n certdb -c sm2 -s -i /boot/efi/EFI/openEuler/grubaa64.efi -o grubaa64.efi.signed -d sm3 -cp grubaa64.efi.signed /boot/efi/EFI/openEuler/grubaa64.efi -# x86架构 -pesign -n certdb -c sm2 -s -i /boot/efi/EFI/openEuler/grubx64.efi -o grubx64.efi.signed -d sm3 -cp grubx64.efi.signed /boot/efi/EFI/openEuler/grubx64.efi -``` - -3. 使用SM2密钥和证书签名kernel组件并替换(注意文件名包含实际的版本号): - -```shell -# arm64架构,需要解压、签名、重新压缩 -cp /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.gz -gzip -d vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.gz -pesign -n certdb -c sm2 -s -i vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 -o vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed -d sm3 -gzip vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed -cp vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed.gz /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 -# x86架构 -pesign -n certdb -c sm2 -s -i /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64 -o vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64.signed -d sm3 -cp vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64.signed /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64 -``` - -4. 检查签名信息,以shim和grub为例: - -```shell -pesign -S -i /boot/efi/EFI/openEuler/grubaa64.efi -pesign -S -i /boot/efi/EFI/openEuler/shimaa64.efi -``` - -## 安全启动 - -进入BIOS,导入shim组件的签名证书,并开启安全启动选项。不同的BIOS操作方法不同,以鲲鹏2280 v2服务器为例: - -1. 将签名shim组件的RSA证书放入/boot/efi/EFI/openEuler目录下: - -```shell -cp rsa.der /boot/efi/EFI/openEuler -``` - -2. 重启系统; - -3. 进入BIOS配置界面开启安全启动,配置路径: - -```shell -Setup->安全->安全启动->启用 -``` - -4. 配置安全启动为自定义模式,配置路径: - -```shell -Setup->安全->安全启动证书配置->安全启动模式->自定义模式 -``` - -5. 导入安全启动证书,配置路径: - -```shell -Setup->安全->安全启动证书配置->安全启动自定义模式相关选项->DB相关选项->导入签名->通过文件添加签名->选择rsa.der->保存并退出 -``` - -6. 保存配置后重启系统,系统启动成功,查询安全启动状态为开启: - -```shell -mokutil --sb-state -SecureBoot enabled -``` +# 安全启动 + +安全启动是UEFI规范的标准功能,通过对系统启动中的各个组件进行逐级签名验证,实现启动过程的完整性和真实性保证。Linux系统的UEFI安全启动主要包括以下三个流程: + +1. BIOS通过内置证书验证shim组件的签名信息; +2. shim组件通过内置证书验证grub组件的签名信息; +3. grub组件通过shim组件提供的接口验证kernel组件的签名信息。 + +openEuler对EFI签名工具(pesign及其算法库nss)和shim进行了商密算法扩展支持,即支持使用SM3算法进行EFI文件的哈希计算,使用SM2数字签名算法进行EFI文件的签名/验签,从而建立基于商密算法的操作系统启动安全保障。 + +## 约束限制 + +- openEuler shim组件支持商密安全启动,即支持shim验签grub,grub验签kernel流程。shim组件的验签依赖BIOS支持; +- 需要基于支持UEFI安全启动的arm64/x86物理机运行; +- pesign工具最多支持二级证书签名; +- pesign工具当前仅支持生成签名,不支持验证签名。 + +## 前置条件 + +1. 系统中安装下列软件包且高于指定版本: + +```shell +openssl-1.1.1m-15.oe2203.aarch64 +nss-3.72.0-4.oe2203.aarch64 +pesign-115-2.oe2203.aarch64 +shim-15.6-7.oe2203.aarch64 +crypto-policies-20200619-3.git781bbd4.oe2203.noarch +``` + +2. 下载openEuler shim组件源码,注意需要检查spec文件中的版本号大于15.6-7: + +```shell +git clone https://gitee.com/src-openeuler/shim.git -b openEuler-{version} --depth 1 +``` + +3. 安装编译shim组件所需要的软件包: + +```shell +yum install elfutils-libelf-devel gcc gnu-efi gnu-efi-devel openssl-devel make git rpm-build +``` + +4. 检查nss是否使能SM3算法,如果未使能则按照如下所示修改: + +```shell +cat /usr/share/crypto-policies/DEFAULT/nss.txt | grep SM3 +config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:chacha20-poly1305:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:SHA224:SHA1:ECDHE-RSA:ECDHE-ECDSA:RSA:DHE-RSA:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1023:DSA-MIN=2048:RSA-MIN=2048:SM3" +``` + +## 生成密钥和证书 + +1. 生成用于签名shim组件的密钥和证书,shim组件由BIOS校验签名,由于当前大部分BIOS不支持商密算法,此处选择使用RSA算法,如支持商密算法,可按照步骤2生成SM2密钥和证书: + +```shell +openssl genrsa -out rsa.key 4096 +openssl req -new -key rsa.key -out rsa.csr -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=secure boot BIOS' +openssl x509 -req -days 365 -in rsa.csr -signkey rsa.key -out rsa.crt +openssl x509 -in rsa.crt -out rsa.der -outform der +``` + +2. 生成用签名grub和kernel组件的SM2密钥和证书: + +```shell +openssl ecparam -genkey -name SM2 -out sm2.key +openssl req -new -sm3 -key sm2.key -out sm2.csr -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=secure boot shim' +openssl x509 -req -days 3650 -signkey sm2.key -in sm2.csr -out sm2.crt +openssl x509 -in sm2.crt -out sm2.der -outform der +``` + +3. 建立NSS数据库,并将以上两步骤生成的密钥和证书导入NSS数据库: + +```shell +# NSS数据库以目录形式组织,存放位置可自定义 +mkdir certdb +certutil -N -d certdb +# 将SM2证书和RSA证书导入NSS数据库,分别命名为sm2和rsa +certutil -A -n sm2 -d certdb -t CT,CT,CT -i sm2.crt +certutil -A -n rsa -d certdb -t CT,CT,CT -i rsa.crt +# 将SM2密钥和RSA密钥导入NSS数据库,需要先打包成pkcs12文件 +openssl pkcs12 -export -out rsa.p12 -inkey rsa.key -in rsa.crt +openssl pkcs12 -export -out sm2.p12 -inkey sm2.key -in sm2.crt +pk12util -d certdb -i rsa.p12 +pk12util -d certdb -i sm2.p12 +``` + +## 编译shim组件 + +1. 进入shim源码目录,修改shim.spec中的配置变量,开启商密算法支持,并指定内置SM2证书: + +```shell +%global enable_sm 1 +%global vendor_cert /path/to/sm2.der +``` + +2. 编译shim软件包: + +```shell +rpmbuild -ba shim.spec --define "_sourcedir $PWD" +``` + +3. 安装编译完成的shim软件包: + +```shell +rpm -Uvh ~/rpmbuild/RPMS/aarch64/shim-xxx.rpm +``` + +## UEFI文件商密签名 + +1. 使用RSA密钥和证书签名shim组件并替换: + +```shell +# arm64架构 +pesign -n certdb -c rsa -s -i /boot/efi/EFI/openEuler/shimaa64.efi -o shimaa64.efi.signed +cp shimaa64.efi.signed /boot/efi/EFI/openEuler/shimaa64.efi +# x86架构 +pesign -n certdb -c rsa -s -i /boot/efi/EFI/openEuler/shimx64.efi -o shimx64.efi.signed +cp shimx64.efi.signed /boot/efi/EFI/openEuler/shimx64.efi +``` + +2. 使用SM2密钥和证书签名grub组件并替换: + +```shell +# arm64架构 +pesign -n certdb -c sm2 -s -i /boot/efi/EFI/openEuler/grubaa64.efi -o grubaa64.efi.signed -d sm3 +cp grubaa64.efi.signed /boot/efi/EFI/openEuler/grubaa64.efi +# x86架构 +pesign -n certdb -c sm2 -s -i /boot/efi/EFI/openEuler/grubx64.efi -o grubx64.efi.signed -d sm3 +cp grubx64.efi.signed /boot/efi/EFI/openEuler/grubx64.efi +``` + +3. 使用SM2密钥和证书签名kernel组件并替换(注意文件名包含实际的版本号): + +```shell +# arm64架构,需要解压、签名、重新压缩 +cp /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.gz +gzip -d vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.gz +pesign -n certdb -c sm2 -s -i vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 -o vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed -d sm3 +gzip vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed +cp vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64.signed.gz /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.aarch64 +# x86架构 +pesign -n certdb -c sm2 -s -i /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64 -o vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64.signed -d sm3 +cp vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64.signed /boot/vmlinuz-5.10.0-126.0.0.66.oe2203.x86_64 +``` + +4. 检查签名信息,以shim和grub为例: + +```shell +pesign -S -i /boot/efi/EFI/openEuler/grubaa64.efi +pesign -S -i /boot/efi/EFI/openEuler/shimaa64.efi +``` + +## 安全启动 + +进入BIOS,导入shim组件的签名证书,并开启安全启动选项。不同的BIOS操作方法不同,以鲲鹏2280 v2服务器为例: + +1. 将签名shim组件的RSA证书放入/boot/efi/EFI/openEuler目录下: + +```shell +cp rsa.der /boot/efi/EFI/openEuler +``` + +2. 重启系统; + +3. 进入BIOS配置界面开启安全启动,配置路径: + +```shell +Setup->安全->安全启动->启用 +``` + +4. 配置安全启动为自定义模式,配置路径: + +```shell +Setup->安全->安全启动证书配置->安全启动模式->自定义模式 +``` + +5. 导入安全启动证书,配置路径: + +```shell +Setup->安全->安全启动证书配置->安全启动自定义模式相关选项->DB相关选项->导入签名->通过文件添加签名->选择rsa.der->保存并退出 +``` + +6. 保存配置后重启系统,系统启动成功,查询安全启动状态为开启: + +```shell +mokutil --sb-state +SecureBoot enabled +``` diff --git "a/docs/zh/docs/ShangMi/SSH\345\215\217\350\256\256\346\240\210.md" b/docs/zh/docs/server/security/shangmi/ssh-stack.md similarity index 98% rename from "docs/zh/docs/ShangMi/SSH\345\215\217\350\256\256\346\240\210.md" rename to docs/zh/docs/server/security/shangmi/ssh-stack.md index b906fe6938d251f6113acda89b8db99692000d91..5b0c9f637d22351b26132bf2b6b5e9703ec37a5f 100644 --- "a/docs/zh/docs/ShangMi/SSH\345\215\217\350\256\256\346\240\210.md" +++ b/docs/zh/docs/server/security/shangmi/ssh-stack.md @@ -1,52 +1,52 @@ -# SSH协议栈 - -## 概述 - -openSSH组件是以C语言的openSSL的libcrypto为基础,实现的安全外壳协议(Secure Shell)组件。主要功能为远程登录系统,保证非安全网络环境中信息加密完整可靠。openEuler提供的SSH的服务端和客户端配置项中涉及密钥交换、公钥认证、对称加密和完整性认证的配置参数取值可以选择为商密算法套件(包含SM2/3/4算法)。 - -## 前置条件 - -openssh大于等于8.8p1-5版本: - -``` -$ rpm -qa | grep openssh -openssh-8.8p1-5.oe2209.x86_64 -openssh-server-8.8p1-5.oe2209.x86_64 -openssh-clients-8.8p1-5.oe2209.x86_64 -``` - -## 如何使用 - -### 场景1:用户远程登录 - -1. 客户端调用ssh-keygen生成用户密钥,默认保存为“\~/.ssh/id_sm2”和“\~/.ssh/id_sm2.pub”,将“\~/.ssh/id_sm2.pub”发送给服务端(也可使用ssh-copy-id命令发送): - -``` -$ ssh-keygen -t sm2 -m PEM -``` - -2. 服务端调用ssh-keygen生成主机密钥,并将客户端发送的公钥加入授权密钥文件列表(如使用ssh-copy-id命令传输,则会自动写入): - -``` -$ ssh-keygen -t sm2 -m PEM -f /etc/ssh/ssh_host_sm2_key -$ cat /path/to/id_sm2.pub >> ~/.ssh/authorized_keys -``` - -3. 修改配置文件,配置支持商密算法登录。服务端的配置文件路径为/etc/ssh/sshd_config,客户端配置文件路径为/etc/ssh/ssh_config。可配置的商密参数如下表: - -| 配置项含义 | 配置项参数 | 配置项参数的商密取值 | -|---------------------|------------------------|---------------| -| HostKey | 主机密钥公钥认证密钥 | /etc/ssh/ssh_host_sm2_key | -| HostKeyAlgorithms | 主机密钥公钥认证算法 | sm2 | -| KexAlgorithms | 密钥交换算法 | sm2-sm3 | -| Ciphers | 对称加密算法 | sm4-ctr | -| MACs | 完整性校验算法 | hmac-sm3 | -| PubkeyAcceptedKeyTypes | 用户公钥认证算法 | sm2 | -| IdentityFile | 用户公钥认证密钥 | ~/.ssh/id_sm2 | -| FingerprintHash | 打印密钥指纹使用的哈希算法 | sm3 | - -4. 客户端配置商密算法完成登录。客户端可以使用命令行方式或者修改配置文件(默认配置文件路径为/etc/ssh/ssh_config)的方式使能商密算法套件。使用命令行登录方式如下: - -``` -ssh -o PreferredAuthentications=publickey -o HostKeyAlgorithms=sm2 -o PubkeyAcceptedKeyTypes=sm2 -o Ciphers=sm4-ctr -o MACs=hmac-sm3 -o KexAlgorithms=sm2-sm3 -i ~/.ssh/id_sm2 [remote-ip] -``` +# SSH协议栈 + +## 概述 + +openSSH组件是以C语言的openSSL的libcrypto为基础,实现的安全外壳协议(Secure Shell)组件。主要功能为远程登录系统,保证非安全网络环境中信息加密完整可靠。openEuler提供的SSH的服务端和客户端配置项中涉及密钥交换、公钥认证、对称加密和完整性认证的配置参数取值可以选择为商密算法套件(包含SM2/3/4算法)。 + +## 前置条件 + +openssh大于等于8.8p1-5版本: + +``` +$ rpm -qa | grep openssh +openssh-8.8p1-5.oe2209.x86_64 +openssh-server-8.8p1-5.oe2209.x86_64 +openssh-clients-8.8p1-5.oe2209.x86_64 +``` + +## 如何使用 + +### 场景1:用户远程登录 + +1. 客户端调用ssh-keygen生成用户密钥,默认保存为“\~/.ssh/id_sm2”和“\~/.ssh/id_sm2.pub”,将“\~/.ssh/id_sm2.pub”发送给服务端(也可使用ssh-copy-id命令发送): + +``` +$ ssh-keygen -t sm2 -m PEM +``` + +2. 服务端调用ssh-keygen生成主机密钥,并将客户端发送的公钥加入授权密钥文件列表(如使用ssh-copy-id命令传输,则会自动写入): + +``` +$ ssh-keygen -t sm2 -m PEM -f /etc/ssh/ssh_host_sm2_key +$ cat /path/to/id_sm2.pub >> ~/.ssh/authorized_keys +``` + +3. 修改配置文件,配置支持商密算法登录。服务端的配置文件路径为/etc/ssh/sshd_config,客户端配置文件路径为/etc/ssh/ssh_config。可配置的商密参数如下表: + +| 配置项含义 | 配置项参数 | 配置项参数的商密取值 | +|---------------------|------------------------|---------------| +| HostKey | 主机密钥公钥认证密钥 | /etc/ssh/ssh_host_sm2_key | +| HostKeyAlgorithms | 主机密钥公钥认证算法 | sm2 | +| KexAlgorithms | 密钥交换算法 | sm2-sm3 | +| Ciphers | 对称加密算法 | sm4-ctr | +| MACs | 完整性校验算法 | hmac-sm3 | +| PubkeyAcceptedKeyTypes | 用户公钥认证算法 | sm2 | +| IdentityFile | 用户公钥认证密钥 | ~/.ssh/id_sm2 | +| FingerprintHash | 打印密钥指纹使用的哈希算法 | sm3 | + +4. 客户端配置商密算法完成登录。客户端可以使用命令行方式或者修改配置文件(默认配置文件路径为/etc/ssh/ssh_config)的方式使能商密算法套件。使用命令行登录方式如下: + +``` +ssh -o PreferredAuthentications=publickey -o HostKeyAlgorithms=sm2 -o PubkeyAcceptedKeyTypes=sm2 -o Ciphers=sm4-ctr -o MACs=hmac-sm3 -o KexAlgorithms=sm2-sm3 -i ~/.ssh/id_sm2 [remote-ip] +``` diff --git "a/docs/zh/docs/ShangMi/TLCP\345\215\217\350\256\256\346\240\210.md" b/docs/zh/docs/server/security/shangmi/tlcp-stack.md similarity index 97% rename from "docs/zh/docs/ShangMi/TLCP\345\215\217\350\256\256\346\240\210.md" rename to docs/zh/docs/server/security/shangmi/tlcp-stack.md index 06b846c821088154f57a50b5c2f262535d6d723c..8dc81159d567ff619417add44389fd07bec4efa1 100644 --- "a/docs/zh/docs/ShangMi/TLCP\345\215\217\350\256\256\346\240\210.md" +++ b/docs/zh/docs/server/security/shangmi/tlcp-stack.md @@ -1,521 +1,521 @@ -# TLCP协议栈 - -## 概述 - -TLCP是指符合《GB/T38636 2020信息安全技术 传输层密码协议(TLCP)》的安全通信协议,其特点是采用加密证书/私钥和签名证书/私钥相分离的方式。openEuler 发布的openSSL软件在开源版本的基础上增加了对商密TLCP协议的支持,提供了如下主要的功能: - -- 新增对TLCP商密双证书加载的支持; -- 新增对ECC_SM4_CBC_SM3和ECDHE_SM4_CBC_SM3算法套件的支持; -- 新增对SM2证书的支持。 - -## 前置条件 - -openEuler操作系统安装的openSSL软件版本号大于1.1.1m-4: - -``` -$ rpm -qa openssl -openssl-1.1.1m-6.oe2209.x86_64 -``` -注意:当前仅openssl 1.1.1支持TLCP协议栈,openssl 3.x版本暂未支持。 - -## 如何使用 - -### 场景1:生成SM2双证书 - -根据TLCP协议标准,通信过程需要两本证书:签名证书和加密证书。签名证书在认证过程使用,作用是验证身份;加密证书在密钥协商时使用,作用是数据加密。CA是证书认证机构(Certificate Authority)的缩写。CSR证书请求文件得到CA的签发后才可形成证书。下面是一个参考案例,介绍使用自签名的CA证书来签发实体证书: - -1. 准备生成证书所需要使用的配置文件openssl.cnf,参考的内容如下(基于openssl源码apps/openssl.cnf修改): - -``` -# This definition stops the following lines choking if HOME isn't -# defined. -HOME = . - -# Extra OBJECT IDENTIFIER info: -#oid_file = $ENV::HOME/.oid -oid_section = new_oids - -# To use this configuration file with the "-extfile" option of the -# "openssl x509" utility, name here the section containing the -# X.509v3 extensions to use: -# extensions = -# (Alternatively, use a configuration file that has only -# X.509v3 extensions in its main [= default] section.) - -[ new_oids ] - -# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. -# Add a simple OID like this: -# testoid1=1.2.3.4 -# Or use config file substitution like this: -# testoid2=${testoid1}.5.6 - -# Policies used by the TSA examples. -tsa_policy1 = 1.2.3.4.1 -tsa_policy2 = 1.2.3.4.5.6 -tsa_policy3 = 1.2.3.4.5.7 - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -#unique_subject = no # Set to 'no' to allow creation of - # several certs with same subject. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -crlnumber = $dir/crlnumber # the current crl number - # must be commented out to leave a V1 CRL -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/cakey.pem# The private key - -x509_extensions = usr_cert # The extensions to add to the cert - -# Comment out the following two lines for the "traditional" -# (and highly broken) format. -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options - -# Extension copying option: use with caution. -# copy_extensions = copy - -# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs -# so this is commented out by default to leave a V1 CRL. -# crlnumber must also be commented out to leave a V1 CRL. -# crl_extensions = crl_ext - -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = default # use public key default MD -preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_match - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -x509_extensions = v3_ca # The extensions to add to the self signed cert - -# Passwords for private keys if not present they will be prompted for -# input_password = secret -# output_password = secret - -# This sets a mask for permitted string types. There are several options. -# default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString (PKIX recommendation before 2004) -# utf8only: only UTF8Strings (PKIX recommendation after 2004). -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -# MASK:XXXX a literal mask value. -# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. -string_mask = utf8only - -# req_extensions = v3_req # The extensions to add to a certificate request - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = Some-State - -localityName = Locality Name (eg, city) - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = Internet Widgits Pty Ltd - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = World Wide Web Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - -commonName = Common Name (e.g. server FQDN or YOUR name) -commonName_max = 64 - -emailAddress = Email Address -emailAddress_max = 64 - -# SET-ex3 = SET extension number 3 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - -[ usr_cert ] - -# These extensions are added when 'ca' signs a request. - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -# An alternative to produce certificates that aren't -# deprecated according to PKIX. -# subjectAltName=email:move - -# Copy subject details -# issuerAltName=issuer:copy - -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - -# This is required for TSA certificates. -# extendedKeyUsage = critical,timeStamping - -[ v3_req ] - -# Extensions to add to a certificate request - -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature - -[ v3enc_req ] - -# Extensions to add to a certificate request - -basicConstraints = CA:FALSE -keyUsage = keyAgreement, keyEncipherment, dataEncipherment - -[ v3_ca ] - -# Extensions for a typical CA - - -# PKIX recommendation. - -subjectKeyIdentifier=hash - -authorityKeyIdentifier=keyid:always,issuer - -basicConstraints = critical,CA:true - -# Key usage: this is typical for a CA certificate. However since it will -# prevent it being used as an test self-signed certificate it is best -# left out by default. -keyUsage = cRLSign, keyCertSign - -# Some might want this also -# nsCertType = sslCA, emailCA - -# Include email address in subject alt name: another PKIX recommendation -# subjectAltName=email:copy -# Copy issuer details -# issuerAltName=issuer:copy - -# DER hex encoding of an extension: beware experts only! -# obj=DER:02:03 -# Where 'obj' is a standard or added object -# You can even override a supported extension: -# basicConstraints= critical, DER:30:03:01:01:FF - -[ crl_ext ] - -# CRL extensions. -# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. - -# issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always - -[ proxy_cert_ext ] -# These extensions should be added when creating a proxy certificate - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -# An alternative to produce certificates that aren't -# deprecated according to PKIX. -# subjectAltName=email:move - -# Copy subject details -# issuerAltName=issuer:copy - -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - -# This really needs to be in place for it to be a proxy certificate. -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo - -#################################################################### -[ tsa ] - -default_tsa = tsa_config1 # the default TSA section - -[ tsa_config1 ] - -# These are used by the TSA reply generation only. -dir = ./demoCA # TSA root directory -serial = $dir/tsaserial # The current serial number (mandatory) -crypto_device = builtin # OpenSSL engine to use for signing -signer_cert = $dir/tsacert.pem # The TSA signing certificate - # (optional) -certs = $dir/cacert.pem # Certificate chain to include in reply - # (optional) -signer_key = $dir/private/tsakey.pem # The TSA private key (optional) -signer_digest = sha256 # Signing digest to use. (Optional) -default_policy = tsa_policy1 # Policy if request did not specify it - # (optional) -other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) -accuracy = secs:1, millisecs:500, microsecs:100 # (optional) -clock_precision_digits = 0 # number of digits after dot. (optional) -ordering = yes # Is ordering defined for timestamps? - # (optional, default: no) -tsa_name = yes # Must the TSA name be included in the reply? - # (optional, default: no) -ess_cert_id_chain = no # Must the ESS cert id chain be included? - # (optional, default: no) -ess_cert_id_alg = sha1 # algorithm to compute certificate - # identifier (optional, default: sha1) -``` - -2. 生成自签名CA证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.9及以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): - -``` -openssl ecparam -name SM2 -out SM2.pem -openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=root ca' -keyout CA.key -newkey ec:SM2.pem -new -out CA.csr -openssl x509 -sm3 -req -days 30 -in CA.csr -extfile ./openssl.cnf -extensions v3_ca -signkey CA.key -out CA.crt -``` - -3. 生成服务端签名证书和加密证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.9及以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): - -``` -openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=server sign' -keyout SS.key -newkey ec:SM2.pem -new -out SS.csr -openssl x509 -sm3 -req -days 30 -in SS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out SS.crt -CAcreateserial -openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=server enc' -keyout SE.key -newkey ec:SM2.pem -new -out SE.csr -openssl x509 -sm3 -req -days 30 -in SE.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3enc_req -out SE.crt -CAcreateserial -``` - -4. 生成客户端签名证书和加密证书: - -``` -openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=client sign' -keyout CS.key -newkey ec:SM2.pem -new -out CS.csr -openssl x509 -sm3 -req -days 30 -in CS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out CS.crt -CAcreateserial -openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=client enc' -keyout CE.key -newkey ec:SM2.pem -new -out CE.csr -openssl x509 -sm3 -req -days 30 -in CE.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3enc_req -out CE.crt -CAcreateserial -``` - -### 场景2:使用openSSL命令行验证TLCP协议栈 - -openSSL中提供的s_server/s_client工具可以用来测试TLCP协议: -``` -# 开启服务端 -openssl s_server -verify 5 -accept 4433 \ - -cert SS.crt \ - -key SS.key \ - -dcert SE.crt \ - -dkey SE.key \ - -CAfile CA.crt - -# 开启客户端 -openssl s_client -verify 5 -connect 127.0.0.1:4433 \ - -cert CS.crt \ - -key CS.key \ - -dcert CE.crt \ - -dkey CE.key \ - -CAfile CA.crt -tlcp -``` - -### 场景3:openSSL API使用 - -服务端参考代码: - -``` -int main() { - // 变量定义 - SSL_CTX *ctx = NULL; - const char *sign_cert_file = "SS.crt"; - const char *sign_key_file = "SS.key"; - const char *enc_cert_file = "SE.crt"; - const char *enc_key_file = "SE.key"; - - // 生成上下文 - ctx = SSL_CTX_new(TLS_server_method()); - - // 加载签名证书,加密证书及其私钥 - if (!SSL_CTX_use_gm_certificate_file(ctx, sign_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) - goto err; - - if (!SSL_CTX_use_gm_PrivateKey_file(ctx, sign_key_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) - goto err; - - if (!SSL_CTX_use_gm_certificate_file(ctx, enc_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) - goto err; - - if (!SSL_CTX_use_gm_PrivateKey_file(ctx, enc_key_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) - goto err; - - SSL_CTX_set_options(ctx, SSL_OP_ENCCERT_SECOND_POSITION); - - // 后续同标准tls流程 - SSL *ssl = SSL_new(ctx); -} -``` - -客户端参考代码: -``` -int main() { - // 变量定义 - SSL_CTX *ctx = NULL; - const char *sign_cert_file = "CS.crt"; - const char *sign_key_file = "CS.key"; - const char *enc_cert_file = "CE.crt"; - const char *enc_key_file = "CE.key"; - - // 生成上下文 - ctx = SSL_CTX_new(TLCP_client_method()); - - // 加载签名证书,加密证书及其私钥 - if (!SSL_CTX_use_gm_certificate_file(ctx, sign_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) - goto err; - - if (!SSL_CTX_use_gm_PrivateKey_file(ctx, sign_key_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) - goto err; - - if (!SSL_CTX_use_gm_certificate_file(ctx, enc_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) - goto err; - - if (!SSL_CTX_use_gm_PrivateKey_file(ctx, enc_key_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) - goto err; - - // 设置算法套件为ECC-SM4-CBC-SM3或者ECDHE-SM4-CBC-SM3 - // 这一步并不强制编写,默认ECC-SM4-CBC-SM3优先 - if(SSL_CTX_set_cipher_list(ctx, "ECC-SM4-CBC-SM3") <= 0) - goto err; - - // 后续同标准tls流程 - SSL *ssl = SSL_new(ctx); -} -``` - -# KTLS卸载 - -## 概述 - -Linux内核协议栈仅实现了TCP/IP模型,并不支持SSL/TLS会话层协议。目前TLS加解密一般由用户态来实现。但在部分场景下,如内核sendfile发送文件,会产生多次跨态拷贝导致性能开销。因此内核实现了KTLS,即支持对socket配置加密上下文,从而将数据加密过程卸载到内核态或下层硬件实现。 - -openEuler 5.10内核的KTLS特性提供了对商密算法的支持,目前支持SM4-GCM和SM4-CCM两种算法。 - -## 前置条件 - -内核大于或等于5.10.0-106版本: - -``` -# rpm -qa kernel -kernel-5.10.0-106.1.0.55.oe2209.x86_64 -``` - -## 如何使用 - -商密算法的调用和其他相同类型的加密算法调用方法一致,可参考Linux内核文档: - -``` -https://www.kernel.org/doc/html/v5.10/networking/tls.html +# TLCP协议栈 + +## 概述 + +TLCP是指符合《GB/T38636 2020信息安全技术 传输层密码协议(TLCP)》的安全通信协议,其特点是采用加密证书/私钥和签名证书/私钥相分离的方式。openEuler 发布的openSSL软件在开源版本的基础上增加了对商密TLCP协议的支持,提供了如下主要的功能: + +- 新增对TLCP商密双证书加载的支持; +- 新增对ECC_SM4_CBC_SM3和ECDHE_SM4_CBC_SM3算法套件的支持; +- 新增对SM2证书的支持。 + +## 前置条件 + +openEuler操作系统安装的openSSL软件版本号大于1.1.1m-4: + +``` +$ rpm -qa openssl +openssl-1.1.1m-6.oe2209.x86_64 +``` +注意:当前仅openssl 1.1.1支持TLCP协议栈,openssl 3.x版本暂未支持。 + +## 如何使用 + +### 场景1:生成SM2双证书 + +根据TLCP协议标准,通信过程需要两本证书:签名证书和加密证书。签名证书在认证过程使用,作用是验证身份;加密证书在密钥协商时使用,作用是数据加密。CA是证书认证机构(Certificate Authority)的缩写。CSR证书请求文件得到CA的签发后才可形成证书。下面是一个参考案例,介绍使用自签名的CA证书来签发实体证书: + +1. 准备生成证书所需要使用的配置文件openssl.cnf,参考的内容如下(基于openssl源码apps/openssl.cnf修改): + +``` +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature + +[ v3enc_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = keyAgreement, keyEncipherment, dataEncipherment + +[ v3_ca ] + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) +``` + +2. 生成自签名CA证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.9及以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): + +``` +openssl ecparam -name SM2 -out SM2.pem +openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=root ca' -keyout CA.key -newkey ec:SM2.pem -new -out CA.csr +openssl x509 -sm3 -req -days 30 -in CA.csr -extfile ./openssl.cnf -extensions v3_ca -signkey CA.key -out CA.crt +``` + +3. 生成服务端签名证书和加密证书(下列命令为使用openSSL 1.1.1版本的场景,如使用openSSL 3.0.9及以上的版本,*openssl req*命令中的*-newkey*参数需要替换为*sm2:SM2.pem*): + +``` +openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=server sign' -keyout SS.key -newkey ec:SM2.pem -new -out SS.csr +openssl x509 -sm3 -req -days 30 -in SS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out SS.crt -CAcreateserial +openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=server enc' -keyout SE.key -newkey ec:SM2.pem -new -out SE.csr +openssl x509 -sm3 -req -days 30 -in SE.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3enc_req -out SE.crt -CAcreateserial +``` + +4. 生成客户端签名证书和加密证书: + +``` +openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=client sign' -keyout CS.key -newkey ec:SM2.pem -new -out CS.csr +openssl x509 -sm3 -req -days 30 -in CS.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3_req -out CS.crt -CAcreateserial +openssl req -config ./openssl.cnf -nodes -subj '/C=AA/ST=BB/O=CC/OU=DD/CN=client enc' -keyout CE.key -newkey ec:SM2.pem -new -out CE.csr +openssl x509 -sm3 -req -days 30 -in CE.csr -CA CA.crt -CAkey CA.key -extfile ./openssl.cnf -extensions v3enc_req -out CE.crt -CAcreateserial +``` + +### 场景2:使用openSSL命令行验证TLCP协议栈 + +openSSL中提供的s_server/s_client工具可以用来测试TLCP协议: +``` +# 开启服务端 +openssl s_server -verify 5 -accept 4433 \ + -cert SS.crt \ + -key SS.key \ + -dcert SE.crt \ + -dkey SE.key \ + -CAfile CA.crt + +# 开启客户端 +openssl s_client -verify 5 -connect 127.0.0.1:4433 \ + -cert CS.crt \ + -key CS.key \ + -dcert CE.crt \ + -dkey CE.key \ + -CAfile CA.crt -tlcp +``` + +### 场景3:openSSL API使用 + +服务端参考代码: + +``` +int main() { + // 变量定义 + SSL_CTX *ctx = NULL; + const char *sign_cert_file = "SS.crt"; + const char *sign_key_file = "SS.key"; + const char *enc_cert_file = "SE.crt"; + const char *enc_key_file = "SE.key"; + + // 生成上下文 + ctx = SSL_CTX_new(TLS_server_method()); + + // 加载签名证书,加密证书及其私钥 + if (!SSL_CTX_use_gm_certificate_file(ctx, sign_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, sign_key_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_certificate_file(ctx, enc_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, enc_key_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + SSL_CTX_set_options(ctx, SSL_OP_ENCCERT_SECOND_POSITION); + + // 后续同标准tls流程 + SSL *ssl = SSL_new(ctx); +} +``` + +客户端参考代码: +``` +int main() { + // 变量定义 + SSL_CTX *ctx = NULL; + const char *sign_cert_file = "CS.crt"; + const char *sign_key_file = "CS.key"; + const char *enc_cert_file = "CE.crt"; + const char *enc_key_file = "CE.key"; + + // 生成上下文 + ctx = SSL_CTX_new(TLCP_client_method()); + + // 加载签名证书,加密证书及其私钥 + if (!SSL_CTX_use_gm_certificate_file(ctx, sign_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, sign_key_file, SSL_FILETYPE_PEM, SSL_USAGE_SIG)) + goto err; + + if (!SSL_CTX_use_gm_certificate_file(ctx, enc_cert_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + if (!SSL_CTX_use_gm_PrivateKey_file(ctx, enc_key_file, SSL_FILETYPE_PEM, SSL_USAGE_ENC)) + goto err; + + // 设置算法套件为ECC-SM4-CBC-SM3或者ECDHE-SM4-CBC-SM3 + // 这一步并不强制编写,默认ECC-SM4-CBC-SM3优先 + if(SSL_CTX_set_cipher_list(ctx, "ECC-SM4-CBC-SM3") <= 0) + goto err; + + // 后续同标准tls流程 + SSL *ssl = SSL_new(ctx); +} +``` + +# KTLS卸载 + +## 概述 + +Linux内核协议栈仅实现了TCP/IP模型,并不支持SSL/TLS会话层协议。目前TLS加解密一般由用户态来实现。但在部分场景下,如内核sendfile发送文件,会产生多次跨态拷贝导致性能开销。因此内核实现了KTLS,即支持对socket配置加密上下文,从而将数据加密过程卸载到内核态或下层硬件实现。 + +openEuler 5.10内核的KTLS特性提供了对商密算法的支持,目前支持SM4-GCM和SM4-CCM两种算法。 + +## 前置条件 + +内核大于或等于5.10.0-106版本: + +``` +# rpm -qa kernel +kernel-5.10.0-106.1.0.55.oe2209.x86_64 +``` + +## 如何使用 + +商密算法的调用和其他相同类型的加密算法调用方法一致,可参考Linux内核文档: + +``` +https://www.kernel.org/doc/html/v5.10/networking/tls.html ``` \ No newline at end of file diff --git "a/docs/zh/docs/ShangMi/\347\224\250\346\210\267\350\272\253\344\273\275\351\211\264\345\210\253.md" b/docs/zh/docs/server/security/shangmi/user-identity-authentication.md similarity index 97% rename from "docs/zh/docs/ShangMi/\347\224\250\346\210\267\350\272\253\344\273\275\351\211\264\345\210\253.md" rename to docs/zh/docs/server/security/shangmi/user-identity-authentication.md index 55578d4007a9557f1451c1918c25d21a6ea413a1..06c0d358558c8643af68275e61e17c3e924f72bd 100644 --- "a/docs/zh/docs/ShangMi/\347\224\250\346\210\267\350\272\253\344\273\275\351\211\264\345\210\253.md" +++ b/docs/zh/docs/server/security/shangmi/user-identity-authentication.md @@ -1,131 +1,131 @@ -# 用户身份鉴别 - -操作系统通常使用口令的机制完成用户身份鉴别,openEuler提供了PAM、passwd、shadow、libuser等用户口令管理组件。用户口令在设置完成后,需要进行加密存储,通常使用哈希算法进行加密。openEuler提供的用户口令管理组件新增了对商密SM3的支持。 - -## PAM配置用户口令加密 - -### 概述 - -PAM是系统的可插拔认证模块,为上层应用提供认证机制。openEuler发布的PAM新增了对SM3算法用户口令加密的支持。 - -### 前置条件 - -1. PAM软件包大于或等于1.5.2-2版本: - - ```sh - $ rpm -qa pam - pam-1.5.2-2.oe2209.x86_64 - ``` - -2. libxcrypt软件包大于或等于4.4.26-2版本: - - ```sh - $ rpm -qa libxcrypt - pam-4.4.26-2.oe2209.x86_64 - ``` - -### 如何使用 - -1. 修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件,找到文件中“password sufficient pam_unix.so”开头的行,修改该行中算法字段为sm3: - - ```sh - $ cat /etc/pam.d/password-auth - ...... - password sufficient pam_unix.so sm3 shadow nullok try_first_pass use_authtok - ...... - - $ cat /etc/pam.d/system-auth - ...... - password sufficient pam_unix.so sm3 shadow nullok try_first_pass use_authtok - ...... - ``` - -2. 修改配置之后通过passwd命令修改密码或新增用户创建的密码,会使用sm3算法加密,加密结果以sm3开头存储在/etc/shadow中: - - ```sh - $ passwd testuser - Changing password for user testuser. - New password: - Retype new password: - passwd: all authentication tokens updated successfully. - $ cat /etc/shadow | grep testuser - testuser:$sm3$wnY86eyUlB5946gU$99LlMr0ddeZNDqnB2KRxn9f30SFCCvMv1WN1cFdsKJ2:19219:0:90:7:35:: - ``` - -### 注意事项 - -1. PAM配置默认使用sha512算法,修改配置使用商密SM3算法后,对已存在的用户密码无影响,需要修改密码才能更新密码算法; -2. 若PAM和libxcrypt要降级到非商密版本,并且已存在帐户密码使用SM3算法加密,则需先修改配 - 置为非商密算法,再修改帐号密码,再降级到非商密版本,否则这些帐户将无法正常登录。 - -## shadow配置用户口令加密 - -### 概述 - -shadow是Linux系统中常用的用户管理组件,提供了chpasswd、chgpasswd与newusers等命令。openEuler提供的shadow组件新增了对商密算法SM3的支持,以便在用户管理时使用SM3加密算法。因为shadow默认使用PAM安全认证机制,因此该组件支持商密算法只影响chpasswd与chgpasswd命令。 - -### 前置条件 - -shadow大于或等于4.9-4版本: - -```sh -$ rpm -qa shadow -shadow-4.9-4.oe2209.x86_64 -``` - -### 如何使用 - -1. chpasswd默认使用pam配置,通过-c指定SM3算法,会以SM3算法加密,加密结果以sm3开头存储在/etc/shadow中: - - ```sh - $ echo testuser:testPassword |chpasswd -c SM3 - $ cat /etc/shadow | grep testuser - testuser:$sm3$moojQQeBfdGOrL14$NqjckLHlk3ICs1cx.0rKZwRHafjVlqksdSJqfx9eYh6:19220:0:99999:7::: - ``` - -2. chgpasswd默认使用pam配置,通过-c指定SM3算法,会以SM3算法加密,加密结果以sm3开头存储在/etc/shadow中: - - ```sh - $ echo testGroup:testPassword |chpasswd -c SM3 - $ cat /etc/gshadow | grep testGroup - testGroup:$sm3$S3h3X6U6KsXg2Gkc$LFCAnKbi6JItarQz4Y/Aq9/hEbEMQXq9nQ4rY1j9BY9:: - ``` - -### 注意事项 - -shadow默认使用PAM安全认证机制,相关命令使用-c参数指定加密算法时,不使用PAM机制。 - -## libuser配置用户口令加密 - -### 概述 - -libuser库实现了一个标准化的接口,用于操作和管理用户和组帐户。该库经过封装,对外提供了命令行接口和python接口,用于管理用户和组。其中涉及用户密码的管理,支持使用des、md5、blowfish、sha256、sha512等算法对用户口令进行加密,openEuler发布的libuser新增了对SM3算法加密支持。 - -### 前置条件 - -libuser大于或等于0.63-3版本: - -```sh -$ rpm -qa libuser -libuser-0.63-3.oe2209.x86_64 -``` - -### 如何使用 - -1. 编辑/etc/libuser.conf,修改[defaults]域crypt_style=sm3: - - ```sh - $ cat /etc/libuser.conf - ...... - [defaults] - crypt_style = sm3 - ...... - ``` - -2. 通过lusermod、lpasswd、luseradd等命令设置用户口令时,口令加密算法默认为sm3。加密结果以sm3开头存储在/etc/shadow中: - - ```sh - # luseradd testuser -P Test@123 - # cat /etc/shadow | grep testuser - testuser:$sm3$1IJtoN6zlBDCiPKC$5oxscBTgiquPAEmZWGNDVqTPrboHJw3fFSohjF6sONB:18862:0:90:7:35:: - ``` +# 用户身份鉴别 + +操作系统通常使用口令的机制完成用户身份鉴别,openEuler提供了PAM、passwd、shadow、libuser等用户口令管理组件。用户口令在设置完成后,需要进行加密存储,通常使用哈希算法进行加密。openEuler提供的用户口令管理组件新增了对商密SM3的支持。 + +## PAM配置用户口令加密 + +### 概述 + +PAM是系统的可插拔认证模块,为上层应用提供认证机制。openEuler发布的PAM新增了对SM3算法用户口令加密的支持。 + +### 前置条件 + +1. PAM软件包大于或等于1.5.2-2版本: + + ```sh + $ rpm -qa pam + pam-1.5.2-2.oe2209.x86_64 + ``` + +2. libxcrypt软件包大于或等于4.4.26-2版本: + + ```sh + $ rpm -qa libxcrypt + pam-4.4.26-2.oe2209.x86_64 + ``` + +### 如何使用 + +1. 修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件,找到文件中“password sufficient pam_unix.so”开头的行,修改该行中算法字段为sm3: + + ```sh + $ cat /etc/pam.d/password-auth + ...... + password sufficient pam_unix.so sm3 shadow nullok try_first_pass use_authtok + ...... + + $ cat /etc/pam.d/system-auth + ...... + password sufficient pam_unix.so sm3 shadow nullok try_first_pass use_authtok + ...... + ``` + +2. 修改配置之后通过passwd命令修改密码或新增用户创建的密码,会使用sm3算法加密,加密结果以sm3开头存储在/etc/shadow中: + + ```sh + $ passwd testuser + Changing password for user testuser. + New password: + Retype new password: + passwd: all authentication tokens updated successfully. + $ cat /etc/shadow | grep testuser + testuser:$sm3$wnY86eyUlB5946gU$99LlMr0ddeZNDqnB2KRxn9f30SFCCvMv1WN1cFdsKJ2:19219:0:90:7:35:: + ``` + +### 注意事项 + +1. PAM配置默认使用sha512算法,修改配置使用商密SM3算法后,对已存在的用户密码无影响,需要修改密码才能更新密码算法; +2. 若PAM和libxcrypt要降级到非商密版本,并且已存在帐户密码使用SM3算法加密,则需先修改配 + 置为非商密算法,再修改帐号密码,再降级到非商密版本,否则这些帐户将无法正常登录。 + +## shadow配置用户口令加密 + +### 概述 + +shadow是Linux系统中常用的用户管理组件,提供了chpasswd、chgpasswd与newusers等命令。openEuler提供的shadow组件新增了对商密算法SM3的支持,以便在用户管理时使用SM3加密算法。因为shadow默认使用PAM安全认证机制,因此该组件支持商密算法只影响chpasswd与chgpasswd命令。 + +### 前置条件 + +shadow大于或等于4.9-4版本: + +```sh +$ rpm -qa shadow +shadow-4.9-4.oe2209.x86_64 +``` + +### 如何使用 + +1. chpasswd默认使用pam配置,通过-c指定SM3算法,会以SM3算法加密,加密结果以sm3开头存储在/etc/shadow中: + + ```sh + $ echo testuser:testPassword |chpasswd -c SM3 + $ cat /etc/shadow | grep testuser + testuser:$sm3$moojQQeBfdGOrL14$NqjckLHlk3ICs1cx.0rKZwRHafjVlqksdSJqfx9eYh6:19220:0:99999:7::: + ``` + +2. chgpasswd默认使用pam配置,通过-c指定SM3算法,会以SM3算法加密,加密结果以sm3开头存储在/etc/shadow中: + + ```sh + $ echo testGroup:testPassword |chpasswd -c SM3 + $ cat /etc/gshadow | grep testGroup + testGroup:$sm3$S3h3X6U6KsXg2Gkc$LFCAnKbi6JItarQz4Y/Aq9/hEbEMQXq9nQ4rY1j9BY9:: + ``` + +### 注意事项 + +shadow默认使用PAM安全认证机制,相关命令使用-c参数指定加密算法时,不使用PAM机制。 + +## libuser配置用户口令加密 + +### 概述 + +libuser库实现了一个标准化的接口,用于操作和管理用户和组帐户。该库经过封装,对外提供了命令行接口和python接口,用于管理用户和组。其中涉及用户密码的管理,支持使用des、md5、blowfish、sha256、sha512等算法对用户口令进行加密,openEuler发布的libuser新增了对SM3算法加密支持。 + +### 前置条件 + +libuser大于或等于0.63-3版本: + +```sh +$ rpm -qa libuser +libuser-0.63-3.oe2209.x86_64 +``` + +### 如何使用 + +1. 编辑/etc/libuser.conf,修改[defaults]域crypt_style=sm3: + + ```sh + $ cat /etc/libuser.conf + ...... + [defaults] + crypt_style = sm3 + ...... + ``` + +2. 通过lusermod、lpasswd、luseradd等命令设置用户口令时,口令加密算法默认为sm3。加密结果以sm3开头存储在/etc/shadow中: + + ```sh + # luseradd testuser -P Test@123 + # cat /etc/shadow | grep testuser + testuser:$sm3$1IJtoN6zlBDCiPKC$5oxscBTgiquPAEmZWGNDVqTPrboHJw3fFSohjF6sONB:18862:0:90:7:35:: + ``` diff --git a/docs/zh/docs/server/security/trusted_computing/_toc.yaml b/docs/zh/docs/server/security/trusted_computing/_toc.yaml new file mode 100644 index 0000000000000000000000000000000000000000..310f72bf314b1d031eef2032e7c6ec02d5f8f7fd --- /dev/null +++ b/docs/zh/docs/server/security/trusted_computing/_toc.yaml @@ -0,0 +1,18 @@ +label: 可信计算 +isManual: true +description: 介绍可信计算的定义和相关概念 +sections: + - label: 可信计算定义 + href: ./trusted-computing.md + - label: 内核完整性度量(IMA) + href: ./ima.md + - label: 动态完整性度量(DIM) + href: ./dim.md + - label: 远程证明(鲲鹏安全库) + href: ./remote-attestation-kunpeng-security-library.md + - label: 可信平台控制模块(TPCM) + href: ./tpcm.md + - label: 内核可信根框架用户文档 + href: ./kernel-trusted-root-framework.md + - label: 解释器类应用程序完整性保护用户文档 + href: ./interpreter-class-application-integrity-protects.md diff --git "a/docs/zh/docs/Administration/\345\212\250\346\200\201\345\256\214\346\225\264\346\200\247\345\272\246\351\207\217\357\274\210DIM\357\274\211.md" b/docs/zh/docs/server/security/trusted_computing/dim.md similarity index 100% rename from "docs/zh/docs/Administration/\345\212\250\346\200\201\345\256\214\346\225\264\346\200\247\345\272\246\351\207\217\357\274\210DIM\357\274\211.md" rename to docs/zh/docs/server/security/trusted_computing/dim.md diff --git a/docs/zh/docs/server/security/trusted_computing/figures/1665628542704.png b/docs/zh/docs/server/security/trusted_computing/figures/1665628542704.png new file mode 100644 index 0000000000000000000000000000000000000000..58907e0ed31c79b260be80480d4fd4c27e4e2e24 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/1665628542704.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/AT_CHECK_Process.png b/docs/zh/docs/server/security/trusted_computing/figures/AT_CHECK_Process.png new file mode 100644 index 0000000000000000000000000000000000000000..f32d5af3a31c740febf1a4783a1dd0daafacb0df Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/AT_CHECK_Process.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png b/docs/zh/docs/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png b/docs/zh/docs/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png new file mode 100644 index 0000000000000000000000000000000000000000..900cdc07c1f0e844bc48fe2342e83c91a23c24ec Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/PostgreSql_architecture.png b/docs/zh/docs/server/security/trusted_computing/figures/PostgreSql_architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..f780ad9cb56378e7baa3497da68ca1610a6dfadb Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/PostgreSql_architecture.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/Process_Of_EXECVAT_ATCHECK.png b/docs/zh/docs/server/security/trusted_computing/figures/Process_Of_EXECVAT_ATCHECK.png new file mode 100644 index 0000000000000000000000000000000000000000..c8f54fe96648f0c012462073a8cd118fd552483c Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/Process_Of_EXECVAT_ATCHECK.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/RA-arch-1.png b/docs/zh/docs/server/security/trusted_computing/figures/RA-arch-1.png new file mode 100644 index 0000000000000000000000000000000000000000..bc55e411637b825b0ce44a7efca08f7e52e0fa70 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/RA-arch-1.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/RA-arch-2.png b/docs/zh/docs/server/security/trusted_computing/figures/RA-arch-2.png new file mode 100644 index 0000000000000000000000000000000000000000..7effbaf881ffe42823142561b9135237989d7153 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/RA-arch-2.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/TPCM.png b/docs/zh/docs/server/security/trusted_computing/figures/TPCM.png new file mode 100644 index 0000000000000000000000000000000000000000..290bdb3471b46dca3e9f0c0907c3855367bd5b65 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/TPCM.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/creat_datadisk.png b/docs/zh/docs/server/security/trusted_computing/figures/creat_datadisk.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/creat_datadisk.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/creat_datadisk1.png b/docs/zh/docs/server/security/trusted_computing/figures/creat_datadisk1.png new file mode 100644 index 0000000000000000000000000000000000000000..0dfd6a2802184af6d809c485191ea52452cf28d5 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/creat_datadisk1.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/dim_architecture.jpg b/docs/zh/docs/server/security/trusted_computing/figures/dim_architecture.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a1e672d01dd7174c6f631bc0443cea5717a27bfb Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/dim_architecture.jpg differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/etmem-system-architecture.png b/docs/zh/docs/server/security/trusted_computing/figures/etmem-system-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..1e077e00f44c0404526a4742d49c6e866601eee1 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/etmem-system-architecture.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/ima_digest_list_update.png b/docs/zh/docs/server/security/trusted_computing/figures/ima_digest_list_update.png new file mode 100644 index 0000000000000000000000000000000000000000..771067e31cee84591fbb914d7be4e8c576d7f5d2 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/ima_digest_list_update.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/ima_performance.gif b/docs/zh/docs/server/security/trusted_computing/figures/ima_performance.gif new file mode 100644 index 0000000000000000000000000000000000000000..72fad8a8333f7357c64a160c1d1c174c31201eaa Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/ima_performance.gif differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/ima_verification.png b/docs/zh/docs/server/security/trusted_computing/figures/ima_verification.png new file mode 100644 index 0000000000000000000000000000000000000000..d022b9d4ea08d4af386c7b76ca28115ad90e5451 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/ima_verification.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/logical_architectureofMariaDB.png b/docs/zh/docs/server/security/trusted_computing/figures/logical_architectureofMariaDB.png new file mode 100644 index 0000000000000000000000000000000000000000..8caa189a6fbf37bf4e9fd863c2ebb24e25547789 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/logical_architectureofMariaDB.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/login.png b/docs/zh/docs/server/security/trusted_computing/figures/login.png new file mode 100644 index 0000000000000000000000000000000000000000..d15c2cad98fba16320d587f3c7b0c80f435c5d3a Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/login.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/nginx_deployed_success.png b/docs/zh/docs/server/security/trusted_computing/figures/nginx_deployed_success.png new file mode 100644 index 0000000000000000000000000000000000000000..9ffb2c142defbd690e5407659116bf8e5582ba73 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/nginx_deployed_success.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/nginx_start_failed.png b/docs/zh/docs/server/security/trusted_computing/figures/nginx_start_failed.png new file mode 100644 index 0000000000000000000000000000000000000000..c8b855453433796265de42d7ffd0189c7ff9be2b Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/nginx_start_failed.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/nginx_start_success.png b/docs/zh/docs/server/security/trusted_computing/figures/nginx_start_success.png new file mode 100644 index 0000000000000000000000000000000000000000..bc6929772fd98fac3494b4436f26910b09818cb7 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/nginx_start_success.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/postgres.png b/docs/zh/docs/server/security/trusted_computing/figures/postgres.png new file mode 100644 index 0000000000000000000000000000000000000000..e7fc36882718587ec949133fe9892185cb4c2158 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/postgres.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/root_of_trust_framework.png b/docs/zh/docs/server/security/trusted_computing/figures/root_of_trust_framework.png new file mode 100644 index 0000000000000000000000000000000000000000..354b40fa4c4f0ed6f7312e0ce3848ed42155732e Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/root_of_trust_framework.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/top_display.png b/docs/zh/docs/server/security/trusted_computing/figures/top_display.png new file mode 100644 index 0000000000000000000000000000000000000000..2d77d3dc2934763b5da896a827b9805da34d1c09 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/top_display.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/trusted_chain.png b/docs/zh/docs/server/security/trusted_computing/figures/trusted_chain.png new file mode 100644 index 0000000000000000000000000000000000000000..034f0f092f41fb500ee4122339c447d10d4138ec Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/trusted_chain.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0229622729.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0229622729.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0229622729.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0229622789.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0229622789.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0229622789.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0230050789.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0230050789.png new file mode 100644 index 0000000000000000000000000000000000000000..0b785be2a026fe059c6ee41700a971a11cfff7ae Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0230050789.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143176.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143176.png new file mode 100644 index 0000000000000000000000000000000000000000..300165189e6d3e8fa356f3d463cfc627c2ece0e2 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143176.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143177.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143177.png new file mode 100644 index 0000000000000000000000000000000000000000..ccafce4b0c58a4da0a9f7aece335ede24e5030c0 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143177.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143178.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143178.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143178.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143180.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143180.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143180.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143181.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143181.png new file mode 100644 index 0000000000000000000000000000000000000000..d3698e6c0e021a56be46b9f4944c858a425eb66c Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143181.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143183.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143183.png new file mode 100644 index 0000000000000000000000000000000000000000..55ffdfa2616ee259543c1539e46c3e05f9335354 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143183.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143185.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143185.png new file mode 100644 index 0000000000000000000000000000000000000000..bff125f096215e91b28ee6deacde6d886e5b21eb Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143185.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143187.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143187.png new file mode 100644 index 0000000000000000000000000000000000000000..52f5644f9c985bcc39c0d146006dd9136140bc01 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143187.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143189.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143189.png new file mode 100644 index 0000000000000000000000000000000000000000..7656f3aa5f5907f1e9f981c0cb5d44d4fcb84ef3 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143189.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143191.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143191.png new file mode 100644 index 0000000000000000000000000000000000000000..a82d1bcb2b719e3a372f63ae099cb5d52a93b536 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143191.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143193.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143193.png new file mode 100644 index 0000000000000000000000000000000000000000..94614045bddb0871b44d2f6603402f914871ad61 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143193.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143195.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143195.png new file mode 100644 index 0000000000000000000000000000000000000000..05011dbabe2d245c37ec68de646851bf955a2361 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143195.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143196.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143196.png new file mode 100644 index 0000000000000000000000000000000000000000..9bdbac969920af77721980804bd1c5433bea5bc9 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143196.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143197.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143197.png new file mode 100644 index 0000000000000000000000000000000000000000..5ea4eec4002374096d8ac18eb973ed3bf874b632 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143197.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143198.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143198.png new file mode 100644 index 0000000000000000000000000000000000000000..7d6360c150495d204da4b069e6dc62677580888f Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231143198.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563132.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563132.png new file mode 100644 index 0000000000000000000000000000000000000000..bb801a9471f3f3541ba96491654f25e2df9ce8bf Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563132.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563134.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563134.png new file mode 100644 index 0000000000000000000000000000000000000000..398d15376d29d3aa406abb2e7e065d4625428c4d Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563134.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563135.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563135.png new file mode 100644 index 0000000000000000000000000000000000000000..785977142a6bf0e1c1815b82dea73d75fa206a75 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563135.png differ diff --git a/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563136.png b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563136.png new file mode 100644 index 0000000000000000000000000000000000000000..c274db4d0ca9d8758267a916e19fdef4aa22d0ba Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/figures/zh-cn_image_0231563136.png differ diff --git "a/docs/zh/docs/Administration/\345\206\205\346\240\270\345\256\214\346\225\264\346\200\247\345\272\246\351\207\217\357\274\210IMA\357\274\211.md" b/docs/zh/docs/server/security/trusted_computing/ima.md similarity index 100% rename from "docs/zh/docs/Administration/\345\206\205\346\240\270\345\256\214\346\225\264\346\200\247\345\272\246\351\207\217\357\274\210IMA\357\274\211.md" rename to docs/zh/docs/server/security/trusted_computing/ima.md diff --git "a/docs/zh/docs/Administration/\350\247\243\351\207\212\345\231\250\347\261\273\345\272\224\347\224\250\347\250\213\345\272\217\345\256\214\346\225\264\346\200\247\344\277\235\346\212\244\347\224\250\346\210\267\346\226\207\346\241\243.md" b/docs/zh/docs/server/security/trusted_computing/interpreter-class-application-integrity-protects.md similarity index 97% rename from "docs/zh/docs/Administration/\350\247\243\351\207\212\345\231\250\347\261\273\345\272\224\347\224\250\347\250\213\345\272\217\345\256\214\346\225\264\346\200\247\344\277\235\346\212\244\347\224\250\346\210\267\346\226\207\346\241\243.md" rename to docs/zh/docs/server/security/trusted_computing/interpreter-class-application-integrity-protects.md index 5f28d77b7718447b139e4204d0f06d3f7e1bb006..2692ef5620156c72795189f7eead6271a1e2c978 100644 --- "a/docs/zh/docs/Administration/\350\247\243\351\207\212\345\231\250\347\261\273\345\272\224\347\224\250\347\250\213\345\272\217\345\256\214\346\225\264\346\200\247\344\277\235\346\212\244\347\224\250\346\210\267\346\226\207\346\241\243.md" +++ b/docs/zh/docs/server/security/trusted_computing/interpreter-class-application-integrity-protects.md @@ -1,263 +1,263 @@ -# 解释器类应用程序安全防护 - -## 背景介绍 - -业界主要使用Linux IMA机制对系统运行的程序发起完整性检查,一方面可以检测文件是否被篡改,另一方面通过IMA的白名单机制可以保证只有经过认证(如签名或HMAC)的文件才可以被运行。 - -Linux IMA机制支持对通过read()、exec()、mmap()等系统调用访问的文件进行完整性度量/评估。尽管从功能上而言,IMA能够配置对解释器运行脚本所采用的read()系统调用的完整性保护功能,但是在实际场景中,IMA摘要列表主要配置为针对exec()、mmap()进行拦截,而无法有效拦截未授权的恶意脚本执行。原因IMA无法将脚本文件和其他可变的数据文件进行区分。一旦针对read()系统调用配置完整性保护,则会将其他可变的配置文件、临时文件、数据文件等纳入保护范围,而这些文件无法预先生成基线或认证凭据,从而导致完整性检查失败。因此实际场景无法配置基于read()的度量/评估策略,无法针对性地实现拦截和保护: - -| **执行方式** | 实际应用场景下能否通过IMA保护 | -| ------------ | ----------------------------- | -| ./test.sh | 是 | -| bash test.sh | 否 | - -## 特性介绍 - -本特性旨在通过内核系统调用保证通过执行方式运行脚本文件(如./test.sh)和通过解释器运行脚本文件(bash ./test.sh)具备相同的权限检查流程,具体说明如下: - -### execveat()支持AT_CHECK检查参数 - -execveat()是于Linux 3.19/glibc 2.34版本开始支持的系统调用函数,该函数允许传入一个已打开的文件描述符并执行该文件。本特性针对execveat()系统调用扩展AT_CHECK检查机制,实现对某个文件是否可执行进行检查操作,而不真正地执行该文件。 - -当调用者通过execveat()系统调用函数,传入目标文件描述符并指定AT_CHECK参数时,在内核的系统调用执行逻辑中,首先针对传入的文件描述符进行权限检查,该流程与普通的文件执行流程一致,包含文件的DAC权限位、LSM访问控制规则、IMA等检查,如果检查不通过则退出并返回错误码-EACCSS。直到所有权限检查流程完成后,execveat()系统调用判断参数是否包含AT_CHECK,如果包含,则不执行后续的执行流程,退出并返回0,表示该文件的可执行权限检查通过。 -![](./figures/Process_Of_EXECVAT_ATCHECK.png) - -### 解释器支持调用execveat对程序进行权限检查 - -在支持基于execveat()的AT_CHECK检查机制的基础上,当解释器打开待运行的脚本后,可主动调用execveat()系统调用函数发起对文件进行可执行权限检查,只有当权限检查成功后,才可继续运行脚本文件。 -![](./figures/AT_CHECK_Process.png) - -## 接口介绍 - -### 系统调用接口说明 - -execveat()系统调用的函数类型为: - -``` -int execveat(int dirfd, const char *pathname, - char *const _Nullable argv[], - char *const _Nullable envp[], - int flags); -``` - -本特性涉及新增flags参数AT_CHECK,说明如下: - -| **参数** | **取值** | **说明** | -| -------- | -------- | -------------------------------------------------- | -| AT_CHECK | 0x10000 | 对目标文件进行可执行权限检查,而不真正地执行该文件 | - -### 内核启动参数说明 - -本特性支持如下内核启动参数: - -| **参数** | **取值** | **说明** | -| ------------------- | -------- | ------------------------------------------------------------ | -| exec_check.bash= | 0/1 | 默认为0,设置为1时,bash解释器进程运行脚本时前调用execveat进行脚本文件的可执行权限检查 | -| exec_check.java= | 0/1 | 默认为0,设置为1时,jdk运行脚本时class和jar文件时,需要调用execveat进行脚本文件的执行权限检查 | -| exec_check.= | 0/1 | 后续可扩展其他解释器 | - -**注意:上述启动参数实际由各个解释器进程进行读取解析,内核并不实际使用这些参数。** - -## 特性范围 - -本特性于openEuler 24.03 LTS SP1(6.6内核)版本支持,需要内核版本。特性支持的解释器类型如下: - -| **解释器** | **目标文件** | **说明** | -| ---------- | ----------------- | ---------------------------------------------------- | -| bash | shell脚本文件 | bash进程对打开的shell文件进行可执行权限检查 | -| jdk | class文件/jar文件 | java虚拟机对加载的class文件和jar包进行可执行权限检查 | - -社区开发人员或用户可基于该机制,自行扩展其他解释器或类似机制的支持。 -## 使用说明 - -### AT_CHECK参数使用示例 - -#### 前置条件 - -内核版本大于6.6.0-54.0.0.58,glibc版本大于等于2.38-41。 - -``` -glibc-2.38-41.oe2403sp1.x86_64 -kernel-6.6.0-54.0.0.58.oe2403sp1.x86_64 -``` - -#### 操作指导 - -可编写如下测试程序(test.c)进行参数功能测试: - -``` -#define _GNU_SOURCE - -#include -#include -#include -#include - -#define AT_CHECK 0x10000 - -int main(void) -{ - int fd; - int access_ret; - - fd = open("./", O_RDONLY); - access_ret = execveat(fd, "test.sh", NULL, NULL, AT_CHECK); - perror("execveat"); - printf("access_ret = %d\n", access_ret); - close(fd); - return 0; -} -``` - -**步骤1:** 编译测试代码: - -``` -gcc test.c -o test -``` - -**步骤2:** 创建测试脚本test.sh: - -``` -echo "sleep 10" > test.sh -``` - -**步骤3:** 如果测试脚本具备合法的可执行权限,则execveat返回0: - -``` -# chmod +x test.sh -# ./test -execveat: Success -access_ret = 0 -``` - -**步骤4:** 如果测试脚本不具备合法的权限,则execveat返回-1,错误码为Permission denied: - -``` -# chmod -x test.sh -# ./test -execveat: Permission denied -access_ret = -1 -``` - -### bash解释器支持脚本可执行权限检查 - -#### 前置条件 - -内核版本大于6.6.0-54,glibc版本大于等于2.38-41,bash版本大于等于5.2.15-13 - -```bash -bash-5.2.15-13.oe2403sp1.x86_64 -glibc-2.38-41.oe2403sp1.x86_64 -kernel-6.6.0-54.0.0.58.oe2403sp1.x86_64 -``` - -#### 操作指导 - -**步骤1:** 设置系统中所有脚本文件的权限为可执行 - -```bash -find / -name "*.sh" --exec chmod +x {} \; -``` - -**步骤2:** 设置启动参数并重启系统,添加的启动参数为: - -``` -exec_check.bash=1 -``` - -**步骤3:** 验证只有具备可执行权限的脚本才可被bash解释器运行: - -```bash -# echo "echo hello world" > test.sh -# bash test.sh -bash: line 0: [1402] denied sourcing non-executable test.sh -# chmod +x test.sh -# bash test.sh -hello world -``` - -### jdk支持脚本可执行权限检查 - -#### 前置条件 - -获取支持该特性的jdk代码: - -``` -https://gitee.com/openeuler/bishengjdk-8/tree/IMA_Glibc2_34 -``` - -按照如下流程编译: - -``` -https://gitee.com/openeuler/bishengjdk-8/wikis/%E4%B8%AD%E6%96%87%E6%96%87%E6%A1%A3/%E6%AF%95%E6%98%87JDK%208%20%E6%BA%90%E7%A0%81%E6%9E%84%E5%BB%BA%E8%AF%B4%E6%98%8E -``` - -#### 操作指导 - -**步骤1:** 确保系统中所有.class文件和.jar文件的可执行权限 - -``` -find / -name "*.class" chmod +x {} \; -find / -name "*.jar" chmod +x {} \; -``` - -**步骤2:** 设置启动参数并重启系统,添加的启动参数为: - -``` -exec_check.java=1 -``` - -**步骤3:** 验证只有具备可执行权限的class文件或jar文件才可被jvm运行: - -可编写如下测试程序(HelloWorld.java)进行参数功能测试: - -``` -public class HelloWorld { - public static void main(String[] args) { - System.out.println("Hello, World!"); - } -} -``` - -```bash -# javac HelloWorld.java -Access denied to /home/bishengjdk/bishengjdk-8/install/jvm/openjdk-1.8.0_432-internal/lib/tools.jar -# chmod +x /home/bishengjdk/bishengjdk-8/install/jvm/openjdk-1.8.0_432-internal/lib/tools.jar -# javac HelloWorld.java -# java HelloWorld -Access denied to HelloWorld.class - -# chmod +x HelloWorld.class -# java HelloWorld -Hello, World! -``` - -### 结合IMA摘要列表实现解释器类应用完整性保护 - -#### 前置条件 - -开启IMA摘要列表功能,详见[**内核完整性度量(IMA)** ](内核完整性度量(IMA).md)文档章节。 - -#### 操作指导 - -**步骤1:** 为目标应用程序生成IMA摘要列表(过程略,摘要列表生成方式详见[**内核完整性度量(IMA)** ](内核完整性度量(IMA).md)文档章节)。 - -**步骤2:** 开启IMA摘要列表功能(过程略,摘要列表生成方式详见[**内核完整性度量(IMA)** ](内核完整性度量(IMA).md)文档章节),以开启摘要列表+shell脚本校验为例,配置的内核启动参数如下: - -```bash -ima_appraise=enforce ima_appraise_digest_list=digest-nometadata ima_policy="appraise_exec_tcb" initramtmpfs module.sig_enforce exec_check.bash=1 -``` - -**步骤3:** 验证IMA对bash脚本完整性保护 - -```bash -# echo "echo hello world" > test.sh -# chmod +x test.sh -# bash test.sh -bash: line 0: [2520] denied sourcing non-executable test.sh - -# 生成摘要列表后签名并导入(略) -# echo /etc/ima/digest_lists/0-metadata_list-compact-test.sh > /sys/kernel/security/ima/digest_list_data -# bash test.sh -hello world -``` +# 解释器类应用程序安全防护 + +## 背景介绍 + +业界主要使用Linux IMA机制对系统运行的程序发起完整性检查,一方面可以检测文件是否被篡改,另一方面通过IMA的白名单机制可以保证只有经过认证(如签名或HMAC)的文件才可以被运行。 + +Linux IMA机制支持对通过read()、exec()、mmap()等系统调用访问的文件进行完整性度量/评估。尽管从功能上而言,IMA能够配置对解释器运行脚本所采用的read()系统调用的完整性保护功能,但是在实际场景中,IMA摘要列表主要配置为针对exec()、mmap()进行拦截,而无法有效拦截未授权的恶意脚本执行。原因IMA无法将脚本文件和其他可变的数据文件进行区分。一旦针对read()系统调用配置完整性保护,则会将其他可变的配置文件、临时文件、数据文件等纳入保护范围,而这些文件无法预先生成基线或认证凭据,从而导致完整性检查失败。因此实际场景无法配置基于read()的度量/评估策略,无法针对性地实现拦截和保护: + +| **执行方式** | 实际应用场景下能否通过IMA保护 | +| ------------ | ----------------------------- | +| ./test.sh | 是 | +| bash test.sh | 否 | + +## 特性介绍 + +本特性旨在通过内核系统调用保证通过执行方式运行脚本文件(如./test.sh)和通过解释器运行脚本文件(bash ./test.sh)具备相同的权限检查流程,具体说明如下: + +### execveat()支持AT_CHECK检查参数 + +execveat()是于Linux 3.19/glibc 2.34版本开始支持的系统调用函数,该函数允许传入一个已打开的文件描述符并执行该文件。本特性针对execveat()系统调用扩展AT_CHECK检查机制,实现对某个文件是否可执行进行检查操作,而不真正地执行该文件。 + +当调用者通过execveat()系统调用函数,传入目标文件描述符并指定AT_CHECK参数时,在内核的系统调用执行逻辑中,首先针对传入的文件描述符进行权限检查,该流程与普通的文件执行流程一致,包含文件的DAC权限位、LSM访问控制规则、IMA等检查,如果检查不通过则退出并返回错误码-EACCSS。直到所有权限检查流程完成后,execveat()系统调用判断参数是否包含AT_CHECK,如果包含,则不执行后续的执行流程,退出并返回0,表示该文件的可执行权限检查通过。 +![](./figures/Process_Of_EXECVAT_ATCHECK.png) + +### 解释器支持调用execveat对程序进行权限检查 + +在支持基于execveat()的AT_CHECK检查机制的基础上,当解释器打开待运行的脚本后,可主动调用execveat()系统调用函数发起对文件进行可执行权限检查,只有当权限检查成功后,才可继续运行脚本文件。 +![](./figures/AT_CHECK_Process.png) + +## 接口介绍 + +### 系统调用接口说明 + +execveat()系统调用的函数类型为: + +``` +int execveat(int dirfd, const char *pathname, + char *const _Nullable argv[], + char *const _Nullable envp[], + int flags); +``` + +本特性涉及新增flags参数AT_CHECK,说明如下: + +| **参数** | **取值** | **说明** | +| -------- | -------- | -------------------------------------------------- | +| AT_CHECK | 0x10000 | 对目标文件进行可执行权限检查,而不真正地执行该文件 | + +### 内核启动参数说明 + +本特性支持如下内核启动参数: + +| **参数** | **取值** | **说明** | +| ------------------- | -------- | ------------------------------------------------------------ | +| exec_check.bash= | 0/1 | 默认为0,设置为1时,bash解释器进程运行脚本时前调用execveat进行脚本文件的可执行权限检查 | +| exec_check.java= | 0/1 | 默认为0,设置为1时,jdk运行脚本时class和jar文件时,需要调用execveat进行脚本文件的执行权限检查 | +| exec_check.= | 0/1 | 后续可扩展其他解释器 | + +**注意:上述启动参数实际由各个解释器进程进行读取解析,内核并不实际使用这些参数。** + +## 特性范围 + +本特性于openEuler 24.03 LTS SP1(6.6内核)版本支持,需要内核版本。特性支持的解释器类型如下: + +| **解释器** | **目标文件** | **说明** | +| ---------- | ----------------- | ---------------------------------------------------- | +| bash | shell脚本文件 | bash进程对打开的shell文件进行可执行权限检查 | +| jdk | class文件/jar文件 | java虚拟机对加载的class文件和jar包进行可执行权限检查 | + +社区开发人员或用户可基于该机制,自行扩展其他解释器或类似机制的支持。 +## 使用说明 + +### AT_CHECK参数使用示例 + +#### 前置条件 + +内核版本大于6.6.0-54.0.0.58,glibc版本大于等于2.38-41。 + +``` +glibc-2.38-41.oe2403sp1.x86_64 +kernel-6.6.0-54.0.0.58.oe2403sp1.x86_64 +``` + +#### 操作指导 + +可编写如下测试程序(test.c)进行参数功能测试: + +``` +#define _GNU_SOURCE + +#include +#include +#include +#include + +#define AT_CHECK 0x10000 + +int main(void) +{ + int fd; + int access_ret; + + fd = open("./", O_RDONLY); + access_ret = execveat(fd, "test.sh", NULL, NULL, AT_CHECK); + perror("execveat"); + printf("access_ret = %d\n", access_ret); + close(fd); + return 0; +} +``` + +**步骤1:** 编译测试代码: + +``` +gcc test.c -o test +``` + +**步骤2:** 创建测试脚本test.sh: + +``` +echo "sleep 10" > test.sh +``` + +**步骤3:** 如果测试脚本具备合法的可执行权限,则execveat返回0: + +``` +# chmod +x test.sh +# ./test +execveat: Success +access_ret = 0 +``` + +**步骤4:** 如果测试脚本不具备合法的权限,则execveat返回-1,错误码为Permission denied: + +``` +# chmod -x test.sh +# ./test +execveat: Permission denied +access_ret = -1 +``` + +### bash解释器支持脚本可执行权限检查 + +#### 前置条件 + +内核版本大于6.6.0-54,glibc版本大于等于2.38-41,bash版本大于等于5.2.15-13 + +```bash +bash-5.2.15-13.oe2403sp1.x86_64 +glibc-2.38-41.oe2403sp1.x86_64 +kernel-6.6.0-54.0.0.58.oe2403sp1.x86_64 +``` + +#### 操作指导 + +**步骤1:** 设置系统中所有脚本文件的权限为可执行 + +```bash +find / -name "*.sh" --exec chmod +x {} \; +``` + +**步骤2:** 设置启动参数并重启系统,添加的启动参数为: + +``` +exec_check.bash=1 +``` + +**步骤3:** 验证只有具备可执行权限的脚本才可被bash解释器运行: + +```bash +# echo "echo hello world" > test.sh +# bash test.sh +bash: line 0: [1402] denied sourcing non-executable test.sh +# chmod +x test.sh +# bash test.sh +hello world +``` + +### jdk支持脚本可执行权限检查 + +#### 前置条件 + +获取支持该特性的jdk代码: + +``` +https://gitee.com/openeuler/bishengjdk-8/tree/IMA_Glibc2_34 +``` + +按照如下流程编译: + +``` +https://gitee.com/openeuler/bishengjdk-8/wikis/%E4%B8%AD%E6%96%87%E6%96%87%E6%A1%A3/%E6%AF%95%E6%98%87JDK%208%20%E6%BA%90%E7%A0%81%E6%9E%84%E5%BB%BA%E8%AF%B4%E6%98%8E +``` + +#### 操作指导 + +**步骤1:** 确保系统中所有.class文件和.jar文件的可执行权限 + +``` +find / -name "*.class" chmod +x {} \; +find / -name "*.jar" chmod +x {} \; +``` + +**步骤2:** 设置启动参数并重启系统,添加的启动参数为: + +``` +exec_check.java=1 +``` + +**步骤3:** 验证只有具备可执行权限的class文件或jar文件才可被jvm运行: + +可编写如下测试程序(HelloWorld.java)进行参数功能测试: + +``` +public class HelloWorld { + public static void main(String[] args) { + System.out.println("Hello, World!"); + } +} +``` + +```bash +# javac HelloWorld.java +Access denied to /home/bishengjdk/bishengjdk-8/install/jvm/openjdk-1.8.0_432-internal/lib/tools.jar +# chmod +x /home/bishengjdk/bishengjdk-8/install/jvm/openjdk-1.8.0_432-internal/lib/tools.jar +# javac HelloWorld.java +# java HelloWorld +Access denied to HelloWorld.class + +# chmod +x HelloWorld.class +# java HelloWorld +Hello, World! +``` + +### 结合IMA摘要列表实现解释器类应用完整性保护 + +#### 前置条件 + +开启IMA摘要列表功能,详见[**内核完整性度量(IMA)** ](内核完整性度量(IMA).md)文档章节。 + +#### 操作指导 + +**步骤1:** 为目标应用程序生成IMA摘要列表(过程略,摘要列表生成方式详见[**内核完整性度量(IMA)** ](内核完整性度量(IMA).md)文档章节)。 + +**步骤2:** 开启IMA摘要列表功能(过程略,摘要列表生成方式详见[**内核完整性度量(IMA)** ](内核完整性度量(IMA).md)文档章节),以开启摘要列表+shell脚本校验为例,配置的内核启动参数如下: + +```bash +ima_appraise=enforce ima_appraise_digest_list=digest-nometadata ima_policy="appraise_exec_tcb" initramtmpfs module.sig_enforce exec_check.bash=1 +``` + +**步骤3:** 验证IMA对bash脚本完整性保护 + +```bash +# echo "echo hello world" > test.sh +# chmod +x test.sh +# bash test.sh +bash: line 0: [2520] denied sourcing non-executable test.sh + +# 生成摘要列表后签名并导入(略) +# echo /etc/ima/digest_lists/0-metadata_list-compact-test.sh > /sys/kernel/security/ima/digest_list_data +# bash test.sh +hello world +``` diff --git "a/docs/zh/docs/Administration/\345\206\205\346\240\270\345\217\257\344\277\241\346\240\271\346\241\206\346\236\266\347\224\250\346\210\267\346\226\207\346\241\243.md" b/docs/zh/docs/server/security/trusted_computing/kernel-trusted-root-framework.md similarity index 98% rename from "docs/zh/docs/Administration/\345\206\205\346\240\270\345\217\257\344\277\241\346\240\271\346\241\206\346\236\266\347\224\250\346\210\267\346\226\207\346\241\243.md" rename to docs/zh/docs/server/security/trusted_computing/kernel-trusted-root-framework.md index f2835d168db1ab2d2aacb4915ec98c67ea3d0712..87a5eedd37fe7c93b2bdf1999fe2e4f220f62761 100644 --- "a/docs/zh/docs/Administration/\345\206\205\346\240\270\345\217\257\344\277\241\346\240\271\346\241\206\346\236\266\347\224\250\346\210\267\346\226\207\346\241\243.md" +++ b/docs/zh/docs/server/security/trusted_computing/kernel-trusted-root-framework.md @@ -1,92 +1,92 @@ -# 内核可信根框架 - -## 概述 - -典型的攻击手段往往伴随着信息系统真实性、完整性的破坏,目前业界的共识是通过硬件可信根对系统关键组件进行度量/验证,一旦检测到篡改或仿冒行为,就执行告警或拦截。 - -当前业界主流是采用TPM作为信任根,结合完整性保护软件栈逐级构筑系统信任链,从而保证系统各组件的真实性和完整性。openEuler支持的完整性保护特性如下: - -- 可信启动:系统启动阶段,度量启动组件的摘要值并记录到PCR寄存器; -- IMA度量:文件访问阶段,度量文件的摘要值,并扩展到PCR寄存器; -- DIM度量:进程运行阶段,度量内存代码段的摘要值,并扩展到PCR寄存器。 - -近年来,随着可信计算、机密计算等安全技术的发展,业界出现了各种形态不一的硬件可信根,及其配套的证明体系,例如: - -- TCG Trusted Platform Module (TPM) -- Trusted Cryptography Module (TCM) -- Trusted Platform Control Module (TPCM) -- Intel Trust Domain Extensions (TDX) -- Arm Confidential Compute Architecture (CCA) -- Virtualized Arm Confidential Compute Architecture (virtCCA) - -因此,本特性旨在支持一套内核态的可信根框架,南向支持多种可信根驱动,北向提供统一度量接口,对接上层完整性保护软件栈,将openEuler E2E完整性保护技术的硬件支持范围从单TPM扩展为多元异构可信根。 - -root_of_trust_framework - -## 特性介绍 - -本特性目前支持哈希扩展类型的度量可信根,即采用若干个度量寄存器(对应一种或多种哈希算法)采用如下形式记录多个度量结果: - -``` -value_new = hash(value_old | measure_result) -``` - -上式中value_new/value_old代表可信根内的度量寄存器的新/旧值;measure_result代表本次的度量结果;hash代表该度量寄存器所使用的哈希算法。 - -对于每一个可信根,开发者可通过本特性提供的框架层完成该可信根实例的定义和注册。注册成功后,完整性度量特性会自动将度量结果传入可信根实例中,完成哈希扩展和寄存器更新。 - -## 特性范围 - -本特性于openEuler 24.03 LTS SP1(6.6内核)版本支持,当前南向支持TPM和virtCCA两种可信根,北向支持内核完整性度量(IMA)特性。后续将持续完善对于其他可信根和度量特性的支持工作。 - -## 接口说明 - -### 结构体接口说明 - -对于每个可信根实例,需要定义如下结构体: - -``` -struct ima_rot { - const char *name; - int nr_allocated_banks; - struct tpm_bank_info *allocated_banks; - - int (*init)(struct ima_rot *rot); - int (*extend)(struct tpm_digest *digests_arg, const void *args); - int (*calc_boot_aggregate)(struct ima_digest_data *hash); -}; -``` - -成员变量描述如下: - -| **成员** | **说明** | -| ------------------- | ------------------------------------- | -| name | 可信根设备的名称 | -| nr_allocated_banks | 可信根支持的度量寄存器数量 | -| allocated_banks | 可信根度量寄存器算法定义 | -| init | 可信根初始化函数实现 | -| extend | 可信根扩展函数实现 | -| calc_boot_aggregate | IMA特性的boot aggregate值计算函数实现 | - -接口体数组定义在内核代码的security/integrity/ima/ima_rot.c文件中的ima_rots变量,在该数组变量定义中追加可信根实例,即可实现IMA特性对不同可信根的功能扩展。 - -### 启动参数接口说明 - -本特性涉及新增如下启动参数: - -| **参数** | **取值** | **说明** | -| -------- | -------- | ------------------------------------------------------------ | -| ima_rot= | 字符串 | 指定IMA优先使用的可信根设备的名称。若指定设备不存在,则尝试使用默认设备(TPM);如指定设备或默认设备初始化失败,则无可信根。 | - -## 使用说明 - -以用户在机密虚机中配置IMA度量使用virtCCA可信根为例,用户可在启动参数中添加如下参数: - -``` -ima_rot=virtcca -``` - -**注意:** 如果环境中仅virtcca可信根可用,无其他可信根(如vTPM)可用,也可不配置该参数。 - -配置完成后,首条IMA度量日志(boot aggregate日志)即为virtCCA的RIM的中存储的度量值;每条IMA度量日志的哈希值将在virtCCA的REM[0]中进行哈希扩展。用户可以基于virtCCA提供的远程证明软件栈实现机密虚机中的应用度量结果校验。 - +# 内核可信根框架 + +## 概述 + +典型的攻击手段往往伴随着信息系统真实性、完整性的破坏,目前业界的共识是通过硬件可信根对系统关键组件进行度量/验证,一旦检测到篡改或仿冒行为,就执行告警或拦截。 + +当前业界主流是采用TPM作为信任根,结合完整性保护软件栈逐级构筑系统信任链,从而保证系统各组件的真实性和完整性。openEuler支持的完整性保护特性如下: + +- 可信启动:系统启动阶段,度量启动组件的摘要值并记录到PCR寄存器; +- IMA度量:文件访问阶段,度量文件的摘要值,并扩展到PCR寄存器; +- DIM度量:进程运行阶段,度量内存代码段的摘要值,并扩展到PCR寄存器。 + +近年来,随着可信计算、机密计算等安全技术的发展,业界出现了各种形态不一的硬件可信根,及其配套的证明体系,例如: + +- TCG Trusted Platform Module (TPM) +- Trusted Cryptography Module (TCM) +- Trusted Platform Control Module (TPCM) +- Intel Trust Domain Extensions (TDX) +- Arm Confidential Compute Architecture (CCA) +- Virtualized Arm Confidential Compute Architecture (virtCCA) + +因此,本特性旨在支持一套内核态的可信根框架,南向支持多种可信根驱动,北向提供统一度量接口,对接上层完整性保护软件栈,将openEuler E2E完整性保护技术的硬件支持范围从单TPM扩展为多元异构可信根。 + +root_of_trust_framework + +## 特性介绍 + +本特性目前支持哈希扩展类型的度量可信根,即采用若干个度量寄存器(对应一种或多种哈希算法)采用如下形式记录多个度量结果: + +``` +value_new = hash(value_old | measure_result) +``` + +上式中value_new/value_old代表可信根内的度量寄存器的新/旧值;measure_result代表本次的度量结果;hash代表该度量寄存器所使用的哈希算法。 + +对于每一个可信根,开发者可通过本特性提供的框架层完成该可信根实例的定义和注册。注册成功后,完整性度量特性会自动将度量结果传入可信根实例中,完成哈希扩展和寄存器更新。 + +## 特性范围 + +本特性于openEuler 24.03 LTS SP1(6.6内核)版本支持,当前南向支持TPM和virtCCA两种可信根,北向支持内核完整性度量(IMA)特性。后续将持续完善对于其他可信根和度量特性的支持工作。 + +## 接口说明 + +### 结构体接口说明 + +对于每个可信根实例,需要定义如下结构体: + +``` +struct ima_rot { + const char *name; + int nr_allocated_banks; + struct tpm_bank_info *allocated_banks; + + int (*init)(struct ima_rot *rot); + int (*extend)(struct tpm_digest *digests_arg, const void *args); + int (*calc_boot_aggregate)(struct ima_digest_data *hash); +}; +``` + +成员变量描述如下: + +| **成员** | **说明** | +| ------------------- | ------------------------------------- | +| name | 可信根设备的名称 | +| nr_allocated_banks | 可信根支持的度量寄存器数量 | +| allocated_banks | 可信根度量寄存器算法定义 | +| init | 可信根初始化函数实现 | +| extend | 可信根扩展函数实现 | +| calc_boot_aggregate | IMA特性的boot aggregate值计算函数实现 | + +接口体数组定义在内核代码的security/integrity/ima/ima_rot.c文件中的ima_rots变量,在该数组变量定义中追加可信根实例,即可实现IMA特性对不同可信根的功能扩展。 + +### 启动参数接口说明 + +本特性涉及新增如下启动参数: + +| **参数** | **取值** | **说明** | +| -------- | -------- | ------------------------------------------------------------ | +| ima_rot= | 字符串 | 指定IMA优先使用的可信根设备的名称。若指定设备不存在,则尝试使用默认设备(TPM);如指定设备或默认设备初始化失败,则无可信根。 | + +## 使用说明 + +以用户在机密虚机中配置IMA度量使用virtCCA可信根为例,用户可在启动参数中添加如下参数: + +``` +ima_rot=virtcca +``` + +**注意:** 如果环境中仅virtcca可信根可用,无其他可信根(如vTPM)可用,也可不配置该参数。 + +配置完成后,首条IMA度量日志(boot aggregate日志)即为virtCCA的RIM的中存储的度量值;每条IMA度量日志的哈希值将在virtCCA的REM[0]中进行哈希扩展。用户可以基于virtCCA提供的远程证明软件栈实现机密虚机中的应用度量结果校验。 + diff --git a/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-caution.gif b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-danger.gif b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-note.gif b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-notice.gif b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-tip.gif b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-warning.gif b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/server/security/trusted_computing/public_sys-resources/icon-warning.gif differ diff --git "a/docs/zh/docs/Administration/\350\277\234\347\250\213\350\257\201\346\230\216\357\274\210\351\262\262\351\271\217\345\256\211\345\205\250\345\272\223\357\274\211.md" b/docs/zh/docs/server/security/trusted_computing/remote-attestation-kunpeng-security-library.md similarity index 100% rename from "docs/zh/docs/Administration/\350\277\234\347\250\213\350\257\201\346\230\216\357\274\210\351\262\262\351\271\217\345\256\211\345\205\250\345\272\223\357\274\211.md" rename to docs/zh/docs/server/security/trusted_computing/remote-attestation-kunpeng-security-library.md diff --git "a/docs/zh/docs/Administration/\345\217\257\344\277\241\345\271\263\345\217\260\346\216\247\345\210\266\346\250\241\345\235\227\357\274\210TPCM\357\274\211.md" b/docs/zh/docs/server/security/trusted_computing/tpcm.md similarity index 100% rename from "docs/zh/docs/Administration/\345\217\257\344\277\241\345\271\263\345\217\260\346\216\247\345\210\266\346\250\241\345\235\227\357\274\210TPCM\357\274\211.md" rename to docs/zh/docs/server/security/trusted_computing/tpcm.md diff --git "a/docs/zh/docs/Administration/\345\217\257\344\277\241\350\256\241\347\256\227.md" b/docs/zh/docs/server/security/trusted_computing/trusted-computing.md similarity index 100% rename from "docs/zh/docs/Administration/\345\217\257\344\277\241\350\256\241\347\256\227.md" rename to docs/zh/docs/server/security/trusted_computing/trusted-computing.md