diff --git a/.gitee/ISSUE_TEMPLATE.en.md b/.gitee/ISSUE_TEMPLATE.en.md deleted file mode 100644 index 458911819fd4e6cbadc9228ff1d2f3e0a4d39d06..0000000000000000000000000000000000000000 --- a/.gitee/ISSUE_TEMPLATE.en.md +++ /dev/null @@ -1,23 +0,0 @@ -**Is this a BUG REPORT or FEATURE REQUEST?**: - -> Uncomment only one, leave it on its own line: -> -> - bug -> -> - feature - - -**What happened**: - -**What you expected to happen**: - -**How to reproduce it (as minimally and precisely as possible)**: - -**Anything else we need to know?**: - -**Environment**: -- Version: -- OS (e.g. from /etc/os-release): -- Kernel (e.g. `uname -a`): -- Install tools: -- Others: diff --git a/.gitee/ISSUE_TEMPLATE.zh-CN.md b/.gitee/ISSUE_TEMPLATE.zh-CN.md deleted file mode 100644 index d83eeb568385f4b57166ad51ccb6c414f5f061b7..0000000000000000000000000000000000000000 --- a/.gitee/ISSUE_TEMPLATE.zh-CN.md +++ /dev/null @@ -1,22 +0,0 @@ -**这是一个bug还是新特性?**: - -> 以下两者二选一,请保留一项: -> -> - bug -> -> - 特性 - - -**发生结果**: - -**期望结果**: - -**如何重现(尽量详细)**: - -**补充说明?**: - -**环境情况**: -- 版本: -- 操作系统版本 (e.g. from /etc/os-release): -- 内核版本 (e.g. `uname -a`): -- 其它: diff --git a/.gitee/PULL_REQUEST_TEMPLATE.en.md b/.gitee/PULL_REQUEST_TEMPLATE.en.md deleted file mode 100644 index fb9f653795bc13e5cced21eb4e7a96d655a23c59..0000000000000000000000000000000000000000 --- a/.gitee/PULL_REQUEST_TEMPLATE.en.md +++ /dev/null @@ -1,15 +0,0 @@ - - -**What this PR does / why we need it**: - -**Which issue this PR fixes** *(optional, in `fixes #(, fixes #, ...)` format, will close that issue when PR gets merged)*: fixes # - -**Special notes for your reviewer**: - -**Release note**: - -```release-note -``` diff --git a/.gitee/PULL_REQUEST_TEMPLATE.zh-CN.md b/.gitee/PULL_REQUEST_TEMPLATE.zh-CN.md deleted file mode 100644 index f731c6335b44ab9a37a3006406ddbe062bc3fa86..0000000000000000000000000000000000000000 --- a/.gitee/PULL_REQUEST_TEMPLATE.zh-CN.md +++ /dev/null @@ -1,15 +0,0 @@ - - -**PR功能描述 / 为什么需要这个合入**: - -**该PR关联的issue** *(格式为fixes #, 或者resolves #)*: fixes # - -**希望检视人员了解**: - -**Release note**: - -```release-note -``` diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 1516e93b72f23cfe2ab4c75ea88b19a12ccc9a1a..0000000000000000000000000000000000000000 --- a/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -public -resources/_gen diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index d7c6119bfa7e3a01bbe2b405dc1f125890462a72..0000000000000000000000000000000000000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,167 +0,0 @@ -# How to contribute - -### Brief Introduction - -This project is [Apache 2.0](LICENSE) licensed and accepts contributions via pull requests. This document outlines some of the conventions on commit message formatting, contact points for developers and other resources to make getting your contribution easier. - -Before you start, NOTICE that ```master``` branch is development version. ```stable``` branch -provided for customers and users. So all code modifications SHOULD be submitted to -```master``` branch, ```stable``` branch won't accept any commits. - -This repository is integrated by website which will provide the final outline, so please only maintain docs in this repository. -anything others like styles, js are maintained in website as a combined hugo theme. - -Contents oranganized by hugo book which is a framework helping build our own book. -please refer to hugo book [website](https://github.com/alex-shpak/hugo-book) for more detailed information. - -All files are written with MarkDown syntax, please note: If you want to add internal links, -be careful to point to the .html pages corresponding to the .md pages of the folder. - -### Debug local - -This doc only provides running test on linux, please prepare linux server before running -following commands. - -1. Install hugo on server - -hugo can be installed easily after nodejs is ready. - -``` -curl -L https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_0.56.3_Linux-64bit.tar.gz | tar -xz && \ - mv hugo /usr/local/bin/ -``` - -2. Running this repository locally - -``` -hugo serve --bind 0.0.0.0 --port 80 --baseUrl / -``` - -The website will serving on http://your-server-ip:80 - - -### Debug with docker - -1. Build Image - -``` -docker build -t docs:v0.0.1 . -``` - -note: here ```docs``` is the image name, you can change it as you need. - -2. Running in container - -``` -docker run -p 80:80 -d docs:v0.0.1 > docs.pid -``` - -The website will serving on http://your-server-ip:80 - -3. Stopping the container - -``` -docker rm -f `cat docs.pid` && rm -f docs.pid -``` - -***Note***: -The defalut language(en) will serving on http://your-server-ip/ -Other language(zh) will serving on http://your-server-ip/zh - -### Add/Modify file - -Before openning a PR, running locally and have a check would be good step that will help -your commits be merged quickly. - -There are two kinds of Markdown file, one is the content files which locates in ```content/docs``` folder. -the other one is the menu file which locates in ```content/menu``` folder. please remember to update menu if -adding new file. - -Note: menu file home file name must be named ```home.md```. - -## Getting help - -- IRC: TODO -- Mail: TODO - -## Report issues - -A great way to contribute to the project is to send a detailed report when you encounter an issue. We always appreciate a well-written, thorough bug report and feature propose, and will thank you for it! - -### Issues format - -When reporting issues, refer to this format: - -- Is this a BUG REPORT or FEATURE REQUEST? -- What happened? -- What you expected to happen? -- What happened? -- How to reproduce it (as minimally and precisely as possible) -- Anything else we need to know? -- Environment - -See more about [ISSUE_TEMPLATE](.github/ISSUE_TEMPLATE.md). - -## Submit pull requests - -If you are a beginner and expect this project as the gate to open source world, this tutorial is one of the best -choices for you. Just follow the guidance and you will find the pleasure to becoming a contributor. - -### Step 1: Fork repository - -Before making modifications of this project, you need to make sure that this project have been forked to your own -repository. It means that there will be parallel development between this repo and your own repo, so be careful -to avoid the inconsistency between these two repos. - -### Step 2: Clone the remote repository - -If you want to download the code to the local machine, ```git``` is the best way: -``` -git clone https://your_repo_url/projectname.git -``` - -### Step 3: Develop code locally - -To avoid inconsistency between multiple branches, we SUGGEST checking out to a new branch: -``` -git checkout -b new_branch_name origin/master -``` -Then you can change the code arbitrarily. - -### Step 4: Push the code to the remote repository - -After updating the code, you should push the update in the formal way: -``` -git add . -git status (Check the update status) -git commit -m "Your commit title" -git commit --amend (Add the concrete description of your commit) -git push origin new_branch_name -``` - -### Step 5: Pull a request to repository - -In the last step, your need to pull a compare request between your new branch and development branch. After -finishing the pull request, the CI will be automatically set up for building test. - -### Pull requests format - -When submitting pull requests, refer to this format: - -- What this PR does / why we need it? -- Which issue this PR fixes? -- Special notes for your reviewer -- Release note - -See more about [PULL_REQUEST_TEMPLATE](.github/PULL_REQUEST_TEMPLATE.md). - -### Code style - -```TO BE DEFINED``` - - - - - - - diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index c2012b2450287d3d54be186d230e4efcf98f3f73..0000000000000000000000000000000000000000 --- a/Dockerfile +++ /dev/null @@ -1,24 +0,0 @@ -FROM nginx - -MAINTAINER Edward Lee - -RUN apt-get update && \ - apt install curl -y && \ - apt-get install git -y - -ENV HUGO_VERSION=0.68.1 - -RUN mkdir -p /usr/local/src && \ - cd /usr/local/src && \ - curl -L https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_Linux-64bit.tar.gz | tar -xz && \ - mv hugo /usr/local/bin/ - -COPY . /src/ -RUN cd /src/ && /usr/local/bin/hugo -b / && \ - cp -rf /src/public/* /usr/share/nginx/html/ && \ - chmod -R 755 /usr/share/nginx/html - -ENV RUN_USER nginx -ENV RUN_GROUP nginx -EXPOSE 80 -ENTRYPOINT nginx -g "daemon off;" diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 261eeb9e9f8b2b4b0d119366dda99c6fd7d35c64..0000000000000000000000000000000000000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/README-en.md b/README-en.md deleted file mode 100644 index 3715c1b9a700b9fb9986d3f39b7c48477e26da8c..0000000000000000000000000000000000000000 --- a/README-en.md +++ /dev/null @@ -1,46 +0,0 @@ -# openEuler DOCS - -### Introduction - -DOCS contains all documents of the openEuler community, including the release notes, OS installation guide, administrator guide, virtualization, container, and A-Tune user guides, and application development guide. - -### Searching for a Document in DOCS - -Open the **content** folder. The folder contains documents in Chinese (**zh** folder) and English (**en** folder). The English document is used as an example. In the **en** folder, the **docs** folder contains the content of a specific document, and the **menu** folder contains the overview of the document. -Open the **docs** folder. The relationship between guides and folders is as follows: -* **A-Tune**: *A-Tune User Guide* -* **Administrator**: *Administrator Guide* -* **ApplicationDev**: *Application Development Guide* -* **Container**: *Container User Guide* -* **Installation**: *Installation Guide* -* **Quickstart**: *Quick Start* -* **Releasenotes**: *Release Notes* -* **Virtualization**: *Virtualization Application Guide* - - -### Modifying a Document - -When the openEuler version information is updated, the documents herein also need to be updated. Thank you for providing updates. - -### Checking the Relationship Between Versions and Branches -The DOCS contains the following three branches: - -* **master**: development branch, which is the default branch -* **stable-1.0\_Base**: 1.0 Base version branch, which is displayed in **DOCS** > **1.0 BASE** on the [openEuler community website](https://openeuler.org/) -* **stable-20.03\_LTS**: 20.03 LTS version branch, which is displayed in **DOCS** > **20.03 LTS** on the [openEuler community website](https://openeuler.org/) - -### Participating in SIG -Create or reply to an issue: You can discuss an issue by creating or replying to an issue. -Submit a Pull Request (PR): You can participate in SIG by submitting a PR. -Submit comments: You can submit comments on issues or PRs. -We are always pleased to receive PRs from you. - -### Member -#### Maintainer List -- Rudy_Tan (@rudy_tan) -- amyMaYun (@amy_mayun) -- fhxing (@fhxing168) - -### Contacting Us -E-mails: dev@openeuler.org -IRC: #openeuler-doc \ No newline at end of file diff --git a/README.md b/README.md deleted file mode 100644 index c84d8fee9e82481d4cc330ae2c6e45ce1df7283b..0000000000000000000000000000000000000000 --- a/README.md +++ /dev/null @@ -1,46 +0,0 @@ -# openEuler 文档 - -### 介绍 - -Docs包含了openEuler社区的所有文档,包括发行说明、操作系统安装,管理员指南,虚拟化和容器的使用指导,A-Tune使用指导,应用开发指导等内容。 -### 如何在Docs中查找文档 - -打开“content”文件夹,该文件夹包含了中文(“zh”文件夹)和英文(“en”文件夹)两种语言文档,以中文文档举例进行说明。 -在“zh”文件夹中,“docs”文件夹包含了具体文档的内容,“menu”包含了文档的大纲内容。 -打开“docs”文件夹,各手册和文件夹对应关系如下。 -* A-Tune文件夹对应:A-Tune用户指南 -* Adminnistration文件夹对应手册为:管理员指南 -* ApplicationDev文件夹对应手册为:应用开发指南 -* Container文件夹对应手册为:容器用户指南 -* Installation文件夹对应手册为:安装指南 -* Quickstart文件夹对应手册为:快速入门 -* Releasenotes文件夹对应手册为:发行说明 -* Virtualization文件夹对应手册为:虚拟化应用指南 - - -### 如何修改文档 - -当openEuler版本信息有刷新时,这里文档也需要刷新。很感谢您愿意提供刷新内容。 -请阅读[资料开发流程指导](https://gitee.com/lss410313/docs/wikis/Home)进行操作参考。 - -### 如何查看版本分支对应关系 -Docs包含了如下3个分支: -* master:开发分支,为默认分支。 -* stable-1.0_Base:1.0 Base版本分支,分支内容呈现在[openEuler社区](https://openeuler.org/)网站“文档->1.0 BASE。 -* stable-20.03_LTS:20.03 LTS版本分支,分支内容呈现在[openEuler社区](https://openeuler.org/)网站“文档->20.03 LTS”。 - -### 如何参与SIG -建立或回复 issue:欢迎通过建立或回复 issue 来讨论。 -提交PR:欢迎通过提交PR的方式参与SIG。具体操作方法可参考[PR提交指南](https://gitee.com/openeuler/community/blob/master/zh/contributors/pull-request.md)。 -提交评论:欢迎在issue或PR中提交评论。 -重要的事说三遍:欢迎提交 PR!欢迎提交 PR!欢迎提交 PR! - -### 成员 -#### Maintainer 列表 -- Rudy_Tan(@rudy_tan) -- amyMaYun(@amy_mayun) -- fhxing(@fhxing168) - -### 如何联系我们 -邮件列表: dev@openeuler.org -IRC: #openeuler-doc \ No newline at end of file diff --git a/archetypes/default.md b/archetypes/default.md deleted file mode 100644 index 00e77bd79be44872c0b29256b03799c2fb00c10d..0000000000000000000000000000000000000000 --- a/archetypes/default.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: "{{ replace .Name "-" " " | title }}" -date: {{ .Date }} -draft: true ---- - diff --git a/assets/_custom.scss b/assets/_custom.scss deleted file mode 100644 index 9132fb60596fd0cce86d47583cba560f13bc7a95..0000000000000000000000000000000000000000 --- a/assets/_custom.scss +++ /dev/null @@ -1 +0,0 @@ -@import "variables"; diff --git a/config.toml b/config.toml deleted file mode 100644 index ffde1551e438cd8963e1682fa5d1d8645eec6c90..0000000000000000000000000000000000000000 --- a/config.toml +++ /dev/null @@ -1,68 +0,0 @@ -# hugo server --minify --themesDir ... --baseURL=http://0.0.0.0:1313/example - -baseURL = '/' -title = 'Hugo Book' -theme = 'project' -disableKinds = ['taxonomy', 'taxonomyTerm'] -# themesDir = '../..' - -# Book configuration -disablePathToLower = true -enableGitInfo = true -defaultContentLanguage = "en" -defaultContentLanguageInSubdir = false - -uglyURLs = true - -# Code highlight -# pygmentsStyle = 'monokailight' -pygmentsCodeFences = true - -[params] - # (Optional, default 6) Set how many table of contents levels to be showed on page. - # Use false to hide ToC, note that 0 will default to 6 (https://gohugo.io/functions/default/) - # You can also specify this parameter per page in front matter - BookToC = 3 - - # (Optional, default none) Set leaf bundle to render as side menu - # When not specified file structure and weights will be used - BookMenuBundle = '/menu' - - # (Optional, default docs) Specify section of content to render as menu - # You can also set value to '*' to render all sections to menu - #BookSection = 'docs' - - # (Optional) This value is duplicate of $link-color for making active link highlight in menu bundle mode - # BookMenuBundleActiveLinkColor = '\#004ed0' - - # Set source repository location. - # Used for 'Last Modified' and 'Edit this page' links. - BookRepo = 'https://gitee.com/openeuler/docs' - - # Enable "Edit this page" links for 'doc' page type. - # Disabled by default. Uncomment to enable. Requires 'BookRepo' param. - # Path must point to 'content' directory of repo. - BookEditPath = 'master/content' - - # Configure the date format used on the pages - # - In git information - # - In blog posts - BookDateFormat = 'Jan 2, 2006' - - # (Optional, default true) Enables search function with lunr.js, - # Index is built on fly, therefore it might slowdown your website. - BookSearch = true - - bookFlatSection = true - bookHidden = true - - -[languages] - -[languages.en] - languageCode = "en-us" - contentDir = "content/en" - -[languages.zh] - languageCode = "zh-cn" - contentDir = "content/zh" diff --git a/config.yaml b/config.yaml deleted file mode 100644 index 59d0ddc5a69c14e3094489dabec67dc5c68deffe..0000000000000000000000000000000000000000 --- a/config.yaml +++ /dev/null @@ -1,50 +0,0 @@ -# hugo server --minify --themesDir ... --baseURL=http://0.0.0.0:1313/example - -baseURL: https://example.com/ -title: Hugo Book -theme: hugo-book -disableKinds: ['taxonomy', 'taxonomyTerm'] -# themesDir: ../.. - -# Book configuration -disablePathToLower: true -enableGitInfo: true - -# Code highlight -# pygmentsStyle: monokailight -pygmentsCodeFences: true - -params: - # (Optional, default 6) Set how many table of contents levels to be showed on page. - # Use false/off to hide ToC, note that 0 will default to 6 (https://gohugo.io/functions/default/) - # You can also specify this parameter per page in front matter - BookToC: 3 - - # (Optional, default none) Set leaf bundle to render as side menu - # When not specified file structure and weights will be used - BookMenuBundle: /menu - - # (Optional, default docs) Specify section of content to render as menu - # You can also set value to '*' to render all sections to menu - BookSection: docs - - # (Optional) This value is duplicate of $link-color for making active link highlight in menu bundle mode - # BookMenuBundleActiveLinkColor: "\#004ed0" - - # Set source repository location. - # Used for 'Last Modified' and 'Edit this page' links. - BookRepo: https://github.com/alex-shpak/hugo-book - - # Enable "Edit this page" links for 'doc' page type. - # Disabled by default. Uncomment to enable. Requires 'BookRepo' param. - # Path must point to 'content' directory of repo. - BookEditPath: edit/master/exampleSite/content - - # Configure the date format used on the pages - # - In git information - # - In blog posts - BookDateFormat: 'Jan 2, 2006' - - # (Optional, default true) Enables search function with lunr.js, - # Index is built on fly, therefore it might slowdown your website. - BookSearch: true diff --git a/content/en/docs/A-Tune/figures/en-us_image_0227497343.png b/content/en/docs/A-Tune/figures/en-us_image_0227497343.png deleted file mode 100644 index b614ad05d1f687b344f6bc1ff2f7e72938968aee..0000000000000000000000000000000000000000 Binary files a/content/en/docs/A-Tune/figures/en-us_image_0227497343.png and /dev/null differ diff --git a/content/en/docs/A-Tune/getting-to-know-a-tune.md b/content/en/docs/A-Tune/getting-to-know-a-tune.md deleted file mode 100644 index 03415ded0cdc5fe96a42f1d872a45dde1ede6c4d..0000000000000000000000000000000000000000 --- a/content/en/docs/A-Tune/getting-to-know-a-tune.md +++ /dev/null @@ -1,179 +0,0 @@ -# Getting to Know A-Tune - -- [Getting to Know A-Tune](#getting-to-know-a-tune) - - [Introduction](#introduction) - - [Architecture](#architecture) - - [Supported Features and Service Models](#supported-features-and-service-models) - - - -## Introduction - -An operating system \(OS\) is basic software that connects applications and hardware. It is critical for users to adjust OS and application configurations and make full use of software and hardware capabilities to achieve optimal service performance. However, numerous workload types and varied applications run on the OS, and the requirements on resources are different. Currently, the application environment composed of hardware and software involves more than 7000 configuration objects. As the service complexity and optimization objects increase, the time cost for optimization increases exponentially. As a result, optimization efficiency decreases sharply. Optimization becomes complex and brings great challenges to users. - -Second, as infrastructure software, the OS provides a large number of software and hardware management capabilities. The capability required varies in different scenarios. Therefore, capabilities need to be enabled or disabled depending on scenarios, and a combination of capabilities will maximize the optimal performance of applications. - -In addition, the actual business embraces hundreds and thousands of scenarios, and each scenario involves a wide variety of hardware configurations for computing, network, and storage. The lab cannot list all applications, business scenarios, and hardware combinations. - -To address the preceding challenges, openEuler launches A-Tune. - -A-Tune is an AI-based engine that optimizes system performance. It uses AI technologies to precisely profile business scenarios, discover and infer business characteristics, so as to make intelligent decisions, match with the optimal system parameter configuration combination, and give recommendations, ensuring the optimal business running status. - -![](figures/en-us_image_0227497000.png) - -## Architecture - -The following figure shows the A-Tune core technical architecture, which consists of intelligent decision-making, system profile, and interaction system. - -- Intelligent decision-making layer: consists of the awareness and decision-making subsystems, which implements intelligent awareness of applications and system optimization decision-making, respectively. -- System profile layer: consists of the labeling and learning subsystems. The labeling subsystem is used to cluster service models, and the learning subsystem is used to learn and classify service models. -- Interaction system layer: monitors and configures various system resources and executes optimization policies. - -![](figures/en-us_image_0227497343.png) - -## Supported Features and Service Models - -### Supported Features - -[Table 1](#table1919220557576) describes the main features supported by A-Tune, feature maturity, and usage suggestions. - -**Table 1** Feature maturity - - - - - - - - - - - - - - - - - - - - -

Feature

-

Maturity

-

Usage Suggestion

-

Auto optimization of 11 applications in seven workload types

-

Tested

-

Pilot

-

User-defined workload types and service models

-

Tested

-

Pilot

-

Automatic parameter optimization

-

Tested

-

Pilot

-
- -### Supported Service Models - -Based on the workload characteristics of applications, A-Tune classifies services into seven types. For details about the workload characteristics of each type and the applications supported by A-Tune, see [Table 2](#table2819164611311). - -**Table 2** Supported workload types and applications - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Workload

-

Type

-

Workload Characteristic

-

Supported Application

-

default

-

Default type

-

The usage of CPU, memory bandwidth, network, and I/O resources is low.

-

N/A

-

webserver

-

HTTPS application

-

The CPU usage is high.

-

Nginx

-

big_database

-

Database

-
  • Relational database

    Read: The usage of CPU, memory bandwidth, and network is high.

    -

    Write: The usage of I/O is high.

    -
-
  • Non-relational database

    The usage of CPU and I/O is high.

    -
-

MongoDB, MySQL, PostgreSQL, and MariaDB

-

big_data

-

Big data

-

The usage of CPU and I/O is high.

-

Hadoop and Spark

-

in-memory_computing

-

Memory-intensive application

-

The usage of CPU and memory bandwidth is high.

-

SPECjbb2015

-

in-memory_database

-

Computing- and network-intensive application

-

The usage of a single-core CPU is high, and the network usage is high in multi-instance scenarios.

-

Redis

-

single_computer_intensive_jobs

-

Computing-intensive application

-

The usage of a single-core CPU is high, and the usage of memory bandwidth of some subitems is high.

-

SPECCPU2006

-

communication

-

Network-intensive application

-

The usage of CPU and network is high.

-

Dubbo

-

idle

-

System in idle state

-

The system is in idle state and no applications are running.

-

N/A

-
- diff --git "a/content/en/docs/Container/figures/\345\256\211\345\205\250\345\256\271\345\231\250\346\241\206\346\236\2661.png" "b/content/en/docs/Container/figures/\345\256\211\345\205\250\345\256\271\345\231\250\346\241\206\346\236\2661.png" deleted file mode 100644 index 2e8b48bdbd0766ec513e0654212cd16613eff826..0000000000000000000000000000000000000000 Binary files "a/content/en/docs/Container/figures/\345\256\211\345\205\250\345\256\271\345\231\250\346\241\206\346\236\2661.png" and /dev/null differ diff --git a/content/en/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png b/content/en/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png deleted file mode 100644 index f56a7dd0c45acf8a4c3a735ed623eaccd19bfaef..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/advanced-user-configuration.png b/content/en/docs/Installation/figures/advanced-user-configuration.png deleted file mode 100644 index c7d708ba1b466b514c978b738f67b15723f8bc2e..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/advanced-user-configuration.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/completing-the-installation.png b/content/en/docs/Installation/figures/completing-the-installation.png deleted file mode 100644 index 6e7fb79328124e1eb03d7c2aa57d4bcb3b592d3c..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/completing-the-installation.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/creating-a-user.png b/content/en/docs/Installation/figures/creating-a-user.png deleted file mode 100644 index 8203597a9f82d2aac03987fd9c381d55eb6b40c8..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/creating-a-user.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/disk-encryption-password.png b/content/en/docs/Installation/figures/disk-encryption-password.png deleted file mode 100644 index ba84e060133644910ff199376e11d2929cfe8d47..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/disk-encryption-password.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/error-message.png b/content/en/docs/Installation/figures/error-message.png deleted file mode 100644 index 0349567af5b1695a611b8c32219b469bcf2170e8..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/error-message.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/installation-process.png b/content/en/docs/Installation/figures/installation-process.png deleted file mode 100644 index 202ef0ce7f371417d6371867c1f3bfff6d07cd91..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/installation-process.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/installation-summary.png b/content/en/docs/Installation/figures/installation-summary.png deleted file mode 100644 index d74f2eeae91338c4e8a9a9c03b19361df89ac388..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/installation-summary.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/installation-wizard.png b/content/en/docs/Installation/figures/installation-wizard.png deleted file mode 100644 index 0ee099a675eee71fdeb3ba3ad0f30e0be20d7af3..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/installation-wizard.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/manual-partitioning-page.png b/content/en/docs/Installation/figures/manual-partitioning-page.png deleted file mode 100644 index c14540e86c178f28d34be24eebd8c487ca377783..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/manual-partitioning-page.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/password-of-the-root-account.png b/content/en/docs/Installation/figures/password-of-the-root-account.png deleted file mode 100644 index 16f77d9ce59c0bf082915c2e958513fcc6244af9..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/password-of-the-root-account.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/selecting-a-language.png b/content/en/docs/Installation/figures/selecting-a-language.png deleted file mode 100644 index 2f41e205b0c8f97eee950e8ce3f44b953f1c2c71..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/selecting-a-language.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/selecting-installation-software.png b/content/en/docs/Installation/figures/selecting-installation-software.png deleted file mode 100644 index 79ea7b97705c91af1fa6cd8fb47a0a15fa3607cf..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/selecting-installation-software.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/semi-automatic-installation.png b/content/en/docs/Installation/figures/semi-automatic-installation.png deleted file mode 100644 index dcdfb60e3e77594c59cfbaaece61881347cd4032..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/semi-automatic-installation.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/setting-a-system-language.png b/content/en/docs/Installation/figures/setting-a-system-language.png deleted file mode 100644 index 79f6d5b959abaa20d077e3d0d82a2cb05bc428d6..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/setting-a-system-language.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/setting-date-and-time.png b/content/en/docs/Installation/figures/setting-date-and-time.png deleted file mode 100644 index 9a18de4816560da52bd5e6f6a5d8c0f1a0ddde13..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/setting-date-and-time.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/setting-the-installation-destination.png b/content/en/docs/Installation/figures/setting-the-installation-destination.png deleted file mode 100644 index 7dd9ba0fd65069492156fc31d3b9adbc7965de98..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/setting-the-installation-destination.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/setting-the-installation-source.png b/content/en/docs/Installation/figures/setting-the-installation-source.png deleted file mode 100644 index 94990f7c3071d7153203a2d75cf6632b1505beda..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/setting-the-installation-source.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/setting-the-keyboard-layout.png b/content/en/docs/Installation/figures/setting-the-keyboard-layout.png deleted file mode 100644 index 9aa9d72da79ca7d89c36949926ff272edc83592c..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/setting-the-keyboard-layout.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/setting-the-network-and-host-name.png b/content/en/docs/Installation/figures/setting-the-network-and-host-name.png deleted file mode 100644 index ddfb08fac47b8b4681cca2f5ce18c4258f365ac0..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/setting-the-network-and-host-name.png and /dev/null differ diff --git a/content/en/docs/Installation/figures/starting-installation.png b/content/en/docs/Installation/figures/starting-installation.png deleted file mode 100644 index fb9ca40b29b63430744920c88e8069a92a3d2ff2..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Installation/figures/starting-installation.png and /dev/null differ diff --git a/content/en/docs/Quickstart/figures/advanced-user-configuration.png b/content/en/docs/Quickstart/figures/advanced-user-configuration.png deleted file mode 100644 index c7d708ba1b466b514c978b738f67b15723f8bc2e..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Quickstart/figures/advanced-user-configuration.png and /dev/null differ diff --git a/content/en/docs/Quickstart/figures/completing-the-installation.png b/content/en/docs/Quickstart/figures/completing-the-installation.png deleted file mode 100644 index 6e7fb79328124e1eb03d7c2aa57d4bcb3b592d3c..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Quickstart/figures/completing-the-installation.png and /dev/null differ diff --git a/content/en/docs/Quickstart/figures/creating-a-user.png b/content/en/docs/Quickstart/figures/creating-a-user.png deleted file mode 100644 index 8203597a9f82d2aac03987fd9c381d55eb6b40c8..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Quickstart/figures/creating-a-user.png and /dev/null differ diff --git a/content/en/docs/Quickstart/figures/installation-summary.png b/content/en/docs/Quickstart/figures/installation-summary.png deleted file mode 100644 index d74f2eeae91338c4e8a9a9c03b19361df89ac388..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Quickstart/figures/installation-summary.png and /dev/null differ diff --git a/content/en/docs/Quickstart/figures/installation-wizard.png b/content/en/docs/Quickstart/figures/installation-wizard.png deleted file mode 100644 index 0ee099a675eee71fdeb3ba3ad0f30e0be20d7af3..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Quickstart/figures/installation-wizard.png and /dev/null differ diff --git a/content/en/docs/Quickstart/figures/password-of-the-root-account.png b/content/en/docs/Quickstart/figures/password-of-the-root-account.png deleted file mode 100644 index 16f77d9ce59c0bf082915c2e958513fcc6244af9..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Quickstart/figures/password-of-the-root-account.png and /dev/null differ diff --git a/content/en/docs/Quickstart/figures/selecting-a-language.png b/content/en/docs/Quickstart/figures/selecting-a-language.png deleted file mode 100644 index 2f41e205b0c8f97eee950e8ce3f44b953f1c2c71..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Quickstart/figures/selecting-a-language.png and /dev/null differ diff --git a/content/en/docs/Quickstart/figures/selecting-installation-software.png b/content/en/docs/Quickstart/figures/selecting-installation-software.png deleted file mode 100644 index 79ea7b97705c91af1fa6cd8fb47a0a15fa3607cf..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Quickstart/figures/selecting-installation-software.png and /dev/null differ diff --git a/content/en/docs/Quickstart/figures/setting-the-installation-destination.png b/content/en/docs/Quickstart/figures/setting-the-installation-destination.png deleted file mode 100644 index 7dd9ba0fd65069492156fc31d3b9adbc7965de98..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Quickstart/figures/setting-the-installation-destination.png and /dev/null differ diff --git a/content/en/docs/Quickstart/figures/starting-installation.png b/content/en/docs/Quickstart/figures/starting-installation.png deleted file mode 100644 index fb9ca40b29b63430744920c88e8069a92a3d2ff2..0000000000000000000000000000000000000000 Binary files a/content/en/docs/Quickstart/figures/starting-installation.png and /dev/null differ diff --git a/content/en/docs/Quickstart/quick-start.md b/content/en/docs/Quickstart/quick-start.md deleted file mode 100644 index aec39101da082efdc375548a4fe42db476f92dfa..0000000000000000000000000000000000000000 --- a/content/en/docs/Quickstart/quick-start.md +++ /dev/null @@ -1,338 +0,0 @@ -# Quick Start - -This document uses openEuler 20.03 LTS installed on the TaiShan 200 server as an example to describe how to quickly install and use openEuler OS. For details about the installation requirements and methods, see [openEuler 20.03 LTS Installation Guide](https://openeuler.org/en/docs/20.03_LTS/docs/Installation/Installation.html). - - -- [Quick Start](#quick-start) - - [Installation Preparations](#installation-preparations) - - [Obtaining the Installation Source](#obtaining-the-installation-source) - - [Release Package Integrity Check](#release-package-integrity-check) - - [Starting the Installation](#starting-the-installation) - - [Installation](#installation) - - [Viewing System Information](#viewing-system-information) - - - -## Installation Preparations - -- Hardware Compatibility - - [Table 1](#table14948632047) describes the types of supported servers. - - **Table 1** Supported servers - - - - - - - - - - - - - - - - -

Server Type

-

Server Name

-

Server Model

-

Rack server

-

TaiShan 200

-

2280 balanced model

-

Rack server

-

FusionServer Pro

-

FusionServer Pro 2288H V5

-
NOTE:

The server must be configured with the Avago SAS3508 RAID controller card and the LOM-X722 NIC.

-
-
- -- Minimum Hardware Specifications - - [Table 2](#tff48b99c9bf24b84bb602c53229e2541) lists the minimum hardware specifications supported by openEuler. - - **Table 2** Minimum hardware specifications - - - - - - - - - - - - - - - - - - - - - - - - -

Component

-

Minimum Hardware Specifications

-

Description

-

Architecture

-
  • AArch64
  • x86_64
-
  • 64-bit Arm architecture
  • 64-bit Intel x86 architecture
-

CPU

-
  • Huawei Kunpeng 920 series
  • Intel ® Xeon® processor
-

-

-

Memory

-

≥ 4 GB (8 GB or higher recommended for better user experience)

-

-

-

Hard disk

-

≥ 120 GB (for better user experience)

-

The hard disk supports IDE, SATA, SAS interfaces.

-
- - -## Obtaining the Installation Source - -Perform the following operations to obtain the openEuler release package: - -1. Log in to the [openEuler Community](https://openeuler.org) website. -2. Click **Download**. -3. Click the link provided after **Download ISO**. The download list is displayed. -4. Click **openEuler-20.03-LTS**. The openEuler 20.03 LTS version download list is displayed. -5. Click **ISO**. The ISO download list is displayed. - - **aarch64**: ISO image file of the AArch64 architecture - - **x86\_64**: ISO image file of the x86\_64 architecture - - **source**: ISO image file of the openEuler source code - -6. Select the openEuler release package and verification file to be downloaded based on the architecture of the environment to be installed. - - If the AArch64 architecture is used: - 1. Click **aarch64**. - 2. Click **openEuler-20.03-LTS-aarch64-dvd.iso** to download the openEuler release package to the local host. - 3. Click **openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. - - - If the x86\_64 architecture is used: - 1. Click **x86\_64**. - 2. Click **openEuler-20.03-LTS-x86\_64-dvd.iso** to download the openEuler release package to the local host. - 3. Click **openEuler-20.03-LTS-x86\_64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. - - - -## Release Package Integrity Check - -To prevent incomplete download of the software package due to network or storage device problems during the transmission, you can perform the following steps to check the integrity of the obtained openEuler software package: - -1. Obtain the verification value in the verification file. Run the following command: - - ``` - #cat openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum - ``` - -2. Calculate the SHA256 verification value of the file. Run the following command: - - ``` - #sha256sum openEuler-20.03-LTS-aarch64-dvd.iso - ``` - - After the command is run, the verification value is displayed. - -3. Check whether the values calculated in step 1 and step 2 are consistent. - - If the verification values are consistent, the .iso file is not damaged. If they are inconsistent, you can confirm that the file is damaged and you need to obtain the file again. - - -## Starting the Installation - -1. Log in to the iBMC WebUI. - - For details, see [TaiShan 200 Server User Guide \(Model 2280\)](https://support.huawei.com/enterprise/en/doc/EDOC1100093459). - -2. Choose **Configuration** from the main menu, and select **Boot Device** from the navigation tree. The **Boot Device** page is displayed. - - Set **Effective** and **Boot Medium** to **One-time** and **DVD-ROM**, respectively, and click **Save**, as shown in [Figure 1](#fig1011938131018). - - **Figure 1** Setting the boot device - ![](figures/setting-the-boot-device.png "setting-the-boot-device") - -3. Choose **Remote Console** from the main menu. The **Remote Console** page is displayed. - - Select an integrated remote console as required to access the remote virtual console, for example, **Java Integrated Remote Console \(Shared\)**. - -4. On the toolbar, click the icon shown in the following figure. - - **Figure 2** Drive icon - ![](figures/drive-icon.png "drive-icon") - - An image dialog box is displayed, as shown in the following figure. - - **Figure 3** Image dialog box - ![](figures/image-dialog-box.png "image-dialog-box") - -5. Select **Image File** and then click **Browse**. The **Open** dialog box is displayed. -6. Select the image file and click **Open**. In the image dialog box, click **Connect**. If **Connect** changes to **Disconnect**, the virtual CD/DVD-ROM drive is connected to the server. -7. On the toolbar, click the restart icon shown in the following figure to restart the device. - - **Figure 4** Restart icon - ![](figures/restart-icon.png "restart-icon") - -8. A boot menu is displayed after the system restarts, as shown in [Figure 5](#fig1648754873314). - - >![](public_sys-resources/icon-note.gif) **NOTE:** - >- If you do not perform any operations within 1 minute, the system automatically selects the default option **Test this media & install openEuler 20.03 LTS** and enters the installation page. - >- During PM installation, if you cannot use the arrow keys to select boot options and the system does not respond after you press **Enter**, click ![](figures/en-us_image_0229420473.png) on the BMC page and configure **Key & Mouse Reset**. - - **Figure 5** Installation Wizard - - -9. On the installation wizard page, press **Enter** to select the default option **Test this media & install openEuler 20.03 LTS** to enter the GUI installation page. - -## Installation - -After entering the GUI installation page, perform the following operations to install the system: - -1. Set an installation language. The default language is English. You can change the language based on the site requirements, as shown in [Figure 6](#fig874344811484). - - **Figure 6** Selecting a language - - -2. On the **INSTALLATION SUMMARY** page, set configuration items based on the site requirements. - - - A configuration item with an alarm symbol must be configured. When the alarm symbol disappears, you can perform the next operation. - - A configuration item without an alarm symbol is configured by default. - - You can click **Begin Installation** to install the system only when all alarms are cleared. - - **Figure 7** Installation summary - - - 1. Select **Software Selection** to set configuration items. - - Based on the site requirements, select **Minimal Install** on the left box and select an add-on in the **Add-Ons for Selected Environment** area on the right, as shown in [Figure 8](#fig1133717611109). - - **Figure 8** Selecting installation software - - - >![](public_sys-resources/icon-note.gif) **NOTE:** - >- In **Minimal Install** mode, not all packages in the installation source will be installed. If the required package is not installed, you can mount the installation source to the local PC and configure a repo source, and use DNF to install the package. - >- If you select **Virtual Host**, the virtualization components QEMU, libvirt, and edk2 are installed by default. You can select whether to install the OVS component in the add-on area. - - After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. - - 2. Select **Installation Destination** to set configuration items. - - On the **INSTALLATION DESTINATION** page, select a local storage device. - - >![](public_sys-resources/icon-notice.gif) **NOTICE:** - >When selecting the device to be installed, you are advised not to use the NVMe SSD storage medium as the OS installation disk. - - You also need to configure the storage to partition the system. You can either manually configure partitions or select **Automatic** to automatically configure partitioning. Select **Automatic** if the software is installed in a new storage device or the data in the storage device is not required, as shown in [Figure 9](#fig153381468101). - - **Figure 9** Setting the installation destination - - - >![](public_sys-resources/icon-note.gif) **NOTE:** - >- During partitioning, to ensure system security and performance, you are advised to divide the device into the following partitions: **/boot**, **/var**, **/var/log**, **/var/log/audit**, **/home**, and **/tmp**. - >- If the system is configured with the swap partition, the swap partition is used when the physical memory of the system is insufficient. Although the swap partition can be used to expand the physical memory, if the swap partition is used due to insufficient memory, the system response slows and the system performance deteriorates. Therefore, you are not advised to configure the swap partition in the system with sufficient physical memory or the performance sensitive system. - >- If you need to split a logical volume group, select **Custom** to manually partition the logical volume group. On the **MANUAL PARTITIONING** page, click **Modify** in the **Volume Group** area to reconfigure the logical volume group. - - After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. - - 3. Set other configuration items. You can use the default values for other configuration items. - -3. Click **Begin Installation** to install the system, as shown in [Figure 10](#fig1717019357392). - - **Figure 10** Starting installation - - -4. Set the root user password. - - Click **Root Password**. In the displayed dialog box, as shown in [Figure 11](#en-us_topic_0186390266_en-us_topic_0122145909_fig1323165793018), enter a password and re-enter to confirm. - - >![](public_sys-resources/icon-note.gif) **NOTE:** - >The **root** password must be configured when you install software packages. Otherwise, the installation will fail. A **root** account is used for performing critical system administration tasks. It is not recommended to use this account for daily work or system access. - - The password of the **root** user must meet the password complexity requirements. Otherwise, the password configuration or user creation will fail. The password complexity requirements are as follows: - - - A password must contain at least eight characters. - - A password must contain at least three of the following types: uppercase letters, lowercase letters, digits, and special characters. - - A password must be different from the account name. - - A password cannot contain words in the dictionary. - - >![](public_sys-resources/icon-note.gif) **NOTE:** - > In the installed openEuler environment, you can run the `cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt` command to export the dictionary library file **dictionary.txt**, and then check whether the password is in the dictionary. - - **Figure 11** Password of the **root** account - - -5. Create a user. - - Click **User Creation**. [Figure 12](#en-us_topic_0186390266_en-us_topic_0122145909_fig1237715313319) shows the page for creating a user. Enter a username and set a password. The password complexity requirements are the same as those of the user **root**. By clicking **Advanced**, you can also configure a home directory and a user group, as shown in [Figure 13](#en-us_topic_0186390266_en-us_topic_0122145909_fig128716531312). - - **Figure 12** Creating a user - - - **Figure 13** Advanced user configuration - - - After configuration, click **Done** in the left-upper corner to switch back to the installation process page. - -6. After the installation is complete, restart the system. - - openEuler has been installed, as shown in [Figure 14](#en-us_topic_0186390267_en-us_topic_0122145917_fig1429512116338). Click **Reboot** to restart the system. - - **Figure 14** Completing the installation - - - -## Viewing System Information - -After the system is installed and restarted, the system CLI login page is displayed. Enter the username and password set during the installation to log in to openEuler OS and view the following system information. For details about system management and configuration, see the [openEuler 20.03 LTS Administrator Guide](https://openeuler.org/en/docs/20.03_LTS/docs/Administration/administration.html). - -- Run the following command to view the system information: - - ``` - cat /etc/os-release - ``` - - For example, the command and output are as follows: - - ``` - # cat /etc/os-release - NAME="openEuler" - VERSION="20.09" - ID="openEuler" - VERSION_ID="20.09" - PRETTY_NAME="openEuler 20.09" - ANSI_COLOR="0;31" - ``` - -- View system resource information. - - Run the following command to view the CPU information: - - ``` - lscpu - ``` - - Run the following command to view the memory information: - - ``` - free - ``` - - Run the following command to view the disk information: - - ``` - fdisk -l - ``` - -- Run the following command to view the IP address: - - ``` - ip addr - ``` - - diff --git a/content/en/docs/Releasenotes/release_notes.md b/content/en/docs/Releasenotes/release_notes.md deleted file mode 100644 index 2ddacc438016ed80eb04e163e1a17986ed0abb00..0000000000000000000000000000000000000000 --- a/content/en/docs/Releasenotes/release_notes.md +++ /dev/null @@ -1 +0,0 @@ -This document is the release notes for the openEuler 20.03 LTS release version. \ No newline at end of file diff --git a/content/en/menu/index.md b/content/en/menu/index.md deleted file mode 100644 index c954b2d3f2f749220a4042b26bdfe00f8b4334b4..0000000000000000000000000000000000000000 --- a/content/en/menu/index.md +++ /dev/null @@ -1,129 +0,0 @@ ---- -headless: true - - ---- - -- [Terms of Use]({{< relref "./docs/Releasenotes/terms-of-use.md" >}}) -- [Release Notes]({{< relref "./docs/Releasenotes/release_notes.md" >}}) - - [User Notice]({{< relref "./docs/Releasenotes/user-notice.md" >}}) - - [Introduction]({{< relref "./docs/Releasenotes/introduction.md" >}}) - - [Installing the OS]({{< relref "./docs/Releasenotes/installing-the-os.md" >}}) - - [Key Features]({{< relref "./docs/Releasenotes/key-features.md" >}}) - - [Known Issues]({{< relref "./docs/Releasenotes/known-issues.md" >}}) - - [Resolved Issues]({{< relref "./docs/Releasenotes/resolved-issues.md" >}}) - - [Common Vulnerabilities and Exposures \(CVE\)]({{< relref "./docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md" >}}) - - [Source Code]({{< relref "./docs/Releasenotes/source-code.md" >}}) - - [Contribution]({{< relref "./docs/Releasenotes/contribution.md" >}}) - - [Acknowledgement]({{< relref "./docs/Releasenotes/acknowledgement.md" >}}) - -- [Quick Start]({{< relref "./docs/Quickstart/quick-start.md" >}}) -- [Installation Guide]({{< relref "./docs/Installation/Installation.md" >}}) - - [Installation Preparations]({{< relref "./docs/Installation/installation-preparations.md" >}}) - - [Installation Mode]({{< relref "./docs/Installation/installation-mode.md" >}}) - - [Installation Guideline]({{< relref "./docs/Installation/installation-guideline.md" >}}) - - [Using Kickstart for Automatic Installation]({{< relref "./docs/Installation/using-kickstart-for-automatic-installation.md" >}}) - - [FAQs]({{< relref "./docs/Installation/faqs.md" >}}) - -- [Administrator Guide]({{< relref "./docs/Administration/administration.md" >}}) - - [Viewing System Information]({{< relref "./docs/Administration/viewing-system-information.md" >}}) - - [Basic Configuration]({{< relref "./docs/Administration/basic-configuration.md" >}}) - - [User and User Group Management]({{< relref "./docs/Administration/user-and-user-group-management.md" >}}) - - [Using the DNF to Manage Software Packages]({{< relref "./docs/Administration/using-the-dnf-to-manage-software-packages.md" >}}) - - [Service Management]({{< relref "./docs/Administration/service-management.md" >}}) - - [Process Management]({{< relref "./docs/Administration/process-management.md" >}}) - - [Configuring the Network]({{< relref "./docs/Administration/configuring-the-network.md" >}}) - - [Managing Hard Disks Through LVM]({{< relref "./docs/Administration/managing-hard-disks-through-lvm.md" >}}) - - [Using the KAE]({{< relref "./docs/Administration/using-the-kae.md" >}}) - - [Configuring Services]({{< relref "./docs/Administration/configuring-services.md" >}}) - - [Configuring the Repo Server]({{< relref "./docs/Administration/configuring-the-repo-server.md" >}}) - - [Configuring the FTP Server]({{< relref "./docs/Administration/configuring-the-ftp-server.md" >}}) - - [Configuring the Web Server]({{< relref "./docs/Administration/configuring-the-web-server.md" >}}) - - [Setting Up the Database Server]({{< relref "./docs/Administration/setting-up-the-database-server.md" >}}) - - [FAQs]({{< relref "./docs/Administration/faqs.md" >}}) - - -- [Virtualization User Guide]({{< relref "./docs/Virtualization/virtualization.md" >}}) - - [Introduction to Virtualization]({{< relref "./docs/Virtualization/introduction-to-virtualization.md" >}}) - - [Installation to Virtualization]({{< relref "./docs/Virtualization/installation-to-virtualization.md" >}}) - - [Environment Preparation]({{< relref "./docs/Virtualization/environment-preparation.md" >}}) - - [VM Configuration]({{< relref "./docs/Virtualization/vm-configuration.md" >}}) - - [Managing VMs]({{< relref "./docs/Virtualization/managing-vms.md" >}}) - - [VM Live Migration]({{< relref "./docs/Virtualization/vm-live-migration.md" >}}) - - [System Resource Management]({{< relref "./docs/Virtualization/system-resource-management.md" >}}) - - [Managing Devices]({{< relref "./docs/Virtualization/managing-devices.md" >}}) - - [Best Practices]({{< relref "./docs/Virtualization/best-practices.md" >}}) - - [Appendix]({{< relref "./docs/Virtualization/appendix.md" >}}) - - -- [Container User Guide]({{< relref "./docs/Container/container.md" >}}) - - [iSulad Container Engine]({{< relref "./docs/Container/isulad-container-engine.md" >}}) - - [Installation, Upgrade and Uninstallation]({{< relref "./docs/Container/installation-upgrade-Uninstallation.md" >}}) - - [Installation and Configuration]({{< relref "./docs/Container/installation-configuration.md" >}}) - - [Upgrade Methods]({{< relref "./docs/Container/upgrade-methods.md" >}}) - - [Uninstallation]({{< relref "./docs/Container/uninstallation.md" >}}) - - - [Application Scenarios]({{< relref "./docs/Container/application-scenarios.md" >}}) - - [Container Management]({{< ref "./docs/Container/container-management.md" >}}) - - [Interconnection with the CNI Network]({{< ref "./docs/Container/interconnection-with-the-cni-network.md" >}}) - - [Container Resource Management]({{< ref "./docs/Container/container-resource-management.md" >}}) - - [Privileged Container]({{< ref "./docs/Container/privileged-container.md" >}}) - - [CRI]({{< ref "./docs/Container/cri.md" >}}) - - [Image Management]({{< ref "./docs/Container/image-management.md" >}}) - - [Checking the Container Health Status]({{< ref "./docs/Container/checking-the-container-health-status.md" >}}) - - [Querying Information]({{< ref "./docs/Container/querying-information.md" >}}) - - [Security Features]({{< ref "./docs/Container/security-features.md" >}}) - - [Supporting OCI hooks]({{< ref "./docs/Container/supporting-oci-hooks.md" >}}) - - [Appendix]({{< ref "./docs/Container/appendix.md" >}}) - - - [System Container]({{< relref "./docs/Container/system-container.md" >}}) - - [Installation Guideline]({{< relref "./docs/Container/installation-guideline.md" >}}) - - [Usage Guide]({{< relref "./docs/Container/usage-guide.md" >}}) - - [Specifying Rootfs to Create a Container]({{< ref "./docs/Container/specifying-rootfs-to-create-a-container.md" >}}) - - [Using systemd to Start a Container]({{< ref "./docs/Container/using-systemd-to-start-a-container.md" >}}) - - [Reboot or Shutdown in a Container]({{< ref "./docs/Container/reboot-or-shutdown-in-a-container.md" >}}) - - [Configurable Cgroup Path]({{< ref "./docs/Container/configurable-cgroup-path.md" >}}) - - [Writable Namespace Kernel Parameters]({{< ref "./docs/Container/writable-namespace-kernel-parameters.md" >}}) - - [Shared Memory Channels]({{< ref "./docs/Container/shared-memory-channels.md" >}}) - - [Dynamically Loading the Kernel Module]({{< ref "./docs/Container/dynamically-loading-the-kernel-module.md" >}}) - - [Environment Variable Persisting]({{< ref "./docs/Container/environment-variable-persisting.md" >}}) - - [Maximum Number of Handles]({{< ref "./docs/Container/maximum-number-of-handles.md" >}}) - - [Security and Isolation]({{< ref "./docs/Container/security-and-isolation.md" >}}) - - [Dynamically Managing Container Resources \(syscontainer-tools\)]({{< ref "./docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md" >}}) - - [Appendix]({{< ref "./docs/Container/appendix-1.md" >}}) - - - [Secure Container]({{< relref "./docs/Container/secure-container.md" >}}) - - [Installation and Deployment]({{< relref "./docs/Container/installation-and-deployment-1.md" >}}) - - [Application Scenarios]({{< relref "./docs/Container/application-scenarios-2.md" >}}) - - [Managing the Lifecycle of a Secure Container]({{< ref "./docs/Container/managing-the-lifecycle-of-a-secure-container.md" >}}) - - [Configuring Resources for a Secure Container]({{< ref "./docs/Container/configuring-resources-for-a-secure-container.md" >}}) - - [Configuring Networking for a Secure Container]({{< ref "./docs/Container/configuring-networking-for-a-secure-container.md" >}}) - - [Monitoring Secure Containers]({{< ref "./docs/Container/monitoring-secure-containers.md" >}}) - - [Appendix]({{< ref "./docs/Container/appendix-2.md" >}}) - - - [Docker Container]({{< relref "./docs/Container/docker-container.md" >}}) - - [Installation and Deployment]({{< relref "./docs/Container/installation-and-deployment-2.md" >}}) - - [Container Management]({{< ref "./docs/Container/container-management-1.md" >}}) - - [Image Management]({{< ref "./docs/Container/image-management-1.md" >}}) - - [Command Reference]({{< ref "./docs/Container/command-reference.md" >}}) - - [Container Engine]({{< ref "./docs/Container/container-engine.md" >}}) - - [Container Management]({{< ref "./docs/Container/container-management-2.md" >}}) - - [Image Management]({{< ref "./docs/Container/image-management-2.md" >}}) - - [Statistics]({{< ref "./docs/Container/statistics.md" >}}) - - -- [A-Tune User Guide]({{< relref "./docs/A-Tune/A-Tune.md" >}}) - - [Getting to Know A-Tune]({{< relref "./docs/A-Tune/getting-to-know-a-tune.md" >}}) - - [Installation and Deployment]({{< relref "./docs/A-Tune/installation-and-deployment.md" >}}) - - [Application Scenarios]({{< relref "./docs/A-Tune/application-scenarios.md" >}}) - - [FAQs]({{< relref "./docs/A-Tune/faqs.md" >}}) - - [Appendixes]({{< relref "./docs/A-Tune/appendixes.md" >}}) - - - -- [Application Development Guide]({{< relref "./docs/ApplicationDev/application-development.md" >}}) - - [Preparation]({{< relref "./docs/ApplicationDev/preparation.md" >}}) - - [Using GCC for Compilation]({{< relref "./docs/ApplicationDev/using-gcc-for-compilation.md" >}}) - - [Using Make for Compilation]({{< relref "./docs/ApplicationDev/using-make-for-compilation.md" >}}) - - [Using JDK for Compilation]({{< relref "./docs/ApplicationDev/using-jdk-for-compilation.md" >}}) - - [Building an RPM Package]({{< relref "./docs/ApplicationDev/building-an-rpm-package.md" >}}) \ No newline at end of file diff --git a/content/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png b/content/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png deleted file mode 100644 index 6db5a0793fe3068c7519d9a157abc856560e71b2..0000000000000000000000000000000000000000 Binary files a/content/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png and /dev/null differ diff --git a/content/zh/docs/Container/figures/kata-arch.png b/content/zh/docs/Container/figures/kata-arch.png deleted file mode 100644 index 60fbb602d94cf7a8e13bd6ecb520c99e574037e6..0000000000000000000000000000000000000000 Binary files a/content/zh/docs/Container/figures/kata-arch.png and /dev/null differ diff --git "a/content/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" "b/content/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" deleted file mode 100644 index 174a2ed26e8a86923768c59c958a65a9c9414f6e..0000000000000000000000000000000000000000 --- "a/content/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" +++ /dev/null @@ -1,798 +0,0 @@ -# isula-build容器镜像构建 - -## 概述 - -### 简介 - -isula-build是iSula团队推出的容器镜像构建工具,安装部署过程简单,通过Dockerfile文件可以迅速构建出容器镜像。其中,isula-build提供命令行工具,isula-builder常驻后台,处理客户端请求。 - -- 该工具目前所支持功能: - 1. ctr-img,构建容器镜像。 - 1. build,根据给定dockerfile构建出容器镜像。 - 2. images,列出本地容器镜像。 - 3. import,导入容器基础镜像。 - 4. load,导入层叠镜像。 - 5. rm,删除本地镜像。 - 6. save,导出容器镜像至本地磁盘。 - 7. tag,给本地容器镜像打tag。 - 2. login,登陆容器镜像仓库。 - 3. logout,登出容器镜像仓库。 - 4. version,查看版本号。 -- isula-build包含主要特性: - 1. 兼容Dockerfile语法。 - 3. 支持文件系统扩展属性,如Selinux、IMA、EVM等。 - 4. 支持多种镜像导出格式,可以直接将构建镜像结果推送至iSulad或docker。 - -### 快速引导 - -#### 安装部署 - -- rpm包安装 - - ``` - sudo rpm -ivh isula-build-*.rpm && systemctl start isula-build - ``` - -- yum安装 - - 推荐该方式,只需要配置openEuler yum源即可。 - - ``` - sudo yum install -y isula-build && systemctl start isula-build - ``` - - 说明: - - isula-build 构建时依赖 runc,当你安装时需要再安装单独的docker-runc或完整的docker-engine。 - -#### 示例 - -- 新建buildDir目录,在该目录下创建一个dockerfile文件,内容如下: - - ``` - FROM busybox:latest - MAINTAINER "someone" - RUN ["touch", "bar"] - LABEL foo=bar - EXPOSE 8888/udp - EXPOSE 9999/tcp - ENV a=hello - ARG word - ADD ./* /home/ - COPY ./* /home/dir1/ - VOLUME ["var/log"] - STOPSIGNAL 15 - HEALTHCHECK --interval=5m --timeout=3s --retries=1 - CMD ["pwd"] - SHELL ["pwd"] - ``` - -- 在该目录下使用isula-build构建镜像,过程如下: - - ``` - $ sudo isula-build ctr-img build -f dockerfile . - STEP 1: FROM busybox:latest - STEP 2: MAINTAINER "someone" - STEP 3: RUN ["touch", "bar"] - STEP 4: LABEL foo=bar - STEP 5: EXPOSE 8888/udp - STEP 6: EXPOSE 9999/tcp - STEP 7: ENV a=hello - STEP 8: ARG word - STEP 9: ADD ./* /home/ - STEP 10: COPY ./* /home/dir1/ - STEP 11: VOLUME ["var/log"] - STEP 12: STOPSIGNAL 15 - STEP 13: HEALTHCHECK --interval=5m --timeout=3s --retries=1 CMD ["pwd"] - STEP 14: SHELL ["pwd"] - Getting image source signatures - Copying blob sha256:e9235582825a2691b1c91a96580e358c99acfd48082cbf1b92fd2ba4a791efc3 - Copying blob sha256:dc3bca97af8b81508c343b13a08493c7809b474dc25986fcbae90c6722201be3 - Copying config sha256:9ec92a8819f9da1b06ea9ff83307ff859af2959b70bfab101f6a325b1a211549 - Writing manifest to image destination - Storing signatures - Build success with image id: 9ec92a8819f9da1b06ea9ff83307ff859af2959b70bfab101f6a325b1a211549 - ``` - -- 列出所构建镜像。 - - ``` - $ sudo isula-build ctr-img images - ----------------- ----------- ---------------- ---------------------------------------------- - REPOSITORY TAG IMAGE ID CREATED - ------------------ ---------- ---------------- ---------------------------------------------- - foo latest 9ec92a8819f9 2020-06-11 07:45:39.265106109 +0000 UTC - ``` - -- 删除镜像。 - - ``` - $ sudo isula-build ctr-img rm 9ec92a8819f9 - Deleted: sha256:86567f7a01b04c662a9657aac436e8d63ecebb26da4252abb016d177721fa11b - ``` - -#### 重点特性 - -- isula-build兼容dockerfile语法。 -- isula-build可以将构建好的容器镜像直接导入到iSulad、dockerd、registry和本地tar包。 - - - -#### 集成 - -关于iSulad和docker的集成,详情见[与容器引擎集成](#与容器引擎集成)。 - -### 注意事项 - -关于相关约束限制以及与docker build的区别详情见[使用注意事项](#使用注意事项)。 - - - -## 使用指南 - -### 配置 - -isula-builder 包含如下配置文件: - -- /etc/isula-build/configuration.toml:isula-builder 总配置文件,包含设置 isula-builder 日志级别、持久化目录和运行时目录、OCI runtime等。 - 1. debug:设置是否打开debug日志,可选参数:true、false。 - 2. loglevel:设置日志级别,可选参数:“debug”、“info”、“warn”、“error”。 - 3. run_root:设置运行时数据根目录。 - 4. data_root:设置本地持久化目录。 - 5. runtime:设置runtime种类,目前支持runc。 -- /etc/isula-build/storage.toml: 本地持久化存储的配置文件,包含所使用的存储驱动的配置。 - 1. driver:存储驱动类型,目前支持overlay2。 - 2. runroot:临时存储目录。 - 3. graphroot:可读写的镜像存储目录。 - 4. 更多设置可参考 [containers-storage.conf.5.md](https://github.com/containers/storage/blob/master/docs/containers-storage.conf.5.md)。 -- /etc/isula-build/registries.toml : 针对各个镜像仓库的配置文件,含可用的镜像仓库列表、镜像仓库黑名单。 - 1. registries.search:镜像仓库搜索域,在此list的镜像仓库可以被感知,不在此列的不被感知。 - 2. registries.insecure:可访问的不安全镜像仓库地址,在此列表中的镜像仓库将不会通过鉴权,不推荐使用。 - 3. 更多设置可参考 [containers-registries.conf.5.md](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md)。 -- /etc/isula-build/policy.json:镜像pull/push策略文件。注:当前不支持对其进行配置 - -在启动 isula-builder 服务之前,先对服务按需配置,在还未熟悉配置的情况下,也可以直接使用rpm包安装的默认配置直接启动服务。 - -说明: - -以上配置文件,isula-build 支持最大 1M 的配置文件。 - -### 启动服务 - -#### 通过systemd启动 - -1. 配置需在上述配置文件中进行修改。 - - - 启动 isula-build 服务: - - ``` - systemctl start isula-build.service - ``` - - - 停止 isula-build 服务: - - ``` - systemctl stop isula-build.service - ``` - - - 重启 isula-builder 服务: - - ``` - systemctl restart isula-build.service - ``` - - - 查看 isula-build 服务的运行日志: - - ``` - journalctl -u isula-build - ``` - -2. 修改完配置文件后,需使用如下命令使配置生效。 - - ``` - systemctl daemon-reload - ``` - -#### 直接运行二进制启动 - -部分配置可通过isula-builder的flag进行设置,例如: - -``` -isula-builder --dataroot "/var/lib/isula-build" --debug=false -``` - -#### isula-builder目前支持的flags - -``` - --dataroot string persistent dir (default "/var/lib/isula-build") - -D, --debug print debugging information (default true) - -h, --help help for isula-builder - --log-level string The log level to be used. Either "debug", "info", "warn" or "error". (default "info") - --runroot string runtime dir (default "/var/run/isula-build") - --storage-driver string storage-driver (default "overlay") - --storage-opt strings storage driver option (default [overlay.mountopt=nodev]) - --version version for isula-builder -``` - -- -d, --debug: 是否开启调测模式。 -- --log-level: 日志级别,支持 "debug", "info", "warn" or "error",默认为 "info"。 -- --dataroot: 本地持久化路径,默认为"/var/lib/isula-build/"。 -- --runroot: 运行时路径,默认为"/var/run/isula-build/"。 -- --storage-driver:底层存储驱动类型。 -- --storage-opt: 底层存储驱动配置。 - -当命令行启动参数中传递了与配置文件相同的配置选项,优先使用命令行参数启动。 - -### 子命令使用 - -目前 isula-build提供了如下对于容器镜像(ctr-img)操作的功能: - -- build,根据给定dockerfile构建出容器镜像。 -- images,列出本地容器镜像。 -- import,导入容器基础镜像。 -- load,导入层叠镜像。 -- rm,删除本地容器镜像。 -- save, 导出层叠镜像至本地磁盘。 -- tag,给本地容器镜像打tag。 - -同时提供了如下通用指令: - -- info,查看isula-build的运行环境和系统信息。 -- login,登入远端容器镜像仓库。 -- logout,从远端容器镜像仓库登出。 -- version,查看isula-build和isula-builder的版本号。 -- completion(隐式提供),生成bash环境命令补全脚本。 - -#### 容器镜像构建 - -``` -isula-build ctr-img build -``` - -其中 build 包含如下 flags: - -1. --build-arg:string列表,构建过程中需要用到的变量。 -2. --build-static:KV值,构建二进制一致性。目前包含如下K值: - 1. build-time:string,使用固定时间戳来构建容器镜像;时间戳格式为“YYYY-MM-DD HH-MM-SS”。 -3. -f, --filename:string,Dockerfile的路径,不指定则是使用当前路径的Dockerfile文件。 -4. --iidfile:string,输出 image ID 到本地文件。 -5. -o, --output:string,镜像导出的方式和路径。 -6. --proxy:布尔值,继承主机侧环境的proxy环境变量(默认为true)。 -7. --tag:string,设置构建成功的镜像的tag值。 -8. --cap-add:string列表,构建过程中RUN指令所需要的权限。 - -以下为各个 flags 的详解。 - -- **--build-arg** - - 从命令行接受参数作为Dockerfile中的参数,用法: - - ``` - isula-build ctr-img build --build-arg foo=bar -f Dockerfile - ``` - - ``` - $ echo "This is bar file" > bar.txt - $ cat Dockerfile_arg - FROM busybox - ARG foo - ADD ${foo}.txt . - RUN cat ${foo}.txt - $ sudo isula-build ctr-img build --build-arg foo=bar -f Dockerfile_arg - STEP 1: FROM busybox - Getting image source signatures - Copying blob sha256:8f52abd3da461b2c0c11fda7a1b53413f1a92320eb96525ddf92c0b5cde781ad - Copying config sha256:e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b - Writing manifest to image destinationStoring signatures - STEP 2: ARG foo - STEP 3: ADD ${foo}.txt . - STEP 4: RUN cat ${foo}.txt - This is bar file - Getting image source signatures - Copying blob sha256:6194458b07fcf01f1483d96cd6c34302ffff7f382bb151a6d023c4e80ba3050a - Copying blob sha256:6bb56e4a46f563b20542171b998cb4556af4745efc9516820eabee7a08b7b869 - Copying config sha256:39b62a3342eed40b41a1bcd9cd455d77466550dfa0f0109af7a708c3e895f9a2 - Writing manifest to image destination - Storing signatures - Build success with image id: 39b62a3342eed40b41a1bcd9cd455d77466550dfa0f0109af7a708c3e895f9a2 - ``` - -- **--build-static** - - 指定为静态构建,则isula-build会消除所有时间戳差异,同时消除其他构建过程差异,包括:容器ID、hsotname等, 最终构建出能满足BEP要求的容器镜像。 - - 在使用isula-build进行容器镜像构建时,假如给 build 子命令一个固定的时间戳,并在限定如下条件的时候: - - - 构建环境前后保持一致。 - - 构建Dockerfile前后保持一致。 - - 构建产生的中间数据前后保持一致。 - - 构建命令相同。 - - 第三方库版本一致。 - - 对于容器镜像构建,isula-build支持相同的Dockerfile。如果构建环境相同,则多次构建生成的镜像内容和镜像ID相同。 - - --build-static接受k=v形式的键值对选项,当前支持的选项有: - - - build-time:字符串类型。构建静态镜像的固定时间戳,格式为“YYYY-MM-DD HH-MM-SS”。时间戳影响diff层创建修改时间的文件属性。 - - 使用方式如下: - - ``` - $ sudo isula-build ctr-img build -f Dockerfile --build-static='build-time=2020-05-23 10:55:33' . - ``` - - 以此方式,同一环境多次构建出来的容器镜像和镜像ID均会保持一致。 - -- **--iidfile** - - 将构建的镜像ID输出到文件,用法: - - ``` - isula-build ctr-img build --iidfile testfile - ``` - - ``` - $ sudo isula-build ctr-img build -f Dockerfile_arg --iidfile testfile - - $ cat testfile - 76cbeed38a8e716e22b68988a76410eaf83327963c3b29ff648296d5cd15ce7b - ``` - -- **-o, --output** - - 目前 -o, --output 支持如下形式: - - - `isulad:image:tag`:将构建成功的镜像直接推送到 iSulad。比如:`-o isulad:busybox:latest`。同时需要注意如下约束: - - isula-build 和 iSulad 必须在同一个节点上 - - tag必须配置 - - isula-build client端需要将构建成功的镜像暂存成 /var/tmp/isula-build-tmp-%v.tar 再导入至 iSulad,用户需要保证 /var/tmp/ 目录有足够磁盘空间 - - `docker-daemon:image:tag`:将构建成功的镜像直接推送到 Docker daemon。比如:`-o docker-daemon:busybox:latest`。同时需要注意如下约束: - - isula-build 和 docker 必须在同一个节点上 - - tag必须配置 - - `docker://registry.example.com/repository:tag`:将构建成功的镜像直接推送到远端镜像仓库。比如:`-o docker://localhost:5000/library/busybox:latest`。 - - `docker-archive:/:image:tag`:将构建成功的镜像以Docker image的格式保存至本地。比如:`-o docker-archive:/root/image.tar:busybox:latest`。 - - 除去各个flags之外,build子命令的命令行最后还会接收一个argument,该argument类型是string,意义为context,即该Dockerfile构建环境的上下文。该参数默认值为isula-build被执行的当前路径。该路径会影响 .dockerignore 和 Dockerfile的ADD/COPY指令 所检索的路径。 - -- **--proxy** - - 选择构建时RUN指令启动的容器是否从环境上继承proxy相关环境变量"http_proxy","https_proxy","ftp_proxy","no_proxy","HTTP_PROXY","HTTPS_PROXY","FTP_PROXY","NO_PROXY",默认为true。 - - 当用户在Dockerfile配置proxy相关ARG或ENV,将覆盖所继承的环境变量。 - - 注意:若client与daemon不在同一个终端运行,所能继承的环境变量为daemon所在终端的环境变量。 - -- **--tag** - - 设置镜像构建成功之后,该镜像在本地磁盘存储时的tag。 - -- **--cap-add** - - 添加构建过程中RUN指令所需权限,用法: - - ``` - isula-build ctr-img build --cap-add CAP_SYS_ADMIN --cap-add CAP_SYS_PTRACE -f Dockerfile - ``` - -说明: - -isula-build最大支持并发构建100个容器镜像、支持Dockerfile最大1M、支持 .dockerignore 最大 1M - -#### 查看本地持久化构建镜像 - -可通过images命令查看当前本地持久化存储的镜像: - -``` -$ sudo isula-build ctr-img images ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -localhost:5000/library/alpine latest a24bb4013296 2020-20-19 19:59:197 5.85 MB - 39b62a3342ee 2020-20-38 38:66:387 1.45 MB ----------------------------------------------- ----------- ----------------- -------------------------- ------------ -``` - -#### 导入容器基础镜像 - -openEuler会随版本发布一个容器基础镜像,比如openEuler-docker.x86_64.tar.xz。可以通过ctr-img import指令将它导入。 - -命令原型如下: - -``` -isula-build ctr-img import [flags] -``` - -使用举例: - -``` -$ sudo isula-build ctr-img import ./openEuler-docker.x86_64.tar.xz openeuler:20.03 -Import success with image id: 7317851cd2ab33263eb293f68efee9d724780251e4e92c0fb76bf5d3c5585e37 -$ sudo isula-build ctr-img images ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ -openeuler 20.03 7317851cd2ab 2020-08-01 06:25:34 500 MB ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ -``` - -说明: - -isula-build 支持导入最大1G的容器基础镜像 - -#### 导入层叠镜像 - -层叠镜像指的是通过 docker save 或 isula-build ctr-img save 等指令,将一个构建完成的镜像保存至本地之后,镜像压缩包内是一层一层 layer.tar 的镜像包。可以通过 ctr-img load 指令将它导入至 isula-build。 - -命令原型如下: - -``` -isula-build ctr-img load [flags] -``` - -使用举例如下: - -``` -$ sudo isula-build ctr-img load -i ubuntu.tarGetting image source signatures -Copying blob sha256:cf612f747e0fbcc1674f88712b7bc1cd8b91cf0be8f9e9771235169f139d507c -Copying blob sha256:f934e33a54a60630267df295a5c232ceb15b2938ebb0476364192b1537449093 -Copying blob sha256:943edb549a8300092a714190dfe633341c0ffb483784c4fdfe884b9019f6a0b4 -Copying blob sha256:e7ebc6e16708285bee3917ae12bf8d172ee0d7684a7830751ab9a1c070e7a125 -Copying blob sha256:bf6751561805be7d07d66f6acb2a33e99cf0cc0a20f5fd5d94a3c7f8ae55c2a1 -Copying blob sha256:c1bd37d01c89de343d68867518b1155cb297d8e03942066ecb44ae8f46b608a3 -Copying blob sha256:a84e57b779297b72428fc7308e63d13b4df99140f78565be92fc9dbe03fc6e69 -Copying blob sha256:14dd68f4c7e23d6a2363c2320747ab88986dfd43ba0489d139eeac3ac75323b2 -Copying blob sha256:a2092d776649ea2301f60265f378a02405539a2a68093b2612792cc65d00d161 -Copying blob sha256:879119e879f682c04d0784c9ae7bc6f421e206b95d20b32ce1cb8a49bfdef202 -Copying blob sha256:e615448af51b848ecec00caeaffd1e30e8bf5cffd464747d159f80e346b7a150 -Copying blob sha256:f610bd1e9ac6aa9326d61713d552eeefef47d2bd49fc16140aa9bf3db38c30a4 -Copying blob sha256:bfe0a1336d031bf5ff3ce381e354be7b2bf310574cc0cd1949ad94dda020cd27 -Copying blob sha256:f0f15db85788c1260c6aa8ad225823f45c89700781c4c793361ac5fa58d204c7 -Copying config sha256:c07ddb44daa97e9e8d2d68316b296cc9343ab5f3d2babc5e6e03b80cd580478e -Writing manifest to image destination -Storing signatures -Loaded image as c07ddb44daa97e9e8d2d68316b296cc9343ab5f3d2babc5e6e03b80cd580478e -``` - -说明: - -- isula-build load命令仅支持导入包含单个层叠镜像的镜像压缩文件 -- isula-build 支持导入最大50G的容器层叠镜像 - -#### 删除本地持久化镜像 - -可通过rm命令删除当前本地持久化存储的镜像 - -目前支持的flags有: - -``` -Flags: - -a, --all remove all images - -h, --help help for rm - -p, --prune remove all untagged images -``` - -这些flags分别: - -- -a, --all:删除所有本地持久化存储的镜像。 - -- -p, --prune:删除所有没有tag的本地持久化存储的镜像。 - - 使用举例: - - ``` - isula-build ctr-img rm -p - ``` - - ``` - $ sudo isula-build ctr-img rm -p - Deleted: sha256:78731c1dde25361f539555edaf8f0b24132085b7cab6ecb90de63d72fa00c01d - Deleted: sha256:eeba1bfe9fca569a894d525ed291bdaef389d28a88c288914c1a9db7261ad12c - ``` - -#### 导出层叠镜像 - -可通过save命令导出层叠镜像到本地磁盘。命令原型如下: - -``` -isula-build ctr-img save [REPOSITORY:TAG]|imageID -o xx.tar -``` - -通过镜像名字/tag进行导出: - -``` -$ sudo isula-build ctr-img save busybox:latest -o busybox.tar -Getting image source signatures -Copying blob sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a -Copying blob sha256:824082a6864774d5527bda0d3c7ebd5ddc349daadf2aa8f5f305b7a2e439806f -Copying blob sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef -Copying config sha256:21c3e96ac411242a0e876af269c0cbe9d071626bdfb7cc79bfa2ddb9f7a82db6 -Writing manifest to image destination -Storing signatures -Save success with image: busybox:latest -``` - -通过ImageID进行导出: - -``` -$ sudo isula-build ctr-img save 21c3e96ac411 -o busybox.tar -Getting image source signatures -Copying blob sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a -Copying blob sha256:824082a6864774d5527bda0d3c7ebd5ddc349daadf2aa8f5f305b7a2e439806f -Copying blob sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef -Copying config sha256:21c3e96ac411242a0e876af269c0cbe9d071626bdfb7cc79bfa2ddb9f7a82db6 -Writing manifest to image destination -Storing signatures -Save success with image: 21c3e96ac411 -``` - -#### 查看运行环境与系统信息 - -可以通过“isula-build info”指令查看 - -命令原型如下: - -``` -isula-build info [flags] -``` - -支持如下Flags: - -- -H, --human-readable 布尔值,以常用内存表示格式打印内存信息,使用1000次幂 - - 使用举例: - - ``` - $ sudo - isula-build info -H - General: - MemTotal: 7.63 GB - MemFree: 757 MB - SwapTotal: 8.3 GB - SwapFree: 8.25 GB - OCI Runtime: runc - DataRoot: /var/lib/isula-build/ - RunRoot: /var/run/isula-build/ - Builders: 0 - Goroutines: 12 - Store: - Storage Driver: overlay - Backing Filesystem: extfs - Registry: - Search Registries: - oepkgs.net - Insecure Registries: - localhost:5000 - oepkgs.net - ``` - -#### 与远程镜像仓库认证 - -可以通过 login 或 logout 命令来与远程镜像仓库交互 - -- **Login 使用**: - - ``` - isula-build login mydockerhub.io - ``` - - 你可以运行 login 命令来登录远程镜像仓库 - - 目前支持的flag有: - - ``` - Flags: - -p, --password-stdin Read password from stdin - -u, --username string Username to access registry - ``` - - 通过stdin输入密码: - - ``` - $ cat creds.txt | sudo isula-build login -u cooper -p mydockerhub.io - Login Succeeded - ``` - - 通过交互式输入密码: - - ``` - $ sudo isula-build login mydockerhub.io -u cooper - Password: - Login Succeeded - ``` - -- **Logout 使用**: - - ``` - isula-build logout mydockerhub.io - ``` - - 你可以运行 logout 命令来登出远程镜像仓库。 - - 目前支持的flag有: - - ``` - Flags: - -a, --all Logout all registries - ``` - - Flags解释如下: - - -a, --all:登出所有的镜像仓库。 - - ``` - $ sudo isula-build logout -a - Removed authentications - ``` - -#### 版本查询 - -可通过version命令查看当前版本信息: - -``` -$ sudo isula-build version -Client: - Version: 0.9.2 - Go Version: go1.13.3 - Git Commit: ccb2a13 - Built: Sat Aug 22 08:06:47 2020 - OS/Arch: linux/amd64 - -Server: - Version: 0.9.2 - Go Version: go1.13.3 - Git Commit: ccb2a13 - Built: Sat Aug 22 08:06:47 2020 - OS/Arch: linux/amd64 -``` - -说明: - -isula-build completion 和 isula-builder completion 命令用于生成bash命令补全脚本。该命令为命令行框架隐式提供,不会显示在help信息中。 - - - -### 与容器引擎集成 - -isula-build可以与iSulad和docker集成,将构建好的容器镜像导入到容器引擎的本地存储中。 - -#### 与iSulad集成 - -支持将构建成功的镜像直接导出到iSulad。命令行举例: - -``` -$ sudo isula-build ctr-img build -f Dockerfile -o isulad:busybox:2.0 -``` - -通过在-o参数中指定iSulad,将构建好的容器镜像导出到iSulad,可以通过isula images查询。 - -说明: - -要求isula-build和iSulad在同一节点。 - -#### 与Docker集成 - -支持将构建成功的镜像直接导出到Docker daemon。命令行举例: - -``` -$ sudo isula-build ctr-img build -f Dockerfile -o docker-daemon:busybox:2.0 -``` - -通过在-o参数中指定docker-daemon,将构建好的容器镜像导出到docker, 可以通过docker images查询。 - -说明: - -要求isula-build和Docker在同一节点。 - - - -## 使用注意事项 - -本章节主要介绍在使用isula-build构建镜像时相关的约束和限制,以及与docker build的差异。 - -### 约束和限制 - -1. 直接导出镜像到iSulad或docker daemon时,必须指定tag。 -2. 直接导出镜像到iSulad时,isula-build client端需要将构建成功的镜像暂存成 `/var/tmp/isula-build-tmp-%v.tar` 再导入至 iSulad,用户需要保证 /var/tmp/ 目录有足够磁盘空间;同时如果在导出过程中 isula-build client进程被KILL或Ctrl+C终止,需要依赖用户手动清理 `/var/tmp/isula-build-tmp-%v.tar` 文件。 -3. 用户需保证OCI runtime(runc)可执行文件的安全性,避免被恶意替换。 -4. isula-build不支持将持久化工作目录dataroot配置在内存盘上,比如tmpfs。 -5. isula-build目前仅支持使用overlay2为底层graphdriver。 -6. isula-build当前仅支持Docker镜像。 -7. 用户需保证Dockerfile文件的权限为仅当前用户可读写,避免别的用户进行篡改。 -8. 目前仅支持使用主机网络。 -9. 导出的镜像压缩格式,目前仅支持tar.gz格式。 -10. stage name不能以数字开头、stage name的长度限制为64个字符 - -### 与docker差异 - -- isula-build兼容dockerfile语法,但与docker build相比,使用isula-build进行镜像构建和docker build的差异如下: - 1. 在每一个镜像构建stage完成后做一次提交,而不是按行提交。 - 2. isula-build暂不支持缓存。 - 3. 仅RUN指令在构建容器中执行。 - 4. 目前不支持history。 - 5. isula-build的stage name支持以数字开头。 - 6. isula-build的stage name最长可为64个字符。 - 7. ADD指令目前不支持远端URL形式。 - 8. 暂不支持对单次构建进行资源限额,可采取对isula-builder配置资源限额的方式进行限制。 -- isula-build与docker的其它差异如下: - 1. 统计镜像大小时,isula-build是直接计算每层tar包大小之和,而docker是通过解压tar遍历diff目录计算文件大小之和,因此通过`isula-build ctr-img images`查看的镜像大小与`docker images`的显示上有一定差异。 - -### 与Dockerfile语法上的差异 - -1. 暂不支持ADD指令提供的来源是远端url。 - - - -## 附录 - -### 命令行参数说明 - -**表1** ctr-img build 命令参数列表 - -| **命令** | **参数** | **说明** | -| ------------- | -------------- | ------------------------------------------------------------ | -| ctr-img build | --build-arg | string列表,构建过程中需要用到的变量 | -| | --build-static | KV值,构建二进制一致性。目前包含如下K值:- build-time:string,使用固定时间戳来构建容器镜像;时间戳格式为“YYYY-MM-DD HH-MM-SS” | -| | -f, --filename | string,Dockerfile的路径,不指定则是使用当前路径的Dockerfile文件 | -| | --iidfile | string,输出 image ID 到本地文件 | -| | -o, --output | string,镜像导出的方式和路径 | -| | --proxy | 布尔值,继承主机侧环境的proxy环境变量(默认为true) | -| | --tag | string,给构建的镜像添加tag | -| | --cap-add | string列表,构建过程中RUN指令所需要的权限 | - -**表2** ctr-img load 命令参数列表 - -| **命令** | **参数** | **说明** | -| ------------ | ----------- | --------------------------------- | -| ctr-img load | -i, --input | string,需要导入的本地tar包的路径 | - -**表3** ctr-img rm 命令参数列表 - -| **命令** | **参数** | **说明** | -| ---------- | ----------- | --------------------------------------------- | -| ctr-img rm | -a, --all | 布尔值,删除所有本地持久化存储的镜像 | -| | -p, --prune | 布尔值,删除所有没有tag的本地持久化存储的镜像 | - -**表4** ctr-img save 命令参数列表 - -| **命令** | **参数** | **说明** | -| ------------ | ------------ | ---------------------------------- | -| ctr-img save | -o, --output | string,镜像导出后在本地的存储路径 | - -**表5** login 命令参数列表 - -| **命令** | **参数** | **说明** | -| -------- | -------------------- | ------------------------------------------------------- | -| login | -p, --password-stdin | 布尔值,是否通过stdin读入密码;或采用交互式界面输入密码 | -| | -u, --username | string,登陆镜像仓库所使用的用户名 | - -**表6** logout 命令参数列表 - -| **命令** | **参数** | **说明** | -| -------- | --------- | ------------------------------------ | -| logout | -a, --all | 布尔值,是否登出所有已登陆的镜像仓库 | - -### 通信矩阵 - -isula-build两个组件进程之间通过unix socket套接字文件进行通信,无端口通信。 - -### 文件与权限 - -1. isula-build 所有的操作均需要使用 root 权限。 - -2. isula-build 运行涉及文件权限如下表所示: - - | **文件路径** | **文件/文件夹权限** | **说明** | - | ------------------------------------------- | ------------------- | ------------------------------------------------------------ | - | /usr/bin/isula-build | 550 | 命令行工具二进制文件。 | - | /usr/bin/isula-builder | 550 | 服务端isula-builder进程二进制文件。 | - | /usr/lib/systemd/system/isula-build.service | 640 | systemd配置文件,用于管理isula-build服务。 | - | /etc/isula-build/configuration.toml | 600 | isula-builder 总配置文件,包含设置 isula-builder 日志级别、持久化目录和运行时目录、OCI runtime等。 | - | /etc/isula-build/policy.json | 600 | 签名验证策略文件的语法文件。 | - | /etc/isula-build/registries.toml | 600 | 针对各个镜像仓库的配置文件,含可用的镜像仓库列表、镜像仓库黑名单。 | - | /etc/isula-build/storage.toml | 600 | 本地持久化存储的配置文件,包含所使用的存储驱动的配置。 | - | /var/run/isula_build.sock | 600 | 服务端isula-builder的本地套接字。 | - | /var/lib/isula-build | 700 | 本地持久化目录。 | - | /var/run/isula-build | 700 | 本地运行时目录。 | - | /var/tmp/isula-build-tmp-*.tar | 600 | 镜像导出至iSulad时的本地暂存目录。 | - - \ No newline at end of file diff --git a/content/zh/docs/Installation/FAQ-1.md b/content/zh/docs/Installation/FAQ-1.md deleted file mode 100644 index 284a0108acfff0cd1b7879554f302299f5675164..0000000000000000000000000000000000000000 --- a/content/zh/docs/Installation/FAQ-1.md +++ /dev/null @@ -1,27 +0,0 @@ -# FAQ - - -- [FAQ](#faq) - - [树莓派启动失败](#树莓派启动失败) - - [问题现象](#问题现象) - - [原因分析](#原因分析) - - [解决方法](#解决方法) - - - -## 树莓派启动失败 - -### 问题现象 - -将 openEuler 发布的树莓派镜像刷写入 SD 卡后,树莓派启动失败。 - -### 原因分析 - -刷写 openEuler 发布的树莓派镜像后,树莓派启动失败,大致有以下几种情况: - -1. 下载的镜像文件不完整,请确保该镜像通过完整性校验。 -2. 镜像写入 SD 卡过程中出现问题,多出现在 Windows 环境下使用应用软件刷写镜像到 SD 卡的情况。 - -### 解决方法 - -将完整的镜像重新刷写入 SD 卡。 diff --git "a/content/zh/docs/Installation/figures/root\345\257\206\347\240\201.png" "b/content/zh/docs/Installation/figures/root\345\257\206\347\240\201.png" deleted file mode 100644 index b5bf8835c1b04a8ec679a34fdd20b0419b081431..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/root\345\257\206\347\240\201.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\345\210\233\345\273\272\347\224\250\346\210\267.png" "b/content/zh/docs/Installation/figures/\345\210\233\345\273\272\347\224\250\346\210\267.png" deleted file mode 100644 index 9c2208da7baf239a879277d53374037d9ff48410..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\345\210\233\345\273\272\347\224\250\346\210\267.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\345\215\212\350\207\252\345\212\250-new.png" "b/content/zh/docs/Installation/figures/\345\215\212\350\207\252\345\212\250-new.png" deleted file mode 100644 index dcdfb60e3e77594c59cfbaaece61881347cd4032..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\345\215\212\350\207\252\345\212\250-new.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\345\242\236\345\212\240inst-noverifyssl\345\217\202\346\225\260.png" "b/content/zh/docs/Installation/figures/\345\242\236\345\212\240inst-noverifyssl\345\217\202\346\225\260.png" deleted file mode 100644 index f56a7dd0c45acf8a4c3a735ed623eaccd19bfaef..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\345\242\236\345\212\240inst-noverifyssl\345\217\202\346\225\260.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\345\256\211\350\243\205\345\274\225\345\257\274\347\225\214\351\235\242.png" "b/content/zh/docs/Installation/figures/\345\256\211\350\243\205\345\274\225\345\257\274\347\225\214\351\235\242.png" deleted file mode 100644 index 0ee099a675eee71fdeb3ba3ad0f30e0be20d7af3..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\345\256\211\350\243\205\345\274\225\345\257\274\347\225\214\351\235\242.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\345\256\211\350\243\205\346\246\202\350\247\210.png" "b/content/zh/docs/Installation/figures/\345\256\211\350\243\205\346\246\202\350\247\210.png" deleted file mode 100644 index d64da9c1ad2a4afc657eb50f1e4439b5b870ea2a..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\345\256\211\350\243\205\346\246\202\350\247\210.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\345\256\211\350\243\205\346\272\220.png" "b/content/zh/docs/Installation/figures/\345\256\211\350\243\205\346\272\220.png" deleted file mode 100644 index 25a28495bad27f26cac8ce19009d2c780d92f0fd..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\345\256\211\350\243\205\346\272\220.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\345\256\211\350\243\205\347\233\256\346\240\207\344\275\215\347\275\256.png" "b/content/zh/docs/Installation/figures/\345\256\211\350\243\205\347\233\256\346\240\207\344\275\215\347\275\256.png" deleted file mode 100644 index 4c13cb4faff2f8a4292ec5d940e63aa80e268f1d..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\345\256\211\350\243\205\347\233\256\346\240\207\344\275\215\347\275\256.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\345\256\211\350\243\205\350\277\207\347\250\213.png" "b/content/zh/docs/Installation/figures/\345\256\211\350\243\205\350\277\207\347\250\213.png" deleted file mode 100644 index 9278b364149636a26a21409afc1342aa1c546ddb..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\345\256\211\350\243\205\350\277\207\347\250\213.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\345\256\214\346\210\220\345\256\211\350\243\205.png" "b/content/zh/docs/Installation/figures/\345\256\214\346\210\220\345\256\211\350\243\205.png" deleted file mode 100644 index b54d9ef9c15affd3f41ce6622be66d883ef7e744..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\345\256\214\346\210\220\345\256\211\350\243\205.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\345\274\200\345\247\213\345\256\211\350\243\205.png" "b/content/zh/docs/Installation/figures/\345\274\200\345\247\213\345\256\211\350\243\205.png" deleted file mode 100644 index 1a5771d8f56ef2472f488e3524d0d0bc91827d10..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\345\274\200\345\247\213\345\256\211\350\243\205.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\346\211\213\345\212\250\345\210\206\345\214\272.png" "b/content/zh/docs/Installation/figures/\346\211\213\345\212\250\345\210\206\345\214\272.png" deleted file mode 100644 index f56b1aba62237b74ecc60c1cf9eee9b5cd4902c0..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\346\211\213\345\212\250\345\210\206\345\214\272.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\346\227\245\346\234\237\345\222\214\346\227\266\351\227\264.png" "b/content/zh/docs/Installation/figures/\346\227\245\346\234\237\345\222\214\346\227\266\351\227\264.png" deleted file mode 100644 index 33b528bb77d0d6b0f51da604e2bad89e3a9daafe..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\346\227\245\346\234\237\345\222\214\346\227\266\351\227\264.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\347\233\230\347\254\246.png" "b/content/zh/docs/Installation/figures/\347\233\230\347\254\246.png" deleted file mode 100644 index b49213bd19cb5b9cdac6ce25564be17df2810d72..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\347\233\230\347\254\246.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\347\243\201\347\233\230\345\212\240\345\257\206\345\217\243\344\273\244.png" "b/content/zh/docs/Installation/figures/\347\243\201\347\233\230\345\212\240\345\257\206\345\217\243\344\273\244.png" deleted file mode 100644 index c76b59d3214da2c55119f0300103be0b9c2d8792..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\347\243\201\347\233\230\345\212\240\345\257\206\345\217\243\344\273\244.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\347\275\221\347\273\234\345\222\214\344\270\273\346\234\272\345\220\215.png" "b/content/zh/docs/Installation/figures/\347\275\221\347\273\234\345\222\214\344\270\273\346\234\272\345\220\215.png" deleted file mode 100644 index 24aee8cb2ca13e004d2439ffd89de047c330b58c..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\347\275\221\347\273\234\345\222\214\344\270\273\346\234\272\345\220\215.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\350\216\267\345\217\226IP.png" "b/content/zh/docs/Installation/figures/\350\216\267\345\217\226IP.png" deleted file mode 100644 index 26b6f8f60a36c4b43ebebe4dbdce169ade4b13ae..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\350\216\267\345\217\226IP.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\350\257\255\350\250\200\346\224\257\346\214\201.png" "b/content/zh/docs/Installation/figures/\350\257\255\350\250\200\346\224\257\346\214\201.png" deleted file mode 100644 index a7ddd3a5a6c3c6f377675af294a978d12480ff87..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\350\257\255\350\250\200\346\224\257\346\214\201.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\350\275\257\344\273\266\351\200\211\346\213\251.png" "b/content/zh/docs/Installation/figures/\350\275\257\344\273\266\351\200\211\346\213\251.png" deleted file mode 100644 index 011be38bc7b0030cde009574831b1a5d5a356a1f..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\350\275\257\344\273\266\351\200\211\346\213\251.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\351\200\211\346\213\251\350\257\255\350\250\200.png" "b/content/zh/docs/Installation/figures/\351\200\211\346\213\251\350\257\255\350\250\200.png" deleted file mode 100644 index 738853f1685aeaf2fc7a135f9f13443341f42c48..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\351\200\211\346\213\251\350\257\255\350\250\200.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\351\205\215\347\275\256\351\224\231\350\257\257\346\217\220\347\244\272.png" "b/content/zh/docs/Installation/figures/\351\205\215\347\275\256\351\224\231\350\257\257\346\217\220\347\244\272.png" deleted file mode 100644 index 0349567af5b1695a611b8c32219b469bcf2170e8..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\351\205\215\347\275\256\351\224\231\350\257\257\346\217\220\347\244\272.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\351\224\256\347\233\230\345\270\203\345\261\200.png" "b/content/zh/docs/Installation/figures/\351\224\256\347\233\230\345\270\203\345\261\200.png" deleted file mode 100644 index d91d52d773a277d91ebaccbd7e9ae7d770e6528b..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\351\224\256\347\233\230\345\270\203\345\261\200.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/figures/\351\253\230\347\272\247\347\224\250\346\210\267\351\205\215\347\275\256.png" "b/content/zh/docs/Installation/figures/\351\253\230\347\272\247\347\224\250\346\210\267\351\205\215\347\275\256.png" deleted file mode 100644 index 9a87dffd881b279a4b8c40c798e917a9ac7a3ede..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Installation/figures/\351\253\230\347\272\247\347\224\250\346\210\267\351\205\215\347\275\256.png" and /dev/null differ diff --git "a/content/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" "b/content/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" deleted file mode 100644 index 31b4eb9b7205099ee0ca942bd18b389f78be8896..0000000000000000000000000000000000000000 --- "a/content/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" +++ /dev/null @@ -1,241 +0,0 @@ -# 安装准备 - -介绍安装前需要考虑软硬件兼容性状况,以及相关的配置和准备工作。 - - -- [安装准备](#安装准备) - - [获取安装源](#获取安装源) - - [发布包完整性校验](#发布包完整性校验) - - [简介](#简介) - - [前提条件](#前提条件) - - [操作指导](#操作指导) - - [物理机的安装要求](#物理机的安装要求) - - [硬件兼容支持](#硬件兼容支持) - - [最小硬件要求](#最小硬件要求) - - [虚拟机的安装要求](#虚拟机的安装要求) - - [虚拟化平台兼容性](#虚拟化平台兼容性) - - [最小虚拟化空间要求](#最小虚拟化空间要求) - - - -## 获取安装源 - -在安装开始前,您需要获取openEuler的发布包和校验文件。 - -> ![](public_sys-resources/icon-note.gif) **说明:** -> AArch64架构的发布包支持UEFI模式,x86\_64架构的发布包支持UEFI模式和Legacy模式。 - -请按以下步骤获取openEuler的发布包和校验文件: - -1. 登录[openEuler社区](https://openeuler.org)网站。 -2. 单击“下载”。 -3. 单击“获取ISO:”后面的“Link”,显示版本列表。 -4. 单击“openEuler-20.09-beta”,进入openEuler 20.09 beta版本下载列表。 -5. 单击“ISO”,进入ISO下载列表。 - - aarch64:AArch64架构的ISO。 - - x86\_64:x86\_64架构的ISO。 - - source:openEuler源码ISO。 - -6. 根据实际待安装环境的架构选择需要下载的openEuler的发布包和校验文件。 - - 若为AArch64架构。 - 1. 单击“aarch64”。 - 2. 单击“openEuler-20.09-beta-aarch64-dvd.iso”,将openEuler发布包下载到本地。 - 3. 单击“openEuler-20.09-beta-aarch64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 - - - 若为x86\_64架构。 - 1. 单击“x86\_64”。 - 2. 单击“openEuler-20.09-beta-x86\_64-dvd.iso”,将openEuler发布包下载到本地。 - 3. 单击“openEuler-20.09-beta-x86\_64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 - -## 发布包完整性校验 - ->![](public_sys-resources/icon-note.gif) **说明:** ->本章节以AArch64架构的发布包完整性校验为例,x86\_64架构的发布包完整性校验的操作方法相同。 - -### 简介 - -为了防止软件包在传输过程中由于网络原因或者存储设备原因出现下载不完整的问题,在获取到软件包后,需要对软件包的完整性进行校验,通过了校验的软件包才能部署。 - -这里通过对比校验文件中记录的校验值和手动方式计算的iso文件校验值,判断软件包是否完成。若两个值相同,说明iso文件完整,否则,iso完整性被破坏,请重新获取iso发布包。 - -### 前提条件 - -在校验发布包完整性之前,需要准备如下文件: - -iso文件:openEuler-20.09-beta-aarch64-dvd.iso - -校验文件:openEuler-20.09-beta-aarch64-dvd.iso.sha256sum - -### 操作指导 - -文件完整性校验操作步骤如下: - -1. 获取校验文件中的校验值。执行命令如下: - - ``` - $ cat openEuler-20.09-beta-aarch64-dvd.iso.sha256sum - ``` - -2. 计算文件的sha256校验值。执行命令如下: - - ``` - $ sha256sum openEuler-20.09-beta-aarch64-dvd.iso - ``` - - 命令执行完成后,输出校验值。 - -3. 对比步骤1和步骤2计算的校验值是否一致。 - - 如果校验值一致说明iso文件完整性没有破坏,如果校验值不一致则可以确认文件完整性已被破坏,需要重新获取。 - -## 物理机的安装要求 - -若需要在物理机环境上安装openEuler操作系统,则物理机需要满足如下的硬件兼容性和最小硬件要求。 - -### 硬件兼容支持 - -openEuler安装时,应注意硬件兼容性方面的问题,当前已支持的服务器类型如[表1](#table14948632047)所示。 - ->![](public_sys-resources/icon-note.gif) **说明:** -> ->- TaiShan 200服务器基于华为鲲鹏920处理器。 ->- 当前仅支持华为TaiShan服务器和FusionServer Pro 机架服务器,后续将逐步增加对其他厂商服务器的支持。 - -**表 1** 支持的服务器类型 - - - - - - - - - - - - - - - - - -

服务器形态

-

服务器名称

-

服务器型号

-

机架服务器

-

TaiShan 200

-

2280均衡型

-

机架服务器

-

FusionServer Pro 机架服务器

-

FusionServer Pro 2288H V5

-
说明:

服务器要求配置Avago 3508 RAID控制卡和启用LOM-X722网卡。

-
-
- -### 最小硬件要求 - -openEuler所需的最小硬件要求如[表2](#tff48b99c9bf24b84bb602c53229e2541)所示。 - -**表 2** 最小硬件要求 - - - - - - - - - - - - - - - - - - - - - - - - - -

部件名称

-

最小硬件要求

-

说明

-

架构

-
  • AArch64
  • x86_64
-
  • 支持Arm的64位架构。
  • 支持Intel的x86 64位架构。
-

CPU

-
  • 华为鲲鹏920系列CPU
  • Intel® Xeon®处理器
-

-

-

内存

-

不小于4GB(为了获得更好的应用体验,建议不小于8GB)

-

-

-

硬盘

-

为了获得更好的应用体验,建议不小于120GB)

-

支持IDE、SATA、SAS等接口的硬盘。

-
- -## 虚拟机的安装要求 - -若需要在虚拟机环境上安装openEuler操作系统,则虚拟机需要满足如下的虚拟化平台兼容性和最小虚拟化要求。 - -### 虚拟化平台兼容性 - -openEuler安装时,应注意虚拟化平台兼容性的问题,当前已支持的虚拟化平台为: - -- openEuler自有的虚拟化组件(HostOS为openEuler,虚拟化组件为发布包中的qemu、KVM)创建的虚拟化平台。 -- 华为公有云的x86虚拟化平台。 - -### 最小虚拟化空间要求 - -openEuler所需的最小虚拟化空间要求如[表3](#tff48b99c9bf24b84bb602c53229e2541)所示。 - -**表 3** 最小虚拟化空间要求 - - - - - - - - - - - - - - - - - - - - - - - - - -

部件名称

-

最小虚拟化空间要求

-

说明

-

架构

-
  • AArch64
  • x86_64
-

-

-

CPU

-

2个CPU

-

-

-

内存

-

不小于4GB(为了获得更好的应用体验,建议不小于8GB)

-

-

-

硬盘

-

不小于32GB(为了获得更好的应用体验,建议不小于120GB)

-

-

-
- - - diff --git "a/content/zh/docs/Quickstart/figures/root\345\257\206\347\240\201.png" "b/content/zh/docs/Quickstart/figures/root\345\257\206\347\240\201.png" deleted file mode 100644 index b5bf8835c1b04a8ec679a34fdd20b0419b081431..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Quickstart/figures/root\345\257\206\347\240\201.png" and /dev/null differ diff --git "a/content/zh/docs/Quickstart/figures/\345\210\233\345\273\272\347\224\250\346\210\267.png" "b/content/zh/docs/Quickstart/figures/\345\210\233\345\273\272\347\224\250\346\210\267.png" deleted file mode 100644 index 9c2208da7baf239a879277d53374037d9ff48410..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Quickstart/figures/\345\210\233\345\273\272\347\224\250\346\210\267.png" and /dev/null differ diff --git "a/content/zh/docs/Quickstart/figures/\345\256\211\350\243\205\345\274\225\345\257\274\347\225\214\351\235\242.png" "b/content/zh/docs/Quickstart/figures/\345\256\211\350\243\205\345\274\225\345\257\274\347\225\214\351\235\242.png" deleted file mode 100644 index 0ee099a675eee71fdeb3ba3ad0f30e0be20d7af3..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Quickstart/figures/\345\256\211\350\243\205\345\274\225\345\257\274\347\225\214\351\235\242.png" and /dev/null differ diff --git "a/content/zh/docs/Quickstart/figures/\345\256\211\350\243\205\346\246\202\350\247\210.png" "b/content/zh/docs/Quickstart/figures/\345\256\211\350\243\205\346\246\202\350\247\210.png" deleted file mode 100644 index d64da9c1ad2a4afc657eb50f1e4439b5b870ea2a..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Quickstart/figures/\345\256\211\350\243\205\346\246\202\350\247\210.png" and /dev/null differ diff --git "a/content/zh/docs/Quickstart/figures/\345\256\211\350\243\205\347\233\256\346\240\207\344\275\215\347\275\256.png" "b/content/zh/docs/Quickstart/figures/\345\256\211\350\243\205\347\233\256\346\240\207\344\275\215\347\275\256.png" deleted file mode 100644 index 4c13cb4faff2f8a4292ec5d940e63aa80e268f1d..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Quickstart/figures/\345\256\211\350\243\205\347\233\256\346\240\207\344\275\215\347\275\256.png" and /dev/null differ diff --git "a/content/zh/docs/Quickstart/figures/\345\256\214\346\210\220\345\256\211\350\243\205.png" "b/content/zh/docs/Quickstart/figures/\345\256\214\346\210\220\345\256\211\350\243\205.png" deleted file mode 100644 index b54d9ef9c15affd3f41ce6622be66d883ef7e744..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Quickstart/figures/\345\256\214\346\210\220\345\256\211\350\243\205.png" and /dev/null differ diff --git "a/content/zh/docs/Quickstart/figures/\345\274\200\345\247\213\345\256\211\350\243\205.png" "b/content/zh/docs/Quickstart/figures/\345\274\200\345\247\213\345\256\211\350\243\205.png" deleted file mode 100644 index 1a5771d8f56ef2472f488e3524d0d0bc91827d10..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Quickstart/figures/\345\274\200\345\247\213\345\256\211\350\243\205.png" and /dev/null differ diff --git "a/content/zh/docs/Quickstart/figures/\350\275\257\344\273\266\351\200\211\346\213\251.png" "b/content/zh/docs/Quickstart/figures/\350\275\257\344\273\266\351\200\211\346\213\251.png" deleted file mode 100644 index 011be38bc7b0030cde009574831b1a5d5a356a1f..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Quickstart/figures/\350\275\257\344\273\266\351\200\211\346\213\251.png" and /dev/null differ diff --git "a/content/zh/docs/Quickstart/figures/\351\200\211\346\213\251\350\257\255\350\250\200.png" "b/content/zh/docs/Quickstart/figures/\351\200\211\346\213\251\350\257\255\350\250\200.png" deleted file mode 100644 index 738853f1685aeaf2fc7a135f9f13443341f42c48..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Quickstart/figures/\351\200\211\346\213\251\350\257\255\350\250\200.png" and /dev/null differ diff --git "a/content/zh/docs/Quickstart/figures/\351\253\230\347\272\247\347\224\250\346\210\267\351\205\215\347\275\256.png" "b/content/zh/docs/Quickstart/figures/\351\253\230\347\272\247\347\224\250\346\210\267\351\205\215\347\275\256.png" deleted file mode 100644 index 9a87dffd881b279a4b8c40c798e917a9ac7a3ede..0000000000000000000000000000000000000000 Binary files "a/content/zh/docs/Quickstart/figures/\351\253\230\347\272\247\347\224\250\346\210\267\351\205\215\347\275\256.png" and /dev/null differ diff --git a/content/zh/docs/Releasenotes/README.md b/content/zh/docs/Releasenotes/README.md deleted file mode 100644 index 63751f53f739f8a7c2bf8e8431e7d59f5dad323a..0000000000000000000000000000000000000000 --- a/content/zh/docs/Releasenotes/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# 组件分类 - -**应用和基础服务** -- 包括Application && Base-service - -**编程语言和编译器** -- 包括Programming-language && Compiler && sig-golang && sig-perl-modules && sig-python-modules - -**运行时和中间件** -- 包括Runtime && sig-ai-bigdata && sig-ROS && DB - -**虚拟化和容器** -- 包括Virt && oVirt && iSulad && Docker && sig-android-middleware - -**集群管理** -- 包括sig-Ha && sig-Kubernetes - -**内核** -- 包括Kernel - -**安全** -- 包括SIG-Security_facility && sig-bounds_checking_function - -**硬件和芯片使能** -- sig-RaspberryPi && sig-RISC-V && sig-Compatibility-Infra - -**文件系统** -- 包括Storage & sig-ceph - -**计算和加速库** -- 包括Computing && kae - -**网络** -- 包括Network && dpdk && sig-REDF - -**桌面** -- 包括Desktop && sig-mate-desktop && sig-UKUI && xfce && GNOME && sig-DDE - -**系统工具** -- 包括System-tool && A-Tune && dev-utils && sig-EasyLife - -**其它** -- 包括other && private \ No newline at end of file diff --git a/content/zh/docs/Releasenotes/release_notes.md b/content/zh/docs/Releasenotes/release_notes.md deleted file mode 100644 index b8f6f7d801aaa764c4f3b2a854e54c2e0677bb31..0000000000000000000000000000000000000000 --- a/content/zh/docs/Releasenotes/release_notes.md +++ /dev/null @@ -1 +0,0 @@ -本文是 openEuler 20.09 LTS 版本的发行说明。 \ No newline at end of file diff --git a/content/zh/docs/Releasenotes/zh-cn_bookmap_0225720059.md b/content/zh/docs/Releasenotes/zh-cn_bookmap_0225720059.md deleted file mode 100644 index 843daf755b25db9714413552d037bdb0d9715945..0000000000000000000000000000000000000000 --- a/content/zh/docs/Releasenotes/zh-cn_bookmap_0225720059.md +++ /dev/null @@ -1,14 +0,0 @@ -# 版本发行说明 - -- [法律声明](法律声明.md) -- [用户须知](用户须知.md) -- [简介](简介.md) -- [系统安装](系统安装.md) -- [关键特性](关键特性.md) -- [已知问题](已知问题.md) -- [已修复问题](已修复问题.md) -- [CVE漏洞](CVE漏洞.md) -- [源代码](源代码.md) -- [参与贡献](参与贡献.md) -- [致谢](致谢.md) - diff --git "a/content/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" "b/content/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" deleted file mode 100644 index 310894c2ba830da82ff91ca63dd6daeb8468b7b3..0000000000000000000000000000000000000000 --- "a/content/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" +++ /dev/null @@ -1,41 +0,0 @@ -# 关键特性 - -**编程语言和编译器** -- JDK8优化:APPCDS特性支持、crc32硬加速指令支持。 -- GCC优化:循环优化、自动矢量化、全局优化。 - -**运行时和中间件** -- QVisor:轻量级虚拟化Runtime。 -- iSula轻量级容器解决方案,统一IoT,边缘和云计算容器解决方案。 - -**虚拟化** -- Kunpeng虚拟化特性:CPU和内存热插拔、NMI Watchdog、KVM Custom、SmartPolling。 -- 可信启动度量:vTPM机制支撑启动阶段的对各个部件的可信度量。 -- VMTOP工具:虚拟机组件配套DFX工具,支持抓取虚拟机陷出开销,调度时延等各种数据。 - -**内核** -- TLB Range 指令支持:批量TLB invalid提升性能,MMU gather减少TLBi调用。 -- Numa aware qspinlock支持:减少跨NUMA节点的Cache/总线冲突。 -- Ktask并行化支持:内核任务并行化框架支持,内核任务并行化运行。 -- 内存系统锁优化:vmalloc分配大锁优化、Pagecache锁优化。 - -**安全** -- CloudEncalve支持:提供机密计算统一框架、南向屏蔽SGX和TrustZone的差异,北向提供统一API和SDK。 -- IMA支持:完整性度量机制 - -**硬件和芯片使能** -- Raspberry Pi支持:Raspberry系列板卡支持。 - -**计算和加速库** -- 摘要算法SM3,支持异步模型 -- 对称加密算法SM4,支持异步模型,支持CTR/XTS/CBC模式 -- 对称加密算法AES,支持异步模型,支持ECB/CTR/XTS/CBC模式 -- 非对称算法RSA,支持异步模型,支持Key Sizes 1024/2048/3072/4096 -- 密钥协商算法DH,支持异步模型,支持Key Sizes 768/1024/1536/2048/3072/4096 - -**桌面** -- UKUI:麒麟操作系统的默认桌面环境,其布局、风格和使用习惯接近传统Windows - -**系统工具** -- A-Tune:智能系统性能优化引擎,推理出业务特征,配置最佳的系统参数合,使业务处于最优运行状态 -- A-OPS: 内核热升级框架,以及配套工具 diff --git "a/content/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" "b/content/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" deleted file mode 100644 index 5000634b5d83b42b9a4e668826a8f44439baf98d..0000000000000000000000000000000000000000 --- "a/content/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" +++ /dev/null @@ -1,243 +0,0 @@ -# 已修复问题 - -完整问题清单请参见[完整问题清单](https://gitee.com/organizations/src-openeuler/issues)。 - -完整的内核提交记录请参见[提交记录](https://gitee.com/openeuler/kernel/commits/openEuler-1.0-LTS)。 - -**应用和基础服务** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**编程语言和编译器** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**运行时和中间件** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**虚拟化和容器** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**集群管理** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**内核** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**安全** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**硬件和芯片使能** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**文件系统** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**计算和加速库** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**网络** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**桌面** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**系统工具** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**其它** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
\ No newline at end of file diff --git "a/content/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" "b/content/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" deleted file mode 100644 index 7730294041314d5b9e4e2904f56a2babbbb0c732..0000000000000000000000000000000000000000 --- "a/content/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" +++ /dev/null @@ -1,238 +0,0 @@ -# 已知问题 -**应用和基础服务** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**编程语言和编译器** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**运行时和中间件** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**虚拟化和容器** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**集群管理** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**内核** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**安全** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**硬件和芯片使能** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**文件系统** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**计算和加速库** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**网络** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**桌面** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**系统工具** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
- -**其它** - - - - - - - - - - -

ISSUE

-

问题描述

-

I1BJTF

-

DEMO

-
diff --git "a/content/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" "b/content/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" deleted file mode 100644 index 7788d15a0a44c493ae690387e9ea496a7ad6d27a..0000000000000000000000000000000000000000 --- "a/content/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" +++ /dev/null @@ -1,268 +0,0 @@ -# 系统安装 - -## 发布件 - -openEuler发布件包括[ISO发布包](http://repo.openeuler.org/openEuler-20.09-LTS/ISO/)、[虚拟机镜像](http://repo.openeuler.org/openEuler-20.09-LTS/virtual_machine_img/)、[容器镜像](http://repo.openeuler.org/openEuler-20.09-LTS/docker_img/)和[repo源](http://repo.openeuler.org/openEuler-20.09-LTS/)。ISO发布包请参见[表1](#table8396719144315)。容器清单参见[表3](#table1276911538154)。repo源方便在线使用,repo源目录请参见[表4](#table953512211576)。 - -**表 1** 发布ISO列表 - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

名称

-

描述

-

openEuler-20.09-LTS-aarch64-dvd.iso

-

AArch64架构的基础安装ISO,包含了运行最小系统的核心组件

-

openEuler-20.09-LTS-everything-aarch64-dvd.iso

-

AArch64架构的全量安装ISO,包含了运行完整系统所需的全部组件

-

openEuler-20.09-LTS-debuginfo-aarch64-dvd.iso

-

AArch64架构下openEuler的调试ISO,包含了调试所需的符号表信息

-

openEuler-20.09-LTS-x86_64-dvd.iso

-

x86_64架构的基础安装ISO,包含了运行最小系统的核心组件

-

openEuler-20.09-LTS-everything-x86_64-dvd.iso

-

x86_64架构的全量安装ISO,包含了运行完整系统所需的全部组件

-

openEuler-20.09-LTS-debuginfo-x86_64-dvd.iso

-

x86_64架构下openEuler的调试ISO,包含了调试所需的符号表信息

-

openEuler-20.09-LTS-source-dvd.iso

-

openEuler源码ISO

-
- -**表 2** 虚拟机镜像 - - - - - - - - - - - - - -

名称

-

描述

-

openEuler-20.09-LTS.aarch64.qcow2.xz

-

AArch64架构下openEuler虚拟机镜像

-

openEuler-20.09-LTS.x86_64.qcow2.xz

-

x86_64架构下openEuler虚拟机镜像

-
- ->![](public_sys-resources/icon-note.gif) **说明:** ->虚拟机镜像root用户默认密码为:openEuler12\#$,首次登录后请及时修改。 - -**表 3** 容器镜像列表 - - - - - - - - - - - - - -

名称

-

描述

-

openEuler-docker.aarch64.tar.xz

-

AArch64架构下openEuler容器镜像

-

openEuler-docker.x86_64.tar.xz

-

x86_64架构下openEuler容器镜像

-
- -**表 4** repo源列表 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

目录

-

描述

-

ISO

-

存放ISO镜像

-

OS

-

存放基础软件包源

-

debuginfo

-

存放调试包源

-

docker_img

-

存放容器镜像

-

virtual_machine_img

-

存放虚拟机镜像

-

everything

-

存放全量软件包源

-

extras

-

存放扩展软件包源

-

source

-

存放源码软件源

-

update

-

存放升级软件包源

-

EPOL

-

存放openEuler扩展包

-
- -## 最小硬件要求 - -安装 openEuler 20.09 LTS 所需的最小硬件要求如[表5](#zh-cn_topic_0182825778_tff48b99c9bf24b84bb602c53229e2541)所示。 - -**表 5** 最小硬件要求 - - - - - - - - - - - - - - - - -

部件名称

-

最小硬件要求

-

CPU

-

鲲鹏 920(架构为AArch64)

-

x86-64(Skylake以上)

-

内存

-

不小于8GB

-

硬盘

-

不小于120GB

-
- -## 硬件兼容性 - -openEuler已验证支持的服务器和各部件典型配置请参见[表6](#zh-cn_topic_0227922427_table39822012)。openEuler后续将逐步增加对其他服务器的支持,也欢迎广大合作伙伴/开发者参与贡献和验证。 - -**表 6** 支持的服务器及典型配置 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

厂商

-

服务器名称

-

服务器具体型号

-

部件名称

-

典型配置

-

华为

-

TaiShan 200

-

2280均衡型

-

CPU

-

HiSilicon Kunpeng 920

-

内存

-

32G*4 2933MHz

-

RAID卡

-

LSI SAS3508

-

网络

-

TM210

-

华为

-

FusionServer Pro

-

2288H V5(机架服务器)

-

CPU

-

Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz

-

内存

-

32*4 2400MHz

-

RAID卡

-

LSI SAS3508

-

网络

-

X722

-
- diff --git a/content/zh/docs/userguide/images/Maintainer.jpg b/content/zh/docs/userguide/images/Maintainer.jpg deleted file mode 100644 index da0d5f1b5d928eca3a0d63795f59c55331136065..0000000000000000000000000000000000000000 Binary files a/content/zh/docs/userguide/images/Maintainer.jpg and /dev/null differ diff --git a/content/zh/docs/userguide/images/PatchTracking.jpg b/content/zh/docs/userguide/images/PatchTracking.jpg deleted file mode 100644 index e12afd6227c18c333f289b9aa71abf608d8058a0..0000000000000000000000000000000000000000 Binary files a/content/zh/docs/userguide/images/PatchTracking.jpg and /dev/null differ diff --git a/content/zh/docs/userguide/pkgship.md b/content/zh/docs/userguide/pkgship.md deleted file mode 100644 index 937597d4f3a3e2d1a84fbeb71cb2e2371655b155..0000000000000000000000000000000000000000 --- a/content/zh/docs/userguide/pkgship.md +++ /dev/null @@ -1,192 +0,0 @@ -pkgship -=== - -# 介绍 -pkgship是一款管理OS软件包依赖关系,提供依赖和被依赖关系完整图谱的查询工具,pkgship提供软件包依赖查询、生命周期管理、补丁查询等功能。 -1. 软件包依赖查询:方便社区人员在软件包引入、更新和删除的时候了解软件的影响范围。 -2. 生命周期管理:跟踪上游软件包发布状态,方便维护人员了解当前软件状态,及时升级到合理的版本。 -3. 补丁查询:方便社区人员了解openEuler软件包的补丁情况以及提取补丁内容。 - -# 架构 -系统采用flask-restful开发,使用SQLAlchemy ORM查询框架,同时支持mysql和sqlite两种数据库,可以通过配置文件的更改使用哪种数据库。 - -# 软件下载 -* Repo源挂载地址:https://repo.openeuler.org/ -* 源码获取地址:https://gitee.com/openeuler/openEuler-Advisor/tree/master/packageship -* rpm包获取地址:https://117.78.1.88/project/show/openEuler:Mainline - -# 安装工具 -工具安装可通过以下两种方式实现。 - -* 先使用dnf挂载pkgship软件在所在repo源(具体方法可参考[应用开发指南](https://openeuler.org/zh/docs/20.03_LTS/docs/ApplicationDev/%E5%BC%80%E5%8F%91%E7%8E%AF%E5%A2%83%E5%87%86%E5%A4%87.html)),然后执行如下指令下载以及安装pkgship及其依赖。 - - ``` - dnf install pkgship - ``` - -* 先下载pkgship的rpm包,然后执行如下命令进行安装(其中“x.x-x”表示版本号,请用实际情况代替)。 - - ``` - rpm -ivh pkgship-x.x-x.oe1.noarch.rpm - ``` - - 或者 - - ``` - dnf install pkgship-x.x-x.oe1.noarch.rpm - ``` - -# 配置参数 -1. 在配置文件中对相应参数进行配置,系统的默认配置文件存放在 /etc/pkgship/packge.ini,请根据实际情况进行配置更改。 - - ``` - vim /etc/pkgship/package.ini - ``` - -2. 创建初始化数据库的yaml配置文件: - conf.yaml 文件默认存放在 /etc/pkgship/ 路径下,pkgship会通过该配置读取要建立的数据库名称以及需要导入的sqlite文件。conf.yaml 示例如下所示。 - - ``` - - dbname:openEuler-20.03-LTS - src_db_file: - - /etc/pkgship/src.sqlite - bin_db_file: - - /etc/pkgship/bin.sqlite - status:enable - priority:1 - ``` - -> 如需更改存放路径,请更改package.ini下的 init_conf_path 选项 - - -# 服务启动和停止 -pkgship使用uWSGI web服务器,启动和停止命令如下所示。 -``` -pkgshipd start - -pkgshipd stop -``` -# 工具使用 -1. 数据库初始化。 - - ``` - pkgship init - ``` - -2. 单包查询。 - - 查询源码包(sourceName)在所有数据库中的信息 。 - - ``` - pkgship single sourceName - ``` - - 查询当前源码包(sourceName)在指定数据库(dbName)中的信息。 - ``` - pkgship single sourceName -db dbName - ``` - -3. 所有包查询。 - 查询所有数据库下包含的所有包的信息。 - - ``` - pkgship list - ``` - - 查询指定数据库(dbName)下的所有包的信息。 - ``` - pkgship list -db dbName - ``` - -4. 安装依赖查询。 - 查询二进制包(binaryName)的安装依赖,按照默认优先级查询数据库。 - - ``` - pkgship installdep binaryName - ``` - - 在指定数据库(dbName)下查询二进制包(binaryName)的所有安装依赖,按照先后顺序指定数据库查询的优先级。 - ``` - pkgship installdep binaryName -dbs dbName1 dbName2... - ``` - -5. 编译依赖查询。 - 查询源码包(sourceName)的所有编译依赖,按照默认优先级查询数据库。 - - ``` - pkgship builddep sourceName - ``` - - 在指定数据库(dbName)下查询源码包(sourceName)的所有安装依赖,按照先后顺序指定数据库查询的优先级。 - ``` - pkgship builddep sourceName -dbs dbName1 dbName2... - ``` - -6. 自编译自安装依赖查询。 - 查询二进制包(binaryName)的安装和编译依赖,按照默认优先级查询数据库。 - - ``` - pkgship selfbuild binaryName - ``` - - 查询源码包(sourceName )的安装和编译依赖,按照默认优先级查询数据库。 - ``` - pkgship selfbuild sourceName -t source - ``` - 其他参数: - - -dbs 指定数据库优先级。 - - ``` - 示例:pkgship selfbuild binaryName -dbs dbName1 dbName2 - ``` - -s 是否查询自编译依赖。其中0表示不查询自编译依赖,1表示查询自编译依赖,默认为0,可以指定1。 - - ``` - 查询自编译示例:pkgship selfbuild sourceName -t source -s 1 - ``` - -w 是否查询对应包的子包。其中0表示不查询对应子包,1表示查询对应子包,默认为0,可以指定1。 - - ``` - 查询子包示例:pkgship selfbuild binaryName -w 1 - ``` - -7. 被依赖查询。 - 查询源码包(sourceName)在某数据库(dbName)中被哪些包所依赖,查询结果默认不包含对应二进制包的子包 。 - - ``` - pkgship bedepend sourceName -db dbName - ``` - - 使查询结果包含二进制包的子包加入参数 -w。 - ``` - pkgship bedepend sourceName -db dbName -w 1 - ``` - -8. 包信息记录修改。 - 变更数据库中(dbName)源码包(sourceName)的maintainer为Newmaintainer 。 - - ``` - pkgship updatepkg sourceName db dbName -m Newmaintainer - ``` - - 变更数据库中(dbName)源码包(sourceName)的maintainlevel为Newmaintainlevel,值在1~4之间。 - - ``` - pkgship updatepkg sourceName db dbName -l Newmaintainlevel - ``` - - 同时变更数据库中(dbName)源码包(sourceName)的maintainer 为Newmaintainer和变更 maintainlevel为Newmaintainlevel。 - - ``` - pkgship updatepkg sourceName db dbName -m Newmaintainer -l Newmaintainlevel - ``` -9. 数据库删除。 - 删除指定数据库(dbName)。 - - ``` - pkgship rm db dbName - ``` - - - diff --git "a/content/zh/docs/userguide/\346\246\202\350\277\260.md" "b/content/zh/docs/userguide/\346\246\202\350\277\260.md" deleted file mode 100644 index 74490c61e7f085f49758d903630e79fcb1949a00..0000000000000000000000000000000000000000 --- "a/content/zh/docs/userguide/\346\246\202\350\277\260.md" +++ /dev/null @@ -1,2 +0,0 @@ -本文主要介绍在openEuler 发行版本过程中使用到的工具集,主要包含工具的介绍,安装以及使用等方面内容。 - diff --git "a/content/zh/docs/userguide/\350\241\245\344\270\201\345\267\245\345\205\267.md" "b/content/zh/docs/userguide/\350\241\245\344\270\201\345\267\245\345\205\267.md" deleted file mode 100644 index fcef036b2d38c89832d60ba8bae32f2c3d7540ec..0000000000000000000000000000000000000000 --- "a/content/zh/docs/userguide/\350\241\245\344\270\201\345\267\245\345\205\267.md" +++ /dev/null @@ -1,254 +0,0 @@ -补丁跟踪 -=== - - -# 简介 - -在 openEuler 发行版开发过程,需要及时更新上游社区各个软件包的最新代码,修改功能 bug 及安全问题,确保发布的 openEuler 发行版尽可能避免缺陷和漏洞。 - -本工具对软件包进行补丁管理,主动监控上游社区提交,自动生成补丁,并自动提交 issue 给对应的 maintainer,同时自动验证补丁基础功能,减少验证工作量支持 maintainer 快速决策。 - -# 架构 - -## C/S架构 - -补丁跟踪采用 C/S 架构。 - -服务端(patch-tracking) :负责执行补丁跟踪任务,包括:维护跟踪项,识别上游仓库分支代码变更并形成补丁文件,向 Gitee 提交 issue 及 PR,同时 patch-tracking 提供 RESTful 接口,用于对跟踪项进行增删改查操作。 - -客户端:即命令行工具(patch-tracking-cli),通过调用 patch-tracking 的 RESTful 接口,实现对跟踪项的增删改查操作。 - -## 核心流程 - -* 补丁跟踪服务流程 - -**主要步骤:** - -1. 命令行工具写入跟踪项。 -2. 自动从跟踪项配置的上游仓库(例如Github)获取补丁文件。 -3. 创建临时分支,将获取到的补丁文件提交到临时分支。 -4. 自动提交issue到对应项目,并生成关联 issue 的 PR。 - -PatchTracking - -* Maintainer对提交的补丁处理流程 - -**主要步骤:** -1. Maintainer分析临时分支中的补丁文件,判断是否合入。 -2. 执行构建,构建成功后判断是否合入PR。 - -![Maintainer](images/Maintainer.jpg) - -## 数据结构 - -* Tracking表 - -| 序号 | 名称 | 说明 | 类型 | 键 | 允许空 | -|:----:| ----| ----| ----| ----| ----| -| 1 | id | 自增补丁跟踪项序号 | int | - | NO | -| 2 | version_control | 上游SCM的版本控制系统类型 | String | - | NO | -| 3 | scm_repo | 上游SCM仓库地址 | String | - | NO | -| 4 | scm_branch | 上游SCM跟踪分支 | String | - | NO | -| 5 | scm_commit | 上游代码最新处理过的Commit ID | String | - | YES | -| 6 | repo | 包源码在Gitee的仓库地址 | String | Primary | NO | -| 7 | branch | 包源码在Gitee的仓库分支 | String | Primary | NO | -| 8 | enabled | 是否启动跟踪 | Boolean | -| NO | - -* Issue表 - -| 序号 | 名称 | 说明 | 类型 | 键 | 允许空 | -|:----:| ----| ----| ----| ----| ----| -| 1 | issue | issue编号 | String | Primary | NO | -| 2 | repo | 包源码在Gitee的仓库地址 | String | - | NO | -| 3 | branch | 包源码在Gitee的仓库分支 | String | - | NO | - -# 工具部署 - -## 环境要求 - ->* 安装 Python 3.7及以上版本 ->* 已安装 pip3。 - -## 安装依赖 - -执行如下命令安装依赖包。 - -```shell script -yum install -y gcc python3-devel openssl-devel -pip3 install flask flask-sqlalchemy flask-apscheduler requests flask_httpauth -pip3 install -I uwsgi -``` - -## 安装工具 - -执行如下命令安装工具包(其中”x.x.x”表示版本号,请用实际情况代替)。 - -```shell script -rpm -ivh patch-tracking-xxx.rpm -``` - -## 配置参数 - -在配置文件中对相应参数进行配置,配置文件路径为 `/etc/patch-tracking/settings.conf`。 - -1. 配置服务监听地址。 - - ``` - LISTEN = "127.0.0.1:5001" - ``` - -2. GitHub Token, 用于访问托管在 GitHub 上游开源软件仓的仓库信息 , 生成 GitHub Token 的方法参考 [Creating a personal access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) 。 - - ``` - GITHUB_ACCESS_TOKEN = "" - ``` - -3. 对于托管在gitee上的需要跟踪的仓库,配置一个有该仓库权限的gitee的token,用于提交patch文件,提交issue,提交PR等操作。 - - ``` - GITEE_ACCESS_TOKEN = "" - ``` - -4. 定时扫描数据库中是否有新增或修改的跟踪项,对扫描到的跟踪项执行获取上游补丁任务,在这里配置扫描的时间间隔,数字单位是秒。 - - ``` - SCAN_DB_INTERVAL = 3600 - ``` - -5. 命令行工具运行过程中,POST接口需要填写进行认证的用户名和口令哈希值。 - - ``` - USER = "admin" - - PASSWORD = "" - ``` - - > `USER`默认值为`admin`。 - -​ 执行如下指令,获取口令的哈希值,其中Test@123为设置的口令。 - -``` -[root]# generate_password Test@123 -pbkdf2:sha256:150000$w38eLeRm$ebb5069ba3b4dda39a698bd1d9d7f5f848af3bd93b11e0cde2b28e9e34bfbbae -``` - -> `口令值`需要满足如下复杂度要求: -> -> * 长度大于等于6个字符 -> * 必须包含大写字母、小写字母、数字、特殊字符(~!@#%^*-_=+) - - 将口令的哈希值`pbkdf2:sha256:150000$w38eLeRm$ebb5069ba3b4dda39a698bd1d9d7f5f848af3bd93b11e0cde2b28e9e34bfbbae`配置到`PASSWORD = ""`引号中。 - -## 启动补丁跟踪服务 - -可以使用以下两种方式启动服务。 - -* 使用systemd方式。 - - ``` - systemctl start patch-tracking - ``` - -* 直接执行可执行程序。 - - ``` - /usr/bin/patch-tracking - ``` - -# 工具使用 - -## 添加跟踪项 - -将需要跟踪的软件仓库和分支与其上游开源软件仓库与分支关联起来,可以通过以下三种方式实现。 - -### 命令行直接添加 - -参数含义: ->--user :POST接口需要进行认证的用户名,同settings.conf中的USER参数 \ ---password :POST接口需要进行认证的口令,为settings.conf中的PASSWORD哈希值对应的实际的口令字符串 \ ---server :启动Patch Tracking服务的URL,例如:127.0.0.1:5001 \ ---version_control :上游仓库版本的控制工具,只支持github \ ---repo: 需要进行跟踪的仓库名称,格式:组织/仓库 \ ---branch :需要进行跟踪的仓库的分支名称 \ ---scm_repo :被跟踪的上游仓库的仓库名称,github格式:组织/仓库 \ ---scm_branch: 被跟踪的上游仓库的仓库的分支 \ ---enable :是否自动跟踪该仓库 - -例如: -```shell script -patch-tracking-cli --server 127.0.0.1:5001 --user admin --password Test@123 --version_control github --repo testPatchTrack/testPatch1 --branch master --scm_repo BJMX/testPatch01 --scm_branch test --enable true -``` - -### 指定文件添加 - -参数含义: ->--server :启动Patch Tracking服务的URL,例如:127.0.0.1:5001 \ ---user :POST接口需要进行认证的用户名,同settings.conf中的USER参数 \ ---password :POST接口需要进行认证的口令,为settings.conf中的PASSWORD哈希值对应的实际的口令字符串 \ ---file :yaml文件路径 - -将仓库、分支、版本管理工具、是否启动监控等信息写入yaml文件(例如tracking.yaml),文件路径作为`--file`的入参调用命令。 - -例如: -```shell script -patch-tracking-cli --server 127.0.0.1:5001 --user admin --password Test@123 --file tracking.yaml -``` - -yaml文件内容格式如下,冒号左边的内容不可修改,右边内容根据实际情况填写。 - -```shell script -version_control: github -scm_repo: xxx/xxx -scm_branch: master -repo: xxx/xxx -branch: master -enabled: true -``` - ->version_control :上游仓库版本的控制工具,只支持github \ -scm_repo :被跟踪的上游仓库的仓库名称,github格式:组织/仓库 \ -scm_branch :被跟踪的上游仓库的仓库的分支 \ -repo :需要进行跟踪的仓库名称,格式:组织/仓库 \ -branch :需要进行跟踪的仓库的分支名称 \ -enable :是否自动跟踪该仓库 - -### 指定目录添加 - -在指定的目录,例如`test_yaml`下放入多个`xxx.yaml`文件,执行如下命令,记录指定目录下所有yaml文件的跟踪项。 - -参数含义: ->--user :POST接口需要进行认证的用户名,同settings.conf中的USER参数 \ ---password :POST接口需要进行认证的口令,为settings.conf中的PASSWORD哈希值对应的实际的口令字符串 \ ---server :启动Patch Tracking服务的URL,例如:127.0.0.1:5001 \ ---dir :存放yaml文件目录的路径 - -```shell script -patch-tracking-cli --server 127.0.0.1:5001 --user admin --password Test@123 --dir /home/Work/test_yaml/ -``` - -## 查询跟踪项 - -```shell script -curl -k https:///tracking -``` -例如: -```shell script -curl -k https://127.0.0.1:5001/tracking -``` - -## 查询生成的 Issue 列表 - -```shell script -curl -k https:///issue -``` -例如: -```shell script -curl -k https://127.0.0.1:5001/issue -``` - -## 码云查看 issue 及 PR - -登录Gitee上进行跟踪的软件项目,在该项目的Issues和Pull Requests页签下,可以查看到名为`[patch tracking] TIME`,例如` [patch tracking] 20200713101548`的条目,该条目即是刚生成的补丁文件的issue和对应PR。 - - - diff --git a/content/zh/menu/index.md b/content/zh/menu/index.md deleted file mode 100644 index 1d6d99d870b18d22a517af3574a05d86ae517626..0000000000000000000000000000000000000000 --- a/content/zh/menu/index.md +++ /dev/null @@ -1,137 +0,0 @@ ---- -headless: true ---- -- [法律声明]({{< relref "./docs/Releasenotes/法律声明.md" >}}) -- [发行说明]({{< relref "./docs/Releasenotes/release_notes.md" >}}) - - [用户须知]({{< relref "./docs/Releasenotes/用户须知.md" >}}) - - [简介]({{< relref "./docs/Releasenotes/简介.md" >}}) - - [系统安装]({{< relref "./docs/Releasenotes/系统安装.md" >}}) - - [关键特性]({{< relref "./docs/Releasenotes/关键特性.md" >}}) - - [已知问题]({{< relref "./docs/Releasenotes/已知问题.md" >}}) - - [已修复问题]({{< relref "./docs/Releasenotes/已修复问题.md" >}}) - - [CVE漏洞]({{< relref "./docs/Releasenotes/CVE漏洞.md" >}}) - - [源代码]({{< relref "./docs/Releasenotes/源代码.md" >}}) - - [参与贡献]({{< relref "./docs/Releasenotes/参与贡献.md" >}}) - - [致谢]({{< relref "./docs/Releasenotes/致谢.md" >}}) - -- [快速入门]({{< relref "./docs/Quickstart/quick-start.md" >}}) - -- [安装指南]({{< relref "./docs/Installation/installation.md" >}}) - - [安装在服务器]({{< relref "./docs/Installation/安装在服务器.md" >}}) - - [安装准备]({{< relref "./docs/Installation/安装准备.md" >}}) - - [安装方式介绍]({{< relref "./docs/Installation/安装方式介绍.md" >}}) - - [安装指导]({{< relref "./docs/Installation/安装指导.md" >}}) - - [使用kickstart自动化安装]({{< relref "./docs/Installation/使用kickstart自动化安装.md" >}}) - - [FAQ]({{< relref "./docs/Installation/FAQ.md" >}}) - - [安装在树莓派]({{< relref "./docs/Installation/安装在树莓派.md" >}}) - - [安装准备]({{< relref "./docs/Installation/安装准备-1.md" >}}) - - [安装方式介绍]({{< relref "./docs/Installation/安装方式介绍-1.md" >}}) - - [安装指导]({{< relref "./docs/Installation/安装指导-1.md" >}}) - - [FAQ]({{< relref "./docs/Installation/FAQ-1.md" >}}) - - [更多资源]({{< relref "./docs/Installation/更多资源.md" >}}) - - -- [管理员指南]({{< relref "./docs/Administration/administration.md" >}}) - - [查看系统信息]({{< relref "./docs/Administration/查看系统信息.md" >}}) - - [基础配置]({{< relref "./docs/Administration/基础配置.md" >}}) - - [管理用户和用户组]({{< relref "./docs/Administration/管理用户和用户组.md" >}}) - - [使用DNF管理软件包]({{< relref "./docs/Administration/使用DNF管理软件包.md" >}}) - - [管理服务]({{< relref "./docs/Administration/管理服务.md" >}}) - - [管理进程]({{< relref "./docs/Administration/管理进程.md" >}}) - - [配置网络]({{< relref "./docs/Administration/配置网络.md" >}}) - - [使用LVM管理硬盘]({{< relref "./docs/Administration/使用LVM管理硬盘.md" >}}) - - [使用KAE加速引擎]({{< relref "./docs/Administration/使用KAE加速引擎.md" >}}) - - [搭建服务]({{< relref "./docs/Administration/搭建服务.md" >}}) - - [搭建repo服务器]({{< relref "./docs/Administration/搭建repo服务器.md" >}}) - - [搭建FTP服务器]({{< relref "./docs/Administration/搭建FTP服务器.md" >}}) - - [搭建web服务器]({{< relref "./docs/Administration/搭建web服务器.md" >}}) - - [搭建数据库服务器]({{< relref "./docs/Administration/搭建数据库服务器.md" >}}) - - [FAQ]({{< relref "./docs/Administration/FAQ-54.md" >}}) - - -- [虚拟化用户指南]({{< relref "./docs/Virtualization/virtualization.md" >}}) - - [认识虚拟化]({{< relref "./docs/Virtualization/认识虚拟化.md" >}}) - - [安装虚拟化]({{< relref "./docs/Virtualization/安装虚拟化.md" >}}) - - [准备使用环境]({{< relref "./docs/Virtualization/准备使用环境.md" >}}) - - [虚拟机配置]({{< relref "./docs/Virtualization/虚拟机配置.md" >}}) - - [管理虚拟机]({{< relref "./docs/Virtualization/管理虚拟机.md" >}}) - - [热迁移虚拟机]({{< relref "./docs/Virtualization/热迁移虚拟机.md" >}}) - - [管理系统资源]({{< relref "./docs/Virtualization/管理系统资源.md" >}}) - - [管理设备]({{< relref "./docs/Virtualization/管理设备.md" >}}) - - [最佳实践]({{< relref "./docs/Virtualization/最佳实践.md" >}}) - - [附录]({{< relref "./docs/Virtualization/附录.md" >}}) - - -- [容器用户指南]({{< relref "./docs/Container/container.md" >}}) - - [iSula容器引擎]({{< relref "./docs/Container/iSula容器引擎.md" >}}) - - [安装、升级与卸载]({{< relref "./docs/Container/安装-升级与卸载.md" >}}) - - [安装与配置]({{< relref "./docs/Container/安装与配置.md" >}}) - - [升级]({{< relref "./docs/Container/升级.md" >}}) - - [卸载]({{< relref "./docs/Container/卸载.md" >}}) - - [使用指南]({{< relref "./docs/Container/使用指南.md" >}}) - - [容器管理]({{< relref "./docs/Container/容器管理.md" >}}) - - [支持CNI网络]({{< relref "./docs/Container/支持CNI网络.md" >}}) - - [特权容器]({{< relref "./docs/Container/特权容器.md" >}}) - - [CRI接口]({{< relref "./docs/Container/CRI接口.md" >}}) - - [镜像管理]({{< relref "./docs/Container/镜像管理.md" >}}) - - [容器健康状态检查]({{< relref "./docs/Container/容器健康状态检查.md" >}}) - - [查询信息]({{< relref "./docs/Container/查询信息.md" >}}) - - [安全特性]({{< relref "./docs/Container/安全特性.md" >}}) - - [支持OCI hooks]({{< relref "./docs/Container/支持OCI-hooks.md" >}}) - - [附录]({{< relref "./docs/Container/附录.md" >}}) - - - [系统容器]({{< relref "./docs/Container/系统容器.md" >}}) - - [安装指导]({{< relref "./docs/Container/安装指导.md" >}}) - - [使用指南]({{< relref "./docs/Container/使用指南-1.md" >}}) - - [指定rootfs创建容器]({{< relref "./docs/Container/指定rootfs创建容器.md" >}}) - - [通过systemd启动容器]({{< relref "./docs/Container/通过systemd启动容器.md" >}}) - - [容器内reboot/shutdown]({{< relref "./docs/Container/容器内reboot-shutdown.md" >}}) - - [cgroup路径可配置]({{< relref "./docs/Container/cgroup路径可配置.md" >}}) - - [namespace化内核参数可写]({{< relref "./docs/Container/namespace化内核参数可写.md" >}}) - - [共享内存通道]({{< relref "./docs/Container/共享内存通道.md" >}}) - - [动态加载内核模块]({{< relref "./docs/Container/动态加载内核模块.md" >}}) - - [环境变量持久化]({{< relref "./docs/Container/环境变量持久化.md" >}}) - - [最大句柄数限制]({{< relref "./docs/Container/最大句柄数限制.md" >}}) - - [安全性和隔离性]({{< relref "./docs/Container/安全性和隔离性.md" >}}) - - [容器资源动态管理]({{< relref "./docs/Container/容器资源动态管理.md" >}}) - - [附录]({{< relref "./docs/Container/附录-2.md" >}}) - - - [安全容器]({{< relref "./docs/Container/安全容器.md" >}}) - - [安装与配置]({{< relref "./docs/Container/安装与配置-2.md" >}}) - - [使用方法]({{< relref "./docs/Container/使用方法-1.md" >}}) - - [管理安全容器的生命周期]({{< relref "./docs/Container/管理安全容器的生命周期.md" >}}) - - [为安全容器配置资源]({{< relref "./docs/Container/为安全容器配置资源.md" >}}) - - [为安全容器配置网络]({{< relref "./docs/Container/为安全容器配置网络.md" >}}) - - [监控安全容器]({{< relref "./docs/Container/监控安全容器.md" >}}) - - [附录]({{< relref "./docs/Container/附录-3.md" >}}) - - - [Docker容器]({{< relref "./docs/Container/Docker容器.md" >}}) - - [安装配置]({{< relref "./docs/Container/安装配置-3.md" >}}) - - [容器管理]({{< relref "./docs/Container/容器管理-3.md" >}}) - - [镜像管理]({{< relref "./docs/Container/镜像管理-3.md" >}}) - - [命令行参考]({{< relref "./docs/Container/命令行参考.md" >}}) - - [容器引擎]({{< relref "./docs/Container/容器引擎-4.md" >}}) - - [容器管理]({{< relref "./docs/Container/容器管理-4.md" >}}) - - [镜像管理]({{< relref "./docs/Container/镜像管理-4.md" >}}) - - [统计信息]({{< relref "./docs/Container/统计信息-4.md" >}}) - - [isula-build构建工具]({{< relref "./docs/Container/isula-build构建工具.md" >}}) - - -- [A-Tune用户指南]({{< relref "./docs/A-Tune/A-Tune.md" >}}) - - [认识A-Tune]({{< relref "./docs/A-Tune/认识A-Tune.md" >}}) - - [安装与部署]({{< relref "./docs/A-Tune/安装与部署.md" >}}) - - [使用方法]({{< relref "./docs/A-Tune/使用方法.md" >}}) - - [常见问题与解决方法]({{< relref "./docs/A-Tune/常见问题与解决方法.md" >}}) - - [附录]({{< relref "./docs/A-Tune/附录.md" >}}) - - -- [应用开发指南]({{< relref "./docs/ApplicationDev/application-development.md" >}})userguide - - [开发环境准备]({{< relref "./docs/ApplicationDev/开发环境准备.md" >}}) - - [使用GCC编译]({{< relref "./docs/ApplicationDev/使用GCC编译.md" >}}) - - [使用make编译]({{< relref "./docs/ApplicationDev/使用make编译.md" >}}) - - [使用JDK编译]({{< relref "./docs/ApplicationDev/使用JDK编译.md" >}}) - - [构建RPM包]({{< relref "./docs/ApplicationDev/构建RPM包.md" >}}) - -- [openEuler工具集用户指南]({{< relref "./docs/userguide/概述.md" >}}) - - [补丁工具]({{< relref "./docs/userguide/补丁工具.md" >}}) - - [pkgship]({{< relref "./docs/userguide/pkgship.md" >}}) \ No newline at end of file diff --git "a/content/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md" b/docs/README.md similarity index 100% rename from "content/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md" rename to docs/README.md diff --git a/content/en/docs/A-Tune/A-Tune.md b/docs/en/docs/A-Tune/A-Tune.md similarity index 100% rename from content/en/docs/A-Tune/A-Tune.md rename to docs/en/docs/A-Tune/A-Tune.md diff --git a/content/en/docs/A-Tune/appendixes.md b/docs/en/docs/A-Tune/appendixes.md similarity index 55% rename from content/en/docs/A-Tune/appendixes.md rename to docs/en/docs/A-Tune/appendixes.md index 46f489cac3e98bcc418e368e7f442270d31a13fa..2d776555c04a00f5a7c56e5d8b503925019af32a 100644 --- a/content/en/docs/A-Tune/appendixes.md +++ b/docs/en/docs/A-Tune/appendixes.md @@ -8,19 +8,13 @@ **Table 1** Terminology - - - - - @@ -28,3 +22,4 @@

Term

Description

workload_type

-

Workload type, which is used to identify a type of service with the same characteristics.

-

profile

+

profile

Set of optimization items and optimal parameter configuration.
+ diff --git a/content/en/docs/A-Tune/application-scenarios.md b/docs/en/docs/A-Tune/application-scenarios.md similarity index 66% rename from content/en/docs/A-Tune/application-scenarios.md rename to docs/en/docs/A-Tune/application-scenarios.md index 924170be9956171063f74f8a718545db93e55907..409c8408a593fb22f46c0069a7d8996a4faeccfb 100644 --- a/content/en/docs/A-Tune/application-scenarios.md +++ b/docs/en/docs/A-Tune/application-scenarios.md @@ -41,10 +41,6 @@ You can use functions provided by A-Tune through the CLI client atune-adm. This - The **define**, **update**, **undefine**, **collection**, **train**, and **upgrade **commands do not support remote execution. - In the command format, brackets \(\[\]\) indicate that the parameter is optional, and angle brackets \(<\>\) indicate that the parameter is mandatory. The actual parameters prevail. -- In the command format, meanings of each command are as follows: - - **WORKLOAD\_TYPE**: name of a user-defined workload type. For details about the supported workload types, see the query result of the **list** command. - - **PROFILE\_NAME**: user-defined profile name. - - **PROFILE\_PATH**: path of the user-defined profile. ## Querying Workload Types @@ -55,7 +51,7 @@ You can use functions provided by A-Tune through the CLI client atune-adm. This #### Function -Query the supported workload types, profiles, and the values of Active. +Query the supported profiles, and the values of Active. #### Format @@ -66,39 +62,111 @@ Query the supported workload types, profiles, and the values of Active. ``` # atune-adm list -Support WorkloadTypes: -+-----------------------------------+------------------------+-----------+ -| WorkloadType | ProfileName | Active | -+===================================+========================+===========+ -| default | default | true | -+-----------------------------------+------------------------+-----------+ -| webserver | ssl_webserver | false | -+-----------------------------------+------------------------+-----------+ -| big_database | database | false | -+-----------------------------------+------------------------+-----------+ -| big_data | big_data | false | -+-----------------------------------+------------------------+-----------+ -| in-memory_computing | in-memory_computing | false | -+-----------------------------------+------------------------+-----------+ -| in-memory_database | in-memory_database | false | -+-----------------------------------+------------------------+-----------+ -| single_computer_intensive_jobs | compute-intensive | false | -+-----------------------------------+------------------------+-----------+ -| communication | rpc_communication | false | -+-----------------------------------+------------------------+-----------+ -| idle | default | false | -+-----------------------------------+------------------------+-----------+ +Support profiles: ++------------------------------------------------+-----------+ +| ProfileName | Active | ++================================================+===========+ +| arm-native-android-container-robox | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-fio | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-lmbench | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-netperf | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-stream | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-unixbench | false | ++------------------------------------------------+-----------+ +| basic-test-suite-speccpu-speccpu2006 | false | ++------------------------------------------------+-----------+ +| basic-test-suite-specjbb-specjbb2015 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-hdfs-dfsio-hdd | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-hdfs-dfsio-ssd | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-bayesian | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-kmeans | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql1 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql10 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql2 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql3 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql4 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql5 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql6 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql7 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql8 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql9 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-tersort | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-wordcount | false | ++------------------------------------------------+-----------+ +| cloud-compute-kvm-host | false | ++------------------------------------------------+-----------+ +| database-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| database-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| database-mongodb-2p-sysbench | false | ++------------------------------------------------+-----------+ +| database-mysql-2p-sysbench-hdd | false | ++------------------------------------------------+-----------+ +| database-mysql-2p-sysbench-ssd | false | ++------------------------------------------------+-----------+ +| database-postgresql-2p-sysbench-hdd | false | ++------------------------------------------------+-----------+ +| database-postgresql-2p-sysbench-ssd | false | ++------------------------------------------------+-----------+ +| default-default | false | ++------------------------------------------------+-----------+ +| docker-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| docker-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| hpc-gatk4-human-genome | false | ++------------------------------------------------+-----------+ +| in-memory-database-redis-redis-benchmark | false | ++------------------------------------------------+-----------+ +| middleware-dubbo-dubbo-benchmark | false | ++------------------------------------------------+-----------+ +| storage-ceph-vdbench-hdd | false | ++------------------------------------------------+-----------+ +| storage-ceph-vdbench-ssd | false | ++------------------------------------------------+-----------+ +| virtualization-consumer-cloud-olc | false | ++------------------------------------------------+-----------+ +| virtualization-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| virtualization-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| web-apache-traffic-server-spirent-pingpo | false | ++------------------------------------------------+-----------+ +| web-nginx-http-long-connection | true | ++------------------------------------------------+-----------+ +| web-nginx-https-short-connection | false | ++------------------------------------------------+-----------+ ``` >![](public_sys-resources/icon-note.gif) **NOTE:** ->If the value of Active is **true**, the profile is activated. In the example, the profile of the default type is activated. +>If the value of Active is **true**, the profile is activated. In the example, the profile of web-nginx-http-long-connection is activated. ## Workload Type Analysis and Auto Optimization - - ### analysis #### Function @@ -121,7 +189,12 @@ Collect real-time statistics from the system to identify and automatically optim

--model, -m

-

Model generated by user-defined training

+

New model generated after user self-training

+ + +

--characterization, -c

+ +

Use the default model for application identification and do not perform automatic optimization

@@ -130,12 +203,18 @@ Collect real-time statistics from the system to identify and automatically optim #### Example -- Use the default model for classification and identification. +- Use the default model for application identification. ``` - # atune-adm analysis + # atune-adm analysis --characterization ``` +- Use the default model to identify applications and perform automatic tuning. + + ``` + # atune-adm analysis + ``` + - Use the user-defined training model for recognition. ``` @@ -147,60 +226,56 @@ Collect real-time statistics from the system to identify and automatically optim A-Tune allows users to define and learn new models. To define a new model, perform the following steps: -1. Run the **define** command to define workload\_type and profile. -2. Run the **collection** command to collect the profile data corresponding to workload\_type. +1. Run the **define** command to define a new profile. +2. Run the **collection** command to collect the system data corresponding to the application. 3. Run the **train** command to train the model. - - ### define #### Function -Add a user-defined workload type and the corresponding profile optimization item. +Add a user-defined application scenarios and the corresponding profile tuning items. #### Format -**atune-adm define** +**atune-adm define** #### Example -Add a workload type. Set workload type to **test\_type**, profile name to **test\_name**, and configuration file of an optimization item to **example.conf**. +Add a profile whose service_type is **test_service**, application_name is **test_app**, scenario_name is **test_scenario**, and tuning item configuration file is **example.conf**. ``` -# atune-adm define test_type test_name ./example.conf +# atune-adm define test_service test_app test_scenario ./example.conf ``` -The **example.conf** file can be written as follows \(the following optimization items are optional and are for reference only\). You can also run the **atune-adm info** command to view how the existing profile is written. +The **example.conf** file can be written as follows (the following optimization items are optional and are for reference only). You can also run the **atune-adm info** command to view how the existing profile is written. ``` -[main] -# list its parent profile -[tip] -# the recommended optimization, which should be performed manunaly -[check] -# check the environment -[affinity.irq] -# to change the affinity of irqs -[affinity.task] -# to change the affinity of tasks -[bios] -# to change the bios config -[bootloader.grub2] -# to change the grub2 config -[kernel_config] -# to change the kernel config -[script] -# the script extention of cpi -[sysctl] -# to change the /proc/sys/* config -[sysfs] -# to change the /sys/* config -[systemctl] -# to change the system service config -[ulimit] -# to change the resources limit of user + [main] + # list its parent profile + [kernel_config] + # to change the kernel config + [bios] + # to change the bios config + [bootloader.grub2] + # to change the grub2 config + [sysfs] + # to change the /sys/* config + [systemctl] + # to change the system service status + [sysctl] + # to change the /proc/sys/* config + [script] + # the script extention of cpi + [ulimit] + # to change the resources limit of user + [schedule_policy] + # to change the schedule policy + [check] + # check the environment + [tip] + # the recommended optimization, which should be performed manunaly ``` ### collection @@ -247,9 +322,9 @@ Collect the global resource usage and OS status information during service runni

Network port used during service running, for example, eth0.

-

--workload_type, -t

+

--app_type, -t

-

Workload type, which is used as a label for training.

+

Mark the application type of the service as a label for training.

--duration, -d

@@ -269,14 +344,14 @@ Collect the global resource usage and OS status information during service runni #### Example ``` -# atune-adm collection --filename name --interval 5 --duration 1200 --output_path /home/data --disk sda --network eth0 --workload_type test_type +# atune-adm collection --filename name --interval 5 --duration 1200 --output_path /home/data --disk sda --network eth0 --app_type test_type ``` ### train #### Function -Use the collected data to train the model. Collect data of at least two workload types during training. Otherwise, an error is reported. +Use the collected data to train the model. Collect data of at least two application types during training. Otherwise, an error is reported. #### Format @@ -304,18 +379,18 @@ Use the CSV file in the **data** directory as the training input. The generate #### Function -Delete a user-defined workload type. +Delete a user-defined profile. #### Format -**atune-adm undefine** +**atune-adm undefine** #### Example -Delete the **test\_type** workload type. +Delete the user-defined profile. ``` -# atune-adm undefine test_type +# atune-adm undefine test_service-test_app-test_scenario ``` ## Querying Profiles @@ -325,26 +400,26 @@ Delete the **test\_type** workload type. #### Function -View the profile content of a workload type. +View the profile content. #### Format -**atune-adm info** _ +**atune-adm info** #### Example -View the profile content of webserver. +View the profile content of web-nginx-http-long-connection. ``` -# atune-adm info webserver +# atune-adm info web-nginx-http-long-connection -*** ssl_webserver: +*** web-nginx-http-long-connection: # -# webserver tuned configuration +# nginx http long connection A-Tune configuration # [main] -#TODO CONFIG +include = default-default [kernel_config] #TODO CONFIG @@ -352,11 +427,18 @@ View the profile content of webserver. [bios] #TODO CONFIG +[bootloader.grub2] +iommu.passthrough = 1 + [sysfs] #TODO CONFIG +[systemctl] +sysmonitor = stop +irqbalance = stop + [sysctl] -fs.file-max=6553600 +fs.file-max = 6553600 fs.suid_dumpable = 1 fs.aio-max-nr = 1048576 kernel.shmmax = 68719476736 @@ -384,63 +466,46 @@ net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 -[systemctl] -sysmonitor=stop -irqbalance=stop - -[bootloader.grub2] -selinux=0 -iommu.passthrough=1 - -[tip] -bind your master process to the CPU near the network = affinity -bind your network interrupt to the CPU that has this network = affinity -relogin into the system to enable limits setting = OS - [script] -openssl_hpre = 0 prefetch = off +ethtool = -X {network} hfunc toeplitz [ulimit] {user}.hard.nofile = 102400 {user}.soft.nofile = 102400 -[affinity.task] -#TODO CONFIG - -[affinity.irq] +[schedule_policy] #TODO CONFIG [check] #TODO CONFIG +[tip] +SELinux provides extra control and security features to linux kernel. Disabling SELinux will improve the performance but may cause security risks. = kernel +disable the nginx log = application ``` -   - ## Updating a Profile You can update the existing profile as required. - - ### update #### Function -Update an optimization item of a workload type to the content in the **new.conf** file. +Update the original tuning items in the existing profile to the content in the **new.conf** file. #### Format -**atune-adm update** +**atune-adm update** #### Example -Update the workload type to **test\_type** and the optimization item of test\_name to **new.conf**. +Change the tuning item of the profile named **test_service-test_app-test_scenario** to **new.conf**. ``` -# atune-adm update test_type test_name ./new.conf +# atune-adm update test_service-test_app-test_scenario ./new.conf ``` ## Activating a Profile @@ -449,30 +514,26 @@ Update the workload type to **test\_type** and the optimization item of test\_ #### Function -Manually activate a profile of a workload type. +Manually activate the profile to make it in the active state. #### Format -**atune-adm profile **_<_WORKLOAD\_TYPE_\>_ +**atune-adm profile** #### Parameter Description -You can run the **list** command to query the supported workload types. +For details about the profile name, see the query result of the list command. #### Example -Activate the profile configuration of webserver. +Activate the profile corresponding to the web-nginx-http-long-connection. ``` -# atune-adm profile webserver +# atune-adm profile web-nginx-http-long-connection ``` ## Rolling Back Profiles -   - - - ### rollback #### Functions @@ -491,10 +552,6 @@ Roll back the current configuration to the initial configuration of the system. ## Updating Database -   - - - ### upgrade #### Function @@ -522,10 +579,6 @@ The database is updated to **new\_sqlite.db**. ## Querying System Information -   - - - ### check @@ -561,9 +614,7 @@ Check the CPU, BIOS, OS, and NIC information. ## Automatic Parameter Optimization -A-Tune provides the automatic search capability for optimal configurations, eliminating the need for repeated manual parameter adjustment and performance evaluation. This greatly improves the search efficiency of optimal configurations. - - +A-Tune provides the automatic search capability with the optimal configuration, saving the trouble of manually configuring parameters and performance evaluation. This greatly improves the search efficiency of optimal configurations. ### Tuning @@ -574,38 +625,71 @@ Use the specified project file to search the dynamic space for parameters and fi #### Format +**atune-adm tuning** \[OPTIONS\] + >![](public_sys-resources/icon-note.gif) **NOTE:** >Before running the command, ensure that the following conditions are met: ->1. The YAML configuration file of the server has been edited and placed in the **/etc/atuned/tuning/** directory on the server by the server administrator. ->2. The YAML configuration file of the client has been edited and placed in an arbitrary directory on the client. - -**atune-adm tuning** \[OPTIONS\] +>1. The YAML configuration file on the server has been edited and stored in the **/etc/atuned/tuning/** directory of the atuned service. +>2. The YAML configuration file of the client has been edited and stored on the atuned client. #### Parameter Description - OPTIONS - - - - - - - - - - - -

Parameter

-

Description

-

--restore, -r

-

Restores the initial configuration before tuning.

-

--project, -p

-

Specifies the project name in the YAML file to be restored.

-
- + + + + + + + + + + + + + + + + + + + + + + + + + +
+

Parameter

+ 		+

Description

+
+

--restore, -r

+ 		+

Restores the initial + configuration before tuning.

+
+

--project, -p

+ 		+

Specifies the + project name in the YAML file to be restored.

+
+

--restart, -c

+ 		+

Perform tuning based + on historical tuning results.

+
+

--detail, -d

+ 		+

Print detailed + information about the tuning process.

+
+ + >![](public_sys-resources/icon-note.gif) **NOTE:** - >The preceding two parameters must be used at the same time, and the -p parameter must be followed by the specific project name. + >If this parameter is used, the -p parameter must be followed by a specific project name and the YAML file of the project must be specified. - **PROJECT\_YAML**: YAML configuration file of the client. @@ -672,6 +756,7 @@ Use the specified project file to search the dynamic space for parameters and fi + **Table 2** Description of object configuration items - - - - - - - - @@ -783,21 +868,13 @@ Use the specified project file to search the dynamic space for parameters and fi - - - - -

Name

@@ -740,36 +825,36 @@ Use the specified project file to search the dynamic space for parameters and fi

dtype

This parameter is available only when type is set to discrete. Currently, only int and string are supported.

+

This parameter is available only when type is set to discrete. Currently, int, float and string are supported.

Enumeration

int, string

+

int, float, string

scope

Parameter setting range. This parameter is valid only when type is set to discrete and dtype is set to int, or type is set to continuous.

+

Parameter setting range. This parameter is valid only when type is set to discrete and dtype is set to int or float, or type is set to continuous.

Integer

+

Integer/Float

The value is user-defined and must be within the valid range of this parameter.

step

Parameter value step, which is used when dtype is set to int.

+

Parameter value step, which is used when dtype is set to int or float.

Integer

+

Integer/Float

This value is user-defined.

items

Enumerated value of which the parameter value is not within the scope. This is used when dtype is set to int.

+

Enumerated value of which the parameter value is not within the scope. This is used when dtype is set to int or float.

Integer

+

Integer/Float

The value is user-defined and must be within the valid range of this parameter.

The value is user-defined and must be within the valid range of this parameter.

ref

-

Recommended initial value of the parameter

-

Integer or character string

-

The value is user-defined and must be within the valid range of this parameter.

-
**Table 3** Description of configuration items of a YAML file on the client + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Name

Description

@@ -817,6 +894,15 @@ Use the specified project file to search the dynamic space for parameters and fi

-

engine

+

Tuning algorithm.

+

Character string

+

"random", "forest", "gbrt", "bayes", "extraTrees"

+

iterations

Number of optimization iterations.

@@ -826,6 +912,51 @@ Use the specified project file to search the dynamic space for parameters and fi

≥ 10

random_starts

+

Number of random iterations.

+

Integer

+

< iterations

+

feature_filter_engine

+

Parameter search algorithm, which is used to select important parameters. This parameter is optional.

+

Character string

+

"lhs"

+

feature_filter_cycle

+

Parameter search cycles, which is used to select important parameters. This parameter is used together with feature_filter_engine.

+

Integer

+

-

+

feature_filter_iters

+

Number of iterations for each cycle of parameter search, which is used to select important parameters. This parameter is used together with feature_filter_engine.

+

Integer

+

-

+

split_count

+

Number of evenly selected parameters in the value range of tuning parameters, which is used to select important parameters. This parameter is used together with feature_filter_engine.

+

Integer

+

-

+

benchmark

Performance test script.

@@ -847,6 +978,8 @@ Use the specified project file to search the dynamic space for parameters and fi
+ + **Table 4** Description of evaluations configuration item - - - - - - - diff --git a/content/en/docs/ApplicationDev/building-an-rpm-package.md b/docs/en/docs/ApplicationDev/building-an-rpm-package.md similarity index 97% rename from content/en/docs/ApplicationDev/building-an-rpm-package.md rename to docs/en/docs/ApplicationDev/building-an-rpm-package.md index ff247ecf8f7e7e0ab0d52d6355ab02a75eee4a19..42d917c3824dcdefd49b0106af71fd6704d01d7c 100644 --- a/content/en/docs/ApplicationDev/building-an-rpm-package.md +++ b/docs/en/docs/ApplicationDev/building-an-rpm-package.md @@ -513,7 +513,7 @@ This section describes how to build an RPM software package online on OBS. #### Building an Existing Software Package ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- If you use OBS for the first time, register an individual account on the OBS web page. >- With this method, you must copy the modified code and commit it to the code directory before performing the following operations. The code directory is specified in the **\_service** file. @@ -526,7 +526,7 @@ To modify the source code of the existing software and build the modified source 5. Click **Branch package**. In the displayed dialog box, click **Accept**, as shown in [Figure 1](#fig77646143214). **Figure 1** **Branch Confirmation** page - ![](figures/branch-confirmation-page.png "branch-confirmation-page") + ![](./figures/branch-confirmation-page.png "branch-confirmation-page") 6. Click the **\_service** file to go to the editing page, modify the file content, and click **Save**. An example of the **\_service** file content is as follows. _userCodeURL_ and _userCommitID_ indicate the user code path and commission version number or branch, respectively. @@ -544,14 +544,14 @@ To modify the source code of the existing software and build the modified source ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Click **Save** to save the **\_service** file. OBS downloads the source code from the specified URL to the software directory of the corresponding OBS project based on the **\_service** file description and replaces the original file. For example, the **kernel** directory of the **openEuler:Mainline** project in the preceding example. 7. After the files are copied and replaced, OBS automatically starts to build the RPM software package. Wait until the build is complete and view the build status in the status bar on the right. - **succeeded**: The build is successful. You can click **succeeded** to view the build logs, as shown in [Figure 2](#fig10319114217337). **Figure 2** **Succeeded** page - ![](figures/succeeded-page.png "succeeded-page") + ![](./figures/succeeded-page.png "succeeded-page") - **failed**: The build failed. Click **failed** to view error logs, locate the fault, and rebuild again. - **unresolvable**: The build is not performed. The possible cause is that the dependency is missing. @@ -570,23 +570,23 @@ To add a new software package on the OBS web page, perform the following steps: 5. Click **Delete package** to delete the software package in the new subproject, as shown in [Figure 3](#fig18306181103615). **Figure 3** Deleting a software package from a subproject - ![](figures/deleting-a-software-package-from-a-subproject.png "deleting-a-software-package-from-a-subproject") + ![](./figures/deleting-a-software-package-from-a-subproject.png "deleting-a-software-package-from-a-subproject") - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The purpose of creating a project by using existing software is to inherit the dependency such as the environment. Therefore, you need to delete these files. 6. Click **Create Package**. On the page that is displayed, enter the software package name, title, and description, and click **Create** to create a software package, as shown in [Figure 4](#fig6762111693811) and [Figure 5](#fig18351153518389). **Figure 4** **Create Package** page - ![](figures/create-package-page.png "create-package-page") + ![](./figures/create-package-page.png "create-package-page") **Figure 5** Creating a software package - ![](figures/creating-a-software-package.png "creating-a-software-package") + ![](./figures/creating-a-software-package.png "creating-a-software-package") 7. Click **Add file** to upload the .spec file and the file to be compiled \(specified in the .spec file\), as shown in [Figure 6](#fig1475845284011). **Figure 6** **Add file** page - ![](figures/add-file-page.png "add-file-page") + ![](./figures/add-file-page.png "add-file-page") 8. After the file is uploaded, OBS automatically starts to build the RPM software package. Wait until the build is complete and view the build status in the status bar on the right. - **succeeded**: The build is successful. You can click **succeeded** to view the build logs. @@ -604,15 +604,15 @@ After the RPM software package is built, perform the following operations to obt 2. Click **All Projects** and find the project corresponding to the required software package, for example, **openEuler:Mainline**. 3. Click the name of the required software package in the project. The software package details page is displayed, for example, the **kernel** page in the preceding example. -1. Click the **Repositories** tab. On the software repository management page that is displayed, click **Enable** in **Publish Flag** to enable the RPM software package download function \(the status changes from ![](figures/en-us_image_0229243704.png) to ![](figures/en-us_image_0229243702.png)\), as shown in [Figure 7](#fig17480830144217). +1. Click the **Repositories** tab. On the software repository management page that is displayed, click **Enable** in **Publish Flag** to enable the RPM software package download function \(the status changes from ![](./figures/en-us_image_0229243704.png) to ![](./figures/en-us_image_0229243702.png)\), as shown in [Figure 7](#fig17480830144217). **Figure 7** **Repositories** page - ![](figures/repositories-page.png "repositories-page") + ![](./figures/repositories-page.png "repositories-page") 2. Click the project name in the **Repository** column. On the RPM software package download page that is displayed, click **Download** on the right of the RPM software package to download the RPM software package, as shown in [Figure 8](#fig12152145615438). **Figure 8** RPM software package download page - ![](figures/rpm-software-package-download-page.png "rpm-software-package-download-page") + ![](./figures/rpm-software-package-download-page.png "rpm-software-package-download-page") ### Building a Software Package Using OSC @@ -633,7 +633,7 @@ You have obtained the **root** permission, and have configured a repo source f # dnf install osc build ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The compilation of RPM software packages depends on build. 2. Configure the OSC. @@ -714,25 +714,31 @@ You have obtained the **root** permission, and have configured a repo source f $ osc addremove * ``` -2. Modify the source code and .spec file, and synchronize all modifications of the corresponding software package to the OBS server. The following is a command example. The information after the **-m** parameter is the commission record. +2. Modify the source code and .spec file, and run the following command to update the file. + + ``` + $ osc up + ``` + +3. Synchronize all modifications of the corresponding software package to the OBS server. The following is an example of command. The information after the **-m** parameter indicates the submmission record. ``` $ osc ci -m "commit log" ``` -3. Run the following command to obtain the repository name and architecture of the current project: +4. Run the following command to obtain the repository name and architecture of the current project: ``` $ osc repos home:testUser:branches:openEuler:Mainline ``` -4. After the modification is committed, OBS automatically compiles the software package. You can run the following command to view the compilation logs of the corresponding repository. In the command, *standard\_aarch64* and _aarch64_ indicate the repository name and architecture obtained in the command output. +5. After the modification is committed, OBS automatically compiles the software package. You can run the following command to view the compilation logs of the corresponding repository. In the command, *standard\_aarch64* and _aarch64_ indicate the repository name and architecture obtained in the command output. ``` $ osc buildlog standard_aarch64 aarch64 ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >You can also open the created project on the web client to view the build logs. @@ -788,7 +794,7 @@ To use the OSC tool of OBS to add a new software package, perform the following $ osc buildlog standard_aarch64 aarch64 ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >You can also open the created project on the web client to view the build logs. @@ -807,6 +813,6 @@ The parameters in the command are described as follows. You can modify the param - _standard\_aarch64_: repository name. - _aarch64_: repository architecture name. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >You can also obtain the software package built using OSC from the web page. For details, see [Obtaining the Software Package](#obtaining-the-software-package). diff --git a/content/en/docs/ApplicationDev/figures/add-file-page.png b/docs/en/docs/ApplicationDev/figures/add-file-page.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/add-file-page.png rename to docs/en/docs/ApplicationDev/figures/add-file-page.png diff --git a/content/en/docs/ApplicationDev/figures/branch-confirmation-page.png b/docs/en/docs/ApplicationDev/figures/branch-confirmation-page.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/branch-confirmation-page.png rename to docs/en/docs/ApplicationDev/figures/branch-confirmation-page.png diff --git a/content/en/docs/ApplicationDev/figures/create-package-page.png b/docs/en/docs/ApplicationDev/figures/create-package-page.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/create-package-page.png rename to docs/en/docs/ApplicationDev/figures/create-package-page.png diff --git a/content/en/docs/ApplicationDev/figures/creating-a-software-package.png b/docs/en/docs/ApplicationDev/figures/creating-a-software-package.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/creating-a-software-package.png rename to docs/en/docs/ApplicationDev/figures/creating-a-software-package.png diff --git a/content/en/docs/ApplicationDev/figures/deleting-a-software-package-from-a-subproject.png b/docs/en/docs/ApplicationDev/figures/deleting-a-software-package-from-a-subproject.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/deleting-a-software-package-from-a-subproject.png rename to docs/en/docs/ApplicationDev/figures/deleting-a-software-package-from-a-subproject.png diff --git a/content/en/docs/ApplicationDev/figures/en-us_image_0229243671.png b/docs/en/docs/ApplicationDev/figures/en-us_image_0229243671.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/en-us_image_0229243671.png rename to docs/en/docs/ApplicationDev/figures/en-us_image_0229243671.png diff --git a/content/en/docs/ApplicationDev/figures/en-us_image_0229243702.png b/docs/en/docs/ApplicationDev/figures/en-us_image_0229243702.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/en-us_image_0229243702.png rename to docs/en/docs/ApplicationDev/figures/en-us_image_0229243702.png diff --git a/content/en/docs/ApplicationDev/figures/en-us_image_0229243704.png b/docs/en/docs/ApplicationDev/figures/en-us_image_0229243704.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/en-us_image_0229243704.png rename to docs/en/docs/ApplicationDev/figures/en-us_image_0229243704.png diff --git a/content/en/docs/ApplicationDev/figures/en-us_image_0229243712.png b/docs/en/docs/ApplicationDev/figures/en-us_image_0229243712.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/en-us_image_0229243712.png rename to docs/en/docs/ApplicationDev/figures/en-us_image_0229243712.png diff --git a/content/en/docs/ApplicationDev/figures/repositories-page.png b/docs/en/docs/ApplicationDev/figures/repositories-page.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/repositories-page.png rename to docs/en/docs/ApplicationDev/figures/repositories-page.png diff --git a/content/en/docs/ApplicationDev/figures/rpm-software-package-download-page.png b/docs/en/docs/ApplicationDev/figures/rpm-software-package-download-page.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/rpm-software-package-download-page.png rename to docs/en/docs/ApplicationDev/figures/rpm-software-package-download-page.png diff --git a/content/en/docs/ApplicationDev/figures/succeeded-page.png b/docs/en/docs/ApplicationDev/figures/succeeded-page.png similarity index 100% rename from content/en/docs/ApplicationDev/figures/succeeded-page.png rename to docs/en/docs/ApplicationDev/figures/succeeded-page.png diff --git a/content/en/docs/ApplicationDev/preparation.md b/docs/en/docs/ApplicationDev/preparation.md similarity index 89% rename from content/en/docs/ApplicationDev/preparation.md rename to docs/en/docs/ApplicationDev/preparation.md index 32e097dab4e27478964471a5317f770204c5fb71..a92f3494bc530551f9e55bfff60a05fb75567e1f 100644 --- a/content/en/docs/ApplicationDev/preparation.md +++ b/docs/en/docs/ApplicationDev/preparation.md @@ -117,7 +117,7 @@ The openEuler OS is required. -For details about how to install the openEuler OS, see the \[*openEuler 20.09 Installation Guide*\](../Installation/Installation.html ). On the **SOFTWARE SELECTION** page, select **Development Tools** in the **Add-Ons for Selected Environment** area. +For details about how to install the openEuler OS, see the \[*openEuler 20.03 LTS SP1 Installation Guide*\](./../Installation/Installation.html ). On the **SOFTWARE SELECTION** page, select **Development Tools** in the **Add-Ons for Selected Environment** area. ## Configuring a Repo Source @@ -125,38 +125,42 @@ Configure an online yum source by directly obtaining the online openEuler repo s ### Configuring a Repo Source by Directly Obtaining the Repo Source File -> ![](public_sys-resources/icon-note.gif) **NOTE:** -> openEuler provides multiple repo sources for users online. For details about the repo sources, see [System Installation](../Releasenotes/installing-the-os.html). This section uses the **openEuler\_aarch64.repo** file as an example to describe how to configure the OS repo source as the yum source. +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> openEuler provides multiple repo sources for users online. For details about the repo sources, see [System Installation](./../Releasenotes/installing-the-os.html). This section uses the **openEuler\_aarch64.repo** file as an example to describe how to configure the OS repo source as the yum source. 1. Go to the yum source directory and check the .repo configuration file in the directory. ``` $ cd /etc/yum.repos.d $ ls - openEuler.repo + openEuler_aarch64.repo ``` 2. Edit the **openEuler\_aarch64.repo** file as the **root** user. Configure the online openEuler repo source as the yum source. ``` - # vi openEuler.repo + # vi openEuler_aarch64.repo ``` Edit the **openEuler\_aarch64.repo** file as follows: ``` [osrepo] + name=osrepo - baseurl=http://repo.openeuler.org/openEuler-20.09/OS/aarch64/ + + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/ + enabled=1 + gpgcheck=1 - gpgkey=http://repo.openeuler.org/openEuler-20.09/OS/aarch64/RPM-GPG-KEY-openEuler + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/RPM-GPG-KEY-openEuler ``` **** - > ![](public_sys-resources/icon-note.gif) **NOTE:** + > ![](./public_sys-resources/icon-note.gif) **NOTE:** > > - The repoid in \[*repoid* \] indicates the ID of the software repository. Repoids in all .repo configuration files must be unique. In the example, repoid is set to **base**. > - **name** indicates the string that the software repository describes. @@ -168,8 +172,8 @@ Configure an online yum source by directly obtaining the online openEuler repo s ### Configuring a Repo Source by Mounting an ISO File -> ![](public_sys-resources/icon-note.gif) ********NOTE:******** -> openEuler provides multiple ISO release packages. For details about each ISO release package, see [System Installation](../Releasenotes/installing-the-os.html). This section uses the **openEuler-20.09-aarch64-dvd.iso** file and **openEuler-20.09-aarch64-dvd.iso.sha256sum** verification file as examples. Modify them based on the actual requirements. +> ![](./public_sys-resources/icon-note.gif) ********NOTE:******** +> openEuler provides multiple ISO release packages. For details about each ISO release package, see [System Installation](./../Releasenotes/installing-the-os.html). This section uses the **openEuler-20.03-LTS-SP1-aarch64-dvd.iso** file and **openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum** verification file as examples. Modify them based on the actual requirements. 1. Download the ISO release package. @@ -181,7 +185,7 @@ Configure an online yum source by directly obtaining the online openEuler repo s 3. Click the link provided after **Download ISO**. The download list is displayed. - 4. Select the version to be downloaded, for example, openEuler 20.03 LTS. Then, click **openEuler-20.09**. The download list is displayed. + 4. Select the version to be downloaded, for example, openEuler 20.03 LTS SP1. Then, click **openEuler-20.03-LTS-SP1**. The download list is displayed. 5. Click **ISO**. The ISO download list is displayed. @@ -191,9 +195,9 @@ Configure an online yum source by directly obtaining the online openEuler repo s 6. Click **aarch64**. - 7. Click **openEuler-20.09-aarch64-dvd.iso** to download the openEuler release package to the local host. + 7. Click **openEuler-20.03-LTS-SP1-aarch64-dvd.iso** to download the openEuler release package to the local host. - 8. Click **openEuler-20.09-aarch64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. + 8. Click **openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. 9. Log in to the openEuler OS and create a directory for storing the release package and verification file, for example, ~/iso\*\*. @@ -211,7 +215,7 @@ Configure an online yum source by directly obtaining the online openEuler repo s 3. Click the link provided after **Download ISO**. The download list is displayed. - 4. Select the version to be downloaded, for example, openEuler 20.09. Then, click **openEuler-20.09**. The download list is displayed. + 4. Select the version to be downloaded, for example, openEuler 20.03 LTS SP1. Then, click **openEuler-20.03-LTS-SP1**. The download list is displayed. 5. Click **ISO**. The ISO download list is displayed. @@ -221,9 +225,9 @@ Configure an online yum source by directly obtaining the online openEuler repo s 6. Click **aarch64**. - 7. Right-click **openEuler-20.09-aarch64-dvd.iso** and choose **Copy URL** from the shortcut menu to copy the address of the openEuler release package. + 7. Right-click **openEuler-20.03-LTS-SP1-aarch64-dvd.iso** and choose **Copy URL** from the shortcut menu to copy the address of the openEuler release package. - 8. Right-click **openEuler-20.09-aarch64-dvd.iso.sha256sum** and choose **Copy URL** from the shortcut menu to copy the address of the openEuler verification file. + 8. Right-click **openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum** and choose **Copy URL** from the shortcut menu to copy the address of the openEuler verification file. 9. Log in to the openEuler OS, create a directory (for example, **~/iso**) for storing the release package and verification file, and switch to the directory. @@ -244,13 +248,13 @@ Configure an online yum source by directly obtaining the online openEuler repo s 1. Obtain the verification value in the verification file. ``` - $ cat openEuler-20.09-aarch64-dvd.iso.sha256sum + $ cat openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum ``` 2. Calculate the SHA256 verification value of the openEuler release package. ``` - $ sha256sum openEuler-20.09-aarch64-dvd.iso + $ sha256sum openEuler-20.03-LTS-SP1-aarch64-dvd.iso ``` After the command is run, the verification value is displayed. @@ -266,7 +270,7 @@ Configure an online yum source by directly obtaining the online openEuler repo s The following is an example: ``` - # mount /home/iso/openEuler-20.09-aarch64-dvd.iso /mnt/ + # mount /home/iso/openEuler-20.03-LTS-SP1-aarch64-dvd.iso /mnt/ ``` The mounted **mnt** directory is as follows: @@ -290,24 +294,28 @@ Configure an online yum source by directly obtaining the online openEuler repo s ``` $ cd /etc/yum.repos.d $ ls - openEuler.repo + openEuler_aarch64.repo ``` 6. Edit the **openEuler\_aarch64.repo** file as the **root** user. Configure the local openEuler repo source created in step [3](#li6236932222) as the yum source. ``` - # vi openEuler.repo + # vi openEuler_aarch64.repo ``` Edit the **openEuler\_aarch64.repo** file as follows: ``` - [localosrepo] + [localosrepo] + name=localosrepo + baseurl=file:///mnt + enabled=1 + gpgcheck=1 - gpgkey=file:///mnt/RPM-GPG-KEY-openEuler + gpgkey=file:///mnt/RPM-GPG-KEY-openEuler ``` ## Installing the Software Package @@ -336,13 +344,13 @@ Install the software required for development. The software required varies in d $ dnf makecache ``` -4. Query the JDK software package that can be installed. +4. Run the following command to query the JDK software packages that can be installed: ``` $ dnf search jdk | grep jdk ``` - View the command output and install the **java-x.x.x-openjdk-devel.aarch64** software package. **x.x.x** indicates the version number. + View the command output and install the **java-x.x.x-openjdk-devel.aarch64** software package. **x.x.x** indicates the version number. OpenJDK 1.8, OpenJDK 11, and the latest OpenJDK are supported. 5. Install the JDK software package as the **root** user. The following uses the **java-1.8.0-openjdk-devel** software package as an example. diff --git a/content/en/docs/ApplicationDev/public_sys-resources/icon-caution.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-caution.gif similarity index 100% rename from content/en/docs/ApplicationDev/public_sys-resources/icon-caution.gif rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-caution.gif diff --git a/content/en/docs/ApplicationDev/public_sys-resources/icon-danger.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-danger.gif similarity index 100% rename from content/en/docs/ApplicationDev/public_sys-resources/icon-danger.gif rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-danger.gif diff --git a/content/en/docs/ApplicationDev/public_sys-resources/icon-note.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-note.gif similarity index 100% rename from content/en/docs/ApplicationDev/public_sys-resources/icon-note.gif rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-note.gif diff --git a/content/en/docs/ApplicationDev/public_sys-resources/icon-notice.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-notice.gif similarity index 100% rename from content/en/docs/ApplicationDev/public_sys-resources/icon-notice.gif rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-notice.gif diff --git a/content/en/docs/ApplicationDev/public_sys-resources/icon-tip.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-tip.gif similarity index 100% rename from content/en/docs/ApplicationDev/public_sys-resources/icon-tip.gif rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-tip.gif diff --git a/content/en/docs/ApplicationDev/public_sys-resources/icon-warning.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-warning.gif similarity index 100% rename from content/en/docs/ApplicationDev/public_sys-resources/icon-warning.gif rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-warning.gif diff --git a/content/en/docs/ApplicationDev/using-gcc-for-compilation.md b/docs/en/docs/ApplicationDev/using-gcc-for-compilation.md similarity index 99% rename from content/en/docs/ApplicationDev/using-gcc-for-compilation.md rename to docs/en/docs/ApplicationDev/using-gcc-for-compilation.md index 173ff7bd287c0671f1bf091738445f8c6eff8731..bd66aaf38282ff97ec281d35e0af4dfb933f0e17 100644 --- a/content/en/docs/ApplicationDev/using-gcc-for-compilation.md +++ b/docs/en/docs/ApplicationDev/using-gcc-for-compilation.md @@ -312,7 +312,7 @@ If you choose to search for a DLL, to ensure that the DLL can be linked when the $ export LD\_LIBRARY\_PATH=libraryDIR:$LD\_LIBRARY\_PATH - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >**LD\_LIBRARY\_PATH** is an environment variable of the DLL. If the DLL is not in the default directories \(**/lib** and **/usr/lib**\), you need to specify the environment variable **LD\_LIBRARY\_PATH**. - Add the DLL path **libaryDIR** to **/etc/ld.so.conf** and run **ldconfig**, or use the DLL path **libaryDIR** as a parameter to run **ldconfig**. diff --git a/content/en/docs/ApplicationDev/using-jdk-for-compilation.md b/docs/en/docs/ApplicationDev/using-jdk-for-compilation.md similarity index 100% rename from content/en/docs/ApplicationDev/using-jdk-for-compilation.md rename to docs/en/docs/ApplicationDev/using-jdk-for-compilation.md diff --git a/content/en/docs/ApplicationDev/using-make-for-compilation.md b/docs/en/docs/ApplicationDev/using-make-for-compilation.md similarity index 100% rename from content/en/docs/ApplicationDev/using-make-for-compilation.md rename to docs/en/docs/ApplicationDev/using-make-for-compilation.md diff --git a/content/en/docs/Container/appendix-1.md b/docs/en/docs/Container/appendix-1.md similarity index 100% rename from content/en/docs/Container/appendix-1.md rename to docs/en/docs/Container/appendix-1.md diff --git a/content/en/docs/Container/appendix-2.md b/docs/en/docs/Container/appendix-2.md similarity index 99% rename from content/en/docs/Container/appendix-2.md rename to docs/en/docs/Container/appendix-2.md index 483c1d83b6e4135f70aafb888058366c50342ace..5f8bd66983e6f629d444b4266394a13fde79ac44 100644 --- a/content/en/docs/Container/appendix-2.md +++ b/docs/en/docs/Container/appendix-2.md @@ -6,7 +6,7 @@ ## configuration.toml ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The value of each field in the **configuration.toml** file is subject to the **configuration.toml** file in the **kata-containers-<**_version_**\>.rpm package**. You cannot set any field in the configuration file. ``` @@ -127,7 +127,7 @@ experimental: enables the experimental feature, which does not support user-defi -

Name

@@ -912,86 +1045,36 @@ Use the specified project file to search the dynamic space for parameters and fi The following is an example of the YAML file configuration on a server: ``` -project: "example" -maxiterations: 10 +project: "compress" +maxiterations: 500 startworkload: "" stopworkload: "" object : - - name : "vm.swappiness" + name : "compressLevel" info : - desc : "the vm.swappiness" - get : "sysctl -a | grep vm.swappiness" - set : "sysctl -w vm.swappiness=$value" - needrestart: "false" + desc : "The compresslevel parameter is an integer from 1 to 9 controlling the level of compression" + get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressLevel=' | awk -F '=' '{print $2}'" + set : "sed -i 's/compressLevel=\\s*[0-9]*/compressLevel=$value/g' /root/A-Tune/examples/tuning/compress/compress.py" + needrestart : "false" type : "continuous" scope : - - 0 - - 10 - ref : 1 - - - name : "irqbalance" - info : - desc : "system irqbalance" - get : "systemctl status irqbalance" - set : "systemctl $value sysmonitor;systemctl $value irqbalance" - needrestart: "false" - type : "discrete" - options: - - "start" - - "stop" - dtype : "string" - ref : "start" - - - name : "net.tcp_min_tso_segs" - info : - desc : "the minimum tso number" - get : "cat /proc/sys/net/ipv4/tcp_min_tso_segs" - set : "echo $value > /proc/sys/net/ipv4/tcp_min_tso_segs" - needrestart: "false" - type : "continuous" - scope: - 1 - - 16 - ref : 2 + - 9 + dtype : "int" - - name : "prefetcher" + name : "compressMethod" info : - desc : "" - get : "cat /sys/class/misc/prefetch/policy" - set : "echo $value > /sys/class/misc/prefetch/policy" - needrestart: "false" + desc : "The compressMethod parameter is a string controlling the compression method" + get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressMethod=' | awk -F '=' '{print $2}' | sed 's/\"//g'" + set : "sed -i 's/compressMethod=\\s*[0-9,a-z,\"]*/compressMethod=\"$value\"/g' /root/A-Tune/examples/tuning/compress/compress.py" + needrestart : "false" type : "discrete" - options: - - "0" - - "15" + options : + - "bz2" + - "zlib" + - "gzip" dtype : "string" - ref : "15" - - - name : "kernel.sched_min_granularity_ns" - info : - desc : "Minimal preemption granularity for CPU-bound tasks" - get : "sysctl kernel.sched_min_granularity_ns" - set : "sysctl -w kernel.sched_min_granularity_ns=$value" - needrestart: "false" - type : "continuous" - scope: - - 5000000 - - 50000000 - ref : 10000000 - - - name : "kernel.sched_latency_ns" - info : - desc : "" - get : "sysctl kernel.sched_latency_ns" - set : "sysctl -w kernel.sched_latency_ns=$value" - needrestart: "false" - type : "continuous" - scope: - - 10000000 - - 100000000 - ref : 16000000 - ```    @@ -999,17 +1082,25 @@ object : The following is an example of the YAML file configuration on a client: ``` -project: "example" -iterations : 10 -benchmark : "sh /home/Benchmarks/mysql/tunning_mysql.sh" +project: "compress" +engine : "gbrt" +iterations : 20 +random_starts : 10 + +benchmark : "python3 /root/A-Tune/examples/tuning/compress/compress.py" evaluations : - - name: "tps" + name: "time" + info: + get: "echo '$out' | grep 'time' | awk '{print $3}'" + type: "positive" + weight: 20 + - + name: "compress_ratio" info: - get: "echo -e '$out' |grep 'transactions:' |awk '{print $3}' | cut -c 2-" + get: "echo '$out' | grep 'compress_ratio' | awk '{print $3}'" type: "negative" - weight: 100 - threshold: 100 + weight: 80 ```    @@ -1019,13 +1110,13 @@ evaluations : - Perform tuning. ``` - # atune-adm tuning example-client.yaml + # atune-adm tuning --project compress --detail compress_client.yaml ``` -- Restore the initial configuration before tuning. The example value is the project name in the YAML file. +- Restore the initial configuration before tuning. The compress is the project name in the YAML file. ``` - # atune-adm tuning --restore --project example + # atune-adm tuning --restore --project compress ``` diff --git a/content/en/docs/A-Tune/faqs.md b/docs/en/docs/A-Tune/faqs.md similarity index 100% rename from content/en/docs/A-Tune/faqs.md rename to docs/en/docs/A-Tune/faqs.md diff --git a/content/en/docs/A-Tune/figures/en-us_image_0213178479.png b/docs/en/docs/A-Tune/figures/en-us_image_0213178479.png similarity index 100% rename from content/en/docs/A-Tune/figures/en-us_image_0213178479.png rename to docs/en/docs/A-Tune/figures/en-us_image_0213178479.png diff --git a/content/en/docs/A-Tune/figures/en-us_image_0213178480.png b/docs/en/docs/A-Tune/figures/en-us_image_0213178480.png similarity index 100% rename from content/en/docs/A-Tune/figures/en-us_image_0213178480.png rename to docs/en/docs/A-Tune/figures/en-us_image_0213178480.png diff --git a/content/en/docs/A-Tune/figures/en-us_image_0214540398.png b/docs/en/docs/A-Tune/figures/en-us_image_0214540398.png similarity index 100% rename from content/en/docs/A-Tune/figures/en-us_image_0214540398.png rename to docs/en/docs/A-Tune/figures/en-us_image_0214540398.png diff --git a/content/en/docs/A-Tune/figures/en-us_image_0227497000.png b/docs/en/docs/A-Tune/figures/en-us_image_0227497000.png similarity index 100% rename from content/en/docs/A-Tune/figures/en-us_image_0227497000.png rename to docs/en/docs/A-Tune/figures/en-us_image_0227497000.png diff --git a/docs/en/docs/A-Tune/figures/en-us_image_0227497343.png b/docs/en/docs/A-Tune/figures/en-us_image_0227497343.png new file mode 100644 index 0000000000000000000000000000000000000000..a8654b170295b4b0be3c37187e4b227ca635fbc0 Binary files /dev/null and b/docs/en/docs/A-Tune/figures/en-us_image_0227497343.png differ diff --git a/content/en/docs/A-Tune/figures/en-us_image_0231122163.png b/docs/en/docs/A-Tune/figures/en-us_image_0231122163.png similarity index 100% rename from content/en/docs/A-Tune/figures/en-us_image_0231122163.png rename to docs/en/docs/A-Tune/figures/en-us_image_0231122163.png diff --git a/docs/en/docs/A-Tune/figures/en-us_image_0245342444.png b/docs/en/docs/A-Tune/figures/en-us_image_0245342444.png new file mode 100644 index 0000000000000000000000000000000000000000..10f0fceb42c00c80ef49decdc0c480eb04c2ca6d Binary files /dev/null and b/docs/en/docs/A-Tune/figures/en-us_image_0245342444.png differ diff --git a/docs/en/docs/A-Tune/getting-to-know-a-tune.md b/docs/en/docs/A-Tune/getting-to-know-a-tune.md new file mode 100644 index 0000000000000000000000000000000000000000..5867f7f0a2105f3a469fd6cc5e8a86693f4aec6b --- /dev/null +++ b/docs/en/docs/A-Tune/getting-to-know-a-tune.md @@ -0,0 +1,281 @@ +# Getting to Know A-Tune + +- [Getting to Know A-Tune](#getting-to-know-a-tune) + - [Introduction](#introduction) + - [Architecture](#architecture) + - [Supported Features and Service Models](#supported-features-and-service-models) + + + +## Introduction + +An operating system \(OS\) is basic software that connects applications and hardware. It is critical for users to adjust OS and application configurations and make full use of software and hardware capabilities to achieve optimal service performance. However, numerous workload types and varied applications run on the OS, and the requirements on resources are different. Currently, the application environment composed of hardware and software involves more than 7000 configuration objects. As the service complexity and optimization objects increase, the time cost for optimization increases exponentially. As a result, optimization efficiency decreases sharply. Optimization becomes complex and brings great challenges to users. + +Second, as infrastructure software, the OS provides a large number of software and hardware management capabilities. The capability required varies in different scenarios. Therefore, capabilities need to be enabled or disabled depending on scenarios, and a combination of capabilities will maximize the optimal performance of applications. + +In addition, the actual business embraces hundreds and thousands of scenarios, and each scenario involves a wide variety of hardware configurations for computing, network, and storage. The lab cannot list all applications, business scenarios, and hardware combinations. + +To address the preceding challenges, openEuler launches A-Tune. + +A-Tune is an AI-based engine that optimizes system performance. It uses AI technologies to precisely profile business scenarios, discover and infer business characteristics, so as to make intelligent decisions, match with the optimal system parameter configuration combination, and give recommendations, ensuring the optimal business running status. + +![](figures/en-us_image_0227497000.png) + +## Architecture + +The following figure shows the A-Tune core technical architecture, which consists of intelligent decision-making, system profile, and interaction system. + +- Intelligent decision-making layer: consists of the awareness and decision-making subsystems, which implements intelligent awareness of applications and system optimization decision-making, respectively. +- System profile layer: consists of the feature engineering and two-layer classification model. The feature engineering is used to automatically select service features, and the two-layer classification model is used to learn and classify service models. +- Interaction system layer: monitors and configures various system resources and executes optimization policies. + +![](figures/en-us_image_0227497343.png) + +## Supported Features and Service Models + +### Supported Features + +[Table 1](#table1919220557576) describes the main features supported by A-Tune, feature maturity, and usage suggestions. + +**Table 1** Feature maturity + + + + + + + + + + + + + + + + + + + +

Feature

+

Maturity

+

Usage Suggestion

+

Auto optimization of 15 applications in 11 workload types

+

Tested

+

Pilot

+

User-defined profile and service models

+

Tested

+

Pilot

+

Automatic parameter optimization

+

Tested

+

Pilot

+
+ + +### Supported Service Models + +Based on the workload characteristics of applications, A-Tune classifies services into 11 types. For details about the bottleneck of each type and the applications supported by A-Tune, see [Table 2](#table2819164611311). + +**Table 2** Supported workload types and applications + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

Service + category

+ 		+

Type

+ 		+

Bottleneck

+ 		+

Supported + Application

+
+

default

+ 		+

Default type

+ 		+

Low resource usage in + terms of cpu, memory, network, and I/O

+ 		+

N/A

+
+

webserver

+ 		+

Web application

+ 		+

Bottlenecks of cpu and + network

+ 		+

Nginx, Apache + Traffic Server

+
+

database

+ 		+

Database

+ 		Bottlenecks of + cpu, memory, and I/O + +

Mongodb, Mysql, + Postgresql, Mariadb +

+
+

big_data

+ 		+

Big data

+ 		+

Bottlenecks of + cpu and memory

+ 		+

Hadoop-hdfs, + Hadoop-spark

+
+

middleware

+ 		+

Middleware framework

+ 		+

Bottlenecks of cpu and + network

+ 		+

Dubbo

+
+

in-memory_database

+ 		+

Memory database

+ 		+

Bottlenecks of memory + and I/O

+ 		+

Redis

+
+

basic-test-suite

+ 		+

Basic test suite

+ 		+

Bottlenecks of cpu and + memory

+ 		+

SPECCPU2006, + SPECjbb2015

+
+

hpc

+ 		+

Human genome

+ 		+

Bottlenecks of cpu, + memory, and I/O

+ 		+

Gatk4

+
+

storage

+ 		+

Storage

+ 		+

Bottlenecks of + network, and I/O

+ 		+

Ceph

+
+

virtualization

+ 		+

Virtualization

+ 		+

Bottlenecks of cpu, + memory, and I/O

+ 		+

Consumer-cloud, + Mariadb

+
+

docker

+ 		+

Docker

+ 		+

Bottlenecks of cpu, + memory, and I/O

+ 		+

Mariadb

+
+ + diff --git a/content/en/docs/A-Tune/installation-and-deployment.md b/docs/en/docs/A-Tune/installation-and-deployment.md similarity index 31% rename from content/en/docs/A-Tune/installation-and-deployment.md rename to docs/en/docs/A-Tune/installation-and-deployment.md index 96a1e025d01cdf9261809680afb1e6e42115feaf..a65c40a58d55796ffd49b323280f49a2b04e5cdc 100644 --- a/content/en/docs/A-Tune/installation-and-deployment.md +++ b/docs/en/docs/A-Tune/installation-and-deployment.md @@ -10,6 +10,7 @@ This chapter describes how to install and deploy A-Tune. - [Installation Procedure](#installation-procedure) - [A-Tune Deployment](#a-tune-deployment) - [Starting A-Tune](#starting-a-tune) + - [Starting A-Tune engine](#starting-a-tune-engine) @@ -47,7 +48,7 @@ A-Tune can be installed in single-node or distributed mode. The installation modes are as follows: -![](figures/en-us_image_0231122163.png) +![](./figures/en-us_image_0231122163.png)    @@ -84,16 +85,17 @@ To install the A-Tune, perform the following steps: ``` -4. Install an A-Tune server. +4. Install an A-Tune server. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >In this step, both the server and client software packages are installed. For the single-node deployment, skip **Step 5**. ``` # yum install atune -y + # yum install atune-engine -y ``` -5. For a distributed mode, install an A-Tune client. +5. For a distributed mode, install an A-Tune client on associated server. ``` # yum install atune-client -y @@ -106,8 +108,9 @@ To install the A-Tune, perform the following steps: atune-client-xxx atune-db-xxx atune-xxx + atune-engine-xxx ``` - + If the preceding information is displayed, the installation is successful. @@ -121,16 +124,37 @@ This chapter describes how to deploy A-Tune. The configuration items in the A-Tune configuration file **/etc/atuned/atuned.cnf** are described as follows: -- A-Tune service startup configuration +- A-Tune service startup configuration You can modify the parameter value as required. - **protocol**: Protocol used by the gRPC service. The value can be **unix** or **tcp**. **unix** indicates the local socket communication mode, and **tcp** indicates the socket listening port mode. The default value is **unix**. - - **address**: Listening IP address of the gRPC service. The default value is **unix socket**. If the gRPC service is deployed in distributed mode, change the value to the listening IP address. - - **port**: Listening port of the gRPC server. The value ranges from 0 to 65535. If **protocol** is set to **unix**, you do not need to set this parameter. - - **rest\_port**: Listening port of the system REST service. The value ranges from 0 to 65535. - - **sample\_num**: Number of samples collected when the system executes the analysis process. + - **port**: Listening port of the gRPC server. The value ranges from 0 to 65535. If **protocol** is set to **unix**, you do not need to set this parameter. + - **connect**: IP address list of the nodes where the A-Tune is located when the A-Tune is deployed in a cluster. IP addresses are separated by commas (,). + - **rest_host**: Listening address of the REST service. The default value is localhost. + - **rest_port**: Listening port of the REST service. The value ranges from 0 to 65535. The default value is 8383. + - **engine_host**: IP address for connecting to the A-Tune engine service of the system. + - **engine_port**: Port for connecting to the A-Tune engine service of the system. + - **sample_num**: Number of samples collected when the system executes the analysis process. The default value is 20. + - **interval**: Interval for collecting samples when the system executes the analysis process. The default value is 5s. + - **grpc_tls**: Indicates whether to enable SSL/TLS certificate verification for the gRPC service. By default, this function is disabled. After grpc_tls is enabled, you need to set the following environment variables before running the **atune-adm** command to communicate with the server: + - export ATUNE_TLS=yes + - export ATUNED_CACERT=\ + - export ATUNED_CLIENTCERT=\ + - export ATUNED_CLIENTKEY=\ + - export ATUNED_SERVERCN=server + - **tlsservercafile**: Path of the gPRC server's CA certificate. + - **tlsservercertfile**: Path of the gPRC server certificate. + - **tlsserverkeyfile**: Path of the gPRC server key. + - **rest_tls**: Indicates whether to enable SSL/TLS certificate verification for the REST service. This function is enabled by default. + - **tlsrestcacertfile**: Path of the server's CA certificate of the REST service. + - **tlsrestservercertfile**: Path of the server certificate of the REST service. + - **tlsrestserverkeyfile**: Indicates the key path of the REST service. + - **engine_tls**: Indicates whether to enable SSL/TLS certificate verification for the A-Tune engine service. This function is enabled by default.. + - **tlsenginecacertfile**: Path of the client CA certificate of the A-Tune engine service. + - **tlsengineclientcertfile**: Client certificate path of the A-Tune engine service. + - **tlsengineclientkeyfile**: Client key path of the A-Tune engine service. - System information @@ -139,104 +163,199 @@ The configuration items in the A-Tune configuration file **/etc/atuned/atuned.c - **disk**: Disk information to be collected during the analysis process or specified disk during disk optimization. - **network**: NIC information to be collected during the analysis process or specified NIC during NIC optimization. - **user**: User name used for ulimit optimization. Currently, only the user **root** is supported. - - **tls**: SSL/TLS certificate verification for the gRPC and HTTP services of A-Tune. This is disabled by default. After TLS is enabled, you need to set the following environment variables before running the **atune-adm** command to communicate with the server: - - export ATUNE\_TLS=yes - - export ATUNE\_CLICERT= - - - **tlsservercertfile**: path of the gPRC server certificate. - - **tlsserverkeyfile**: gPRC server key path. - - **tlshttpcertfile**: HTTP server certificate path. - - **tlshttpkeyfile**: HTTP server key path. - - **tlshttpcacertfile**: CA certificate path of the HTTP server. - + - Log information - Change the log path and level based on the site requirements. By default, the log information is stored in **/var/log/messages**. + Change the log level as required. The default log level is info. Log information is recorded in the **/var/log/messages** file. - Monitor information Hardware information that is collected by default when the system is started. + +- Tuning information + + Tuning is the parameter information required for offline tuning. + + - **noise**: Evaluation value of Gaussian noise. + - **sel_feature**: Indicates whether to enable the function of generating the importance ranking of offline tuning parameters. By default, this function is disabled. + + +#### Example + +``` +#################################### server ############################### + # atuned config + [server] + # the protocol grpc server running on + # ranges: unix or tcp + protocol = unix + + # the address that the grpc server to bind to + # default is unix socket /var/run/atuned/atuned.sock + # ranges: /var/run/atuned/atuned.sock or ip address + address = /var/run/atuned/atuned.sock + + # the atune nodes in cluster mode, separated by commas + # it is valid when protocol is tcp + # connect = ip01,ip02,ip03 + + # the atuned grpc listening port + # the port can be set between 0 to 65535 which not be used + # port = 60001 + + # the rest service listening port, default is 8383 + # the port can be set between 0 to 65535 which not be used + rest_host = localhost + rest_port = 8383 + + # the tuning optimizer host and port, start by engine.service + # if engine_host is same as rest_host, two ports cannot be same + # the port can be set between 0 to 65535 which not be used + engine_host = localhost + engine_port = 3838 + + # when run analysis command, the numbers of collected data. + # default is 20 + sample_num = 20 + + # interval for collecting data, default is 5s + interval = 5 + + # enable gRPC authentication SSL/TLS + # default is false + # grpc_tls = false + # tlsservercafile = /etc/atuned/grpc_certs/ca.crt + # tlsservercertfile = /etc/atuned/grpc_certs/server.crt + # tlsserverkeyfile = /etc/atuned/grpc_certs/server.key + + # enable rest server authentication SSL/TLS + # default is true + rest_tls = true + tlsrestcacertfile = /etc/atuned/rest_certs/ca.crt + tlsrestservercertfile = /etc/atuned/rest_certs/server.crt + tlsrestserverkeyfile = /etc/atuned/rest_certs/server.key + + # enable engine server authentication SSL/TLS + # default is true + engine_tls = true + tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt + tlsengineclientcertfile = /etc/atuned/engine_certs/client.crt + tlsengineclientkeyfile = /etc/atuned/engine_certs/client.key + + + #################################### log ############################### + [log] + # either "debug", "info", "warn", "error", "critical", default is "info" + level = info + + #################################### monitor ############################### + [monitor] + # with the module and format of the MPI, the format is {module}_{purpose} + # the module is Either "mem", "net", "cpu", "storage" + # the purpose is "topo" + module = mem_topo, cpu_topo + + #################################### system ############################### + # you can add arbitrary key-value here, just like key = value + # you can use the key in the profile + [system] + # the disk to be analysis + disk = sda + + # the network to be analysis + network = enp189s0f0 + + user = root + + #################################### tuning ############################### + # tuning configs + [tuning] + noise = 0.000000001 + sel_feature = false +``` + +The configuration items in the configuration file **/etc/atuned/engine.cnf** of the A-Tune engine are described as follows: + +- Startup configuration of the A-Tune engine service + + You can modify the parameter value as required. + + - **engine_host**: Listening address of the A-Tune engine service. The default value is localhost. + - **engine_port**: Listening port of the A-Tune engine service. The value ranges from 0 to 65535. The default value is 3838. + - **engine_tls**: Indicates whether to enable SSL/TLS certificate verification for the A-Tune engine service. This function is enabled by default. + - **tlsenginecacertfile**: Path of the server CA certificate of the A-Tune engine service. + - **tlsengineservercertfile**: Path of the server certificate of the A-Tune engine service. + - **tlsengineserverkeyfile**: Server key path of the A-Tune engine service. + +- Log information + + Change the log level as required. The default log level is info. Log information is recorded in the **/var/log/messages** file. #### Example ``` -#################################### server ############################### -# atuned config -[server] -# the protocol grpc server running on -# ranges: unix or tcp -protocol = unix - -# the address that the grpc server to bind to -# default is unix socket /var/run/atuned/atuned.sock -# ranges: /var/run/atuned/atuned.sock or ip -address = /var/run/atuned/atuned.sock - -# the atuned grpc listening port, default is 60001 -# the port can be set between 0 to 65535 which not be used -port = 60001 - -# the rest service listening port, default is 8383 -# the port can be set between 0 to 65535 which not be used -rest_port = 8383 - -# when run analysis command, the numbers of collected data. -# default is 20 -sample_num = 20 - -# Enable gRPC and http server authentication SSL/TLS -# default is false -# tls = true -# tlsservercertfile = /etc/atuned/server.pem -# tlsserverkeyfile = /etc/atuned/server.key -# tlshttpcertfile = /etc/atuned/http/server.pem -# tlshttpkeyfile = /etc/atuned/http/server.key -# tlshttpcacertfile = /etc/atuned/http/cacert.pem - -#################################### log ############################### -# Either "debug", "info", "warn", "error", "critical", default is "info" -level = info - -#################################### monitor ############################### -[monitor] -# With the module and format of the MPI, the format is {module}_{purpose} -# The module is Either "mem", "net", "cpu", "storage" -# The purpose is "topo" -module = mem_topo, cpu_topo - -#################################### system ############################### -# you can add arbitrary key-value here, just like key = value -# you can use the key in the profile -[system] -# the disk to be analysis -disk = sda - -# the network to be analysis -network = enp189s0f0 - -user = root +#################################### engine ############################### + [server] + # the tuning optimizer host and port, start by engine.service + # if engine_host is same as rest_host, two ports cannot be same + # the port can be set between 0 to 65535 which not be used + engine_host = localhost + engine_port = 3838 + + # enable engine server authentication SSL/TLS + # default is true + engine_tls = true + tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt + tlsengineservercertfile = /etc/atuned/engine_certs/server.crt + tlsengineserverkeyfile = /etc/atuned/engine_certs/server.key + + #################################### log ############################### + [log] + # either "debug", "info", "warn", "error", "critical", default is "info" + level = info ``` ## Starting A-Tune After the A-Tune is installed, you need to start the A-Tune service. -- Start the atuned service. +- Start the atuned service. + + ``` + # systemctl start atuned + ``` + + +- Query the atuned service status. + + ``` + # systemctl status atuned + ``` + + If the following command output is displayed, the service is started successfully: + + ![](./figures/en-us_image_0214540398.png) + +## Starting A-Tune engine + +To use AI functions, you need to start the A-Tune engine service. + +- Start the atune-engine service. ``` - # systemctl start atuned + # systemctl start atune-engine ``` -- To query the status of the atuned service, run the following command: +- Query the atune-engine service status. ``` - # systemctl status atuned + # systemctl status atune-engine ``` - If the following information is displayed, the service is started successfully: + If the following command output is displayed, the service is started successfully: - ![](figures/en-us_image_0214540398.png) + ![](./figures/en-us_image_0245342444.png) diff --git a/content/en/docs/A-Tune/public_sys-resources/icon-caution.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-caution.gif similarity index 100% rename from content/en/docs/A-Tune/public_sys-resources/icon-caution.gif rename to docs/en/docs/A-Tune/public_sys-resources/icon-caution.gif diff --git a/content/en/docs/A-Tune/public_sys-resources/icon-danger.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-danger.gif similarity index 100% rename from content/en/docs/A-Tune/public_sys-resources/icon-danger.gif rename to docs/en/docs/A-Tune/public_sys-resources/icon-danger.gif diff --git a/content/en/docs/A-Tune/public_sys-resources/icon-note.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-note.gif similarity index 100% rename from content/en/docs/A-Tune/public_sys-resources/icon-note.gif rename to docs/en/docs/A-Tune/public_sys-resources/icon-note.gif diff --git a/content/en/docs/A-Tune/public_sys-resources/icon-notice.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-notice.gif similarity index 100% rename from content/en/docs/A-Tune/public_sys-resources/icon-notice.gif rename to docs/en/docs/A-Tune/public_sys-resources/icon-notice.gif diff --git a/content/en/docs/A-Tune/public_sys-resources/icon-tip.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-tip.gif similarity index 100% rename from content/en/docs/A-Tune/public_sys-resources/icon-tip.gif rename to docs/en/docs/A-Tune/public_sys-resources/icon-tip.gif diff --git a/content/en/docs/A-Tune/public_sys-resources/icon-warning.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-warning.gif similarity index 100% rename from content/en/docs/A-Tune/public_sys-resources/icon-warning.gif rename to docs/en/docs/A-Tune/public_sys-resources/icon-warning.gif diff --git a/content/en/docs/Administration/administration.md b/docs/en/docs/Administration/administration.md similarity index 100% rename from content/en/docs/Administration/administration.md rename to docs/en/docs/Administration/administration.md diff --git a/content/en/docs/Administration/basic-configuration.md b/docs/en/docs/Administration/basic-configuration.md similarity index 64% rename from content/en/docs/Administration/basic-configuration.md rename to docs/en/docs/Administration/basic-configuration.md index 65e7e6167e256f1511eef3039dd677ca70f5660e..ddfc3b374fab39612123714ad265f44b58b79dd3 100644 --- a/content/en/docs/Administration/basic-configuration.md +++ b/docs/en/docs/Administration/basic-configuration.md @@ -1,26 +1,7 @@ # Basic Configuration - - -- [Basic Configuration](#basic-configuration) - - [Setting the System Locale](#setting-the-system-locale) - - [Displaying the Current Locale Status](#displaying-the-current-locale-status) - - [Listing Available Locales](#listing-available-locales) - - [Setting the Locale](#setting-the-locale) - - [Setting the Keyboard Layout](#setting-the-keyboard-layout) - - [Displaying the Current Settings](#displaying-the-current-settings) - - [Listing Available Keyboard Layouts](#listing-available-keyboard-layouts) - - [Setting the Keyboard Layout](#setting-the-keyboard-layout-1) - - [Setting the Date and Time](#setting-the-date-and-time) - - [Using the timedatectl Command](#using-the-timedatectl-command) - - [Using the date Command](#using-the-date-command) - - [Using the hwclock Command](#using-the-hwclock-command) - - [Setting kdump](#setting-kdump) - - [Setting the Memory Reserved for kdump](#setting-the-memory-reserved-for-kdump) - - [Recommended Reserved Memory](#recommended-reserved-memory) - - [Disabling Network Drivers](#disabling-network-drivers) - - +[[toc]] + ## Setting the System Locale System locale settings are stored in the /etc/locale.conf file and can be modified by the localectl command. These settings are read at system boot by the systemd daemon. @@ -71,7 +52,7 @@ For example, if you want to use Simplified Chinese as the locale, run the follow # localectl set-locale LANG=zh_CN.UTF-8 ``` -> ![](public_sys-resources/icon-note.gif) **NOTE:** +> ![](./public_sys-resources/icon-note.gif) **NOTE:** > After the modification, log in again or run the command `source /etc/locale.conf` as the user **root** to update the configuration file for the modification to take effect: @@ -161,7 +142,7 @@ System clock synchronized: no Your system clock can be automatically synchronized with a remote server using the Network Time Protocol (NTP). Run the following command as the user **root** to enable or disable NTP. The value of _boolean_ is **yes** or **no**, indicating that the NTP is enabled or disabled for automatic system clock synchronization. Change the value based on the site requirements. -> ![](public_sys-resources/icon-note.gif) **NOTE:** +> ![](./public_sys-resources/icon-note.gif) **NOTE:** If the remote NTP server is enabled to automatically synchronize the system clock, you cannot manually change the date and time. If you need to manually change the date or time, ensure that automatic NTP system clock synchronization is disabled. You can run the **timedatectl set-ntp no** command to disable the NTP service. ``` @@ -176,7 +157,7 @@ For example, to enable automatic remote time synchronization, run the following #### Changing the Current Date -> ![](public_sys-resources/icon-note.gif) **NOTE:** +> ![](./public_sys-resources/icon-note.gif) **NOTE:** Before changing the date, ensure that automatic NTP system clock synchronization has been disabled. Run the following command as the user **root** to change the current date. In the command, _YYYY_ indicates the year, _MM_ indicates the month, and _DD_ indicates the day. Change them based on the site requirements. @@ -193,7 +174,7 @@ For example, to change the current date to August 14, 2019, run the following co #### Changing the Current Time -> ![](public_sys-resources/icon-note.gif) **NOTE:** +> ![](./public_sys-resources/icon-note.gif) **NOTE:** Before changing the time, ensure that automatic NTP system clock synchronization has been disabled. To change the current time, run the following command as the user **root**. In the command, _HH_ indicates the hour, _MM_ indicates the minute, and _SS_ indicates the second. Change them based on the site requirements. @@ -277,63 +258,20 @@ You can also customize the format of the displayed information by providing the $ date +"format" ``` -**Table 1** Formatting options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Format Option

-

Description

-

%H

-

The hour in the HH format (for example, 17)

-

%M

-

The minute in the MM format (for example, 37)

-

%S

-

The second in the SS format (for example, 25)

-

%d

-

The day of the month in the DD format (for example, 15)

-

%m

-

The month in the MM format (for example, 07)

-

%Y

-

The year in the YYYY format (for example, 2019)

-

%Z

-

The time zone abbreviation (for example, CEST)

-

%F

-

The full date in the YYYY-MM-DD format (for example, 2019-7-15). This option is equal to %Y-%m-%d.

-

%T

-

The full time in the HH:MM:SS format (for example, 18:30:25). This option is equal to %H:%M:%S.

-
+**Table 1** Formatting options + +| Format Option | Description | +| :---- | :---- | +| %H | The hour in the HH format (for example, 17) | +| %M | The minute in the MM format (for example, 37) | +| %S | The second in the SS format (for example, 25) | +| %d | The day of the month in the DD format (for example, 15) | +| %m | The month in the MM format (for example, 07) | +| %Y | The year in the YYYY format (for example, 2019) | +| %Z | The time zone abbreviation (for example, CEST) | +| %F | The full date in the YYYY-MM-DD format (for example, 2019-7-15). This option is equal to %Y-%m-%d | +| %T | The full time in the HH:MM:SS format (for example, 18:30:25). This option is equal to %H:%M:%S | + Example commands and outputs: - To display the current date and time: @@ -457,7 +395,7 @@ The memory reserved for kdump must be added to the bootargs in the **/boot/efi/E | General solution| crashkernel=2048M,high| If the memory size is less than 4 GB, 256 MB is reserved for kdump. If the memory size is greater than 4 GB, 2048 MB is reserved for kdump. 256 + 2048 MB in total.| | Economical solution| crashkernel=1024M,high| If the memory size is less than 4 GB, 256 MB is reserved for kdump. If the memory size is greater than 4 GB, 1024 MB is reserved for kdump. 256 + 1024 MB in total. It is recommended that kdump files not be dumped using the network in scenarios where the system memory size is less than 512 GB. In VM scenarios, you can reduce the reserved memory. You are advised to set crashkernel to 512M or crashkernel to 256M,high.| -> ![](public_sys-resources/icon-note.gif) **NOTE:** +> ![](./public_sys-resources/icon-note.gif) **NOTE:** > > If kdump files are not dumped using the network, you need to set the kdump file system not to pack network drivers. Loading the network driver requires a large amount of memory. As a result, the memory reserved for kdump may be insufficient and kdump may fail. Therefore, you are advised to disable network drivers. @@ -465,4 +403,24 @@ The memory reserved for kdump must be added to the bootargs in the **/boot/efi/E In the kdump configuration file **/etc/kdump.conf**, the dracut parameters can be used to set the tailored driver module. You can configure the network driver to the tailored driver list to prevent the kdump file system from loading the driver. After the configuration file is modified, restart the kdump service for the modification to take effect. Set the dracut parameters as follows: -`dracut_args --omit-drivers "mdio-gpi usb_8dev et1011c rt2x00usb bcm-phy-lib mac80211_hwsim rtl8723be rndis_host hns3_cae amd vrf rtl8192cu mt76x02-lib int51x1 ppp_deflate team_mode_loadbalance smsc911x aweth bonding mwifiex_usb hnae dnet rt2x00pci vaser_pci hdlc_ppp marvell rtl8xxxu mlxsw_i2c ath9k_htc rtl8150 smc91x cortina at803x rockchip cxgb4 spi_ks8995 mt76x2u smsc9420 mdio-cavium bnxt_en ch9200 dummy macsec ice mt7601u rtl8188ee ixgbevf net1080 liquidio_vf be2net mlxsw_switchx2 gl620a xilinx_gmii2rgmii ppp_generic rtl8192de sja1000_platform ath10k_core cc770_platform realte igb c_can_platform c_can ethoc dm9601 smsc95xx lg-vl600 ifb enic ath9 mdio-octeon ppp_mppe ath10k_pci cc770 team_mode_activebackup marvell10g hinic rt2x00lib mlx4_en iavf broadcom igc c_can_pci alx rtl8192se rtl8723ae microchip lan78xx atl1c rtl8192c-common almia ax88179_178a qed netxen_nic brcmsmac rt2800usb e1000 qla3xxx mdio-bitbang qsemi mdio-mscc-miim plx_pci ipvlan r8152 cx82310_eth slhc mt76x02-usb ems_pci xen-netfront usbnet pppoe mlxsw_minimal mlxsw_spectrum cdc_ncm rt2800lib rtl_usb hnae3 ath9k_common ath9k_hw catc mt76 hns_enet_drv ppp_async huawei_cdc_ncm i40e rtl8192ce dl2 qmi_wwan mii peak_usb plusb can-dev slcan amd-xgbe team_mode_roundrobin ste10Xp thunder_xcv pptp thunder_bgx ixgbe davicom icplus tap tun smsc75xx smsc dlci hns_dsaf mlxsw_core rt2800mmi softing uPD60620 vaser_usb dp83867 brcmfmac mwifiex_pcie mlx4_core micrel team macvlan bnx2 virtio_net rtl_pci zaurus hns_mdi libcxgb hv_netvsc nicvf mt76x0u teranetics mlxfw cdc_eem qcom-emac pppox mt76-usb sierra_net i40evf bcm87xx mwifiex pegasus rt2x00mmi sja1000 ena hclgevf cnic cxgb4vf ppp_synctty iwlmvm team_mode_broadcast vxlan vsockmon hdlc_cisc rtl8723-common bsd_comp fakelb dp83822 dp83tc811 cicada fm10 8139t sfc hs geneve hclge xgene-enet-v2 cdc_mbim hdlc asix netdevsim rt2800pci team_mode_random lxt ems_usb mlxsw_pci sr9700 mdio-thunder mlxsw_switchib macvtap atlantic cdc_ether mcs7830 nicpf mdi peak_pci atl1e cdc_subset ipvtap btcoexist mt76x0-common veth slip iwldvm bcm7xxx vitesse netconsole epic100 myri10ge r8169 qede microchip_t1 liquidi bnx2x brcmutil mwifiex_sdi mlx5_core rtlwifi vmxnet3 nlmon hns3 hdlc_raw esd_usb2 atl2 mt76x2-common iwlwifi mdio-bcm-unimac national ath rtwpci rtw88 nfp rtl8821ae fjes thunderbolt-net 8139cp atl1 mscc vcan dp83848 dp83640 hdlc_fr e1000e ipheth net_failover aquantia rtl8192ee igbvf rocker intel-xway tg3" --omit "ramdisk network ifcfg qemu-net" --install "chmod" --nofscks` \ No newline at end of file +`dracut_args --omit-drivers "mdio-gpi usb_8dev et1011c rt2x00usb bcm-phy-lib mac80211_hwsim rtl8723be rndis_host hns3_cae amd vrf rtl8192cu mt76x02-lib int51x1 ppp_deflate team_mode_loadbalance smsc911x aweth bonding mwifiex_usb hnae dnet rt2x00pci vaser_pci hdlc_ppp marvell rtl8xxxu mlxsw_i2c ath9k_htc rtl8150 smc91x cortina at803x rockchip cxgb4 spi_ks8995 mt76x2u smsc9420 mdio-cavium bnxt_en ch9200 dummy macsec ice mt7601u rtl8188ee ixgbevf net1080 liquidio_vf be2net mlxsw_switchx2 gl620a xilinx_gmii2rgmii ppp_generic rtl8192de sja1000_platform ath10k_core cc770_platform realte igb c_can_platform c_can ethoc dm9601 smsc95xx lg-vl600 ifb enic ath9 mdio-octeon ppp_mppe ath10k_pci cc770 team_mode_activebackup marvell10g hinic rt2x00lib mlx4_en iavf broadcom igc c_can_pci alx rtl8192se rtl8723ae microchip lan78xx atl1c rtl8192c-common almia ax88179_178a qed netxen_nic brcmsmac rt2800usb e1000 qla3xxx mdio-bitbang qsemi mdio-mscc-miim plx_pci ipvlan r8152 cx82310_eth slhc mt76x02-usb ems_pci xen-netfront usbnet pppoe mlxsw_minimal mlxsw_spectrum cdc_ncm rt2800lib rtl_usb hnae3 ath9k_common ath9k_hw catc mt76 hns_enet_drv ppp_async huawei_cdc_ncm i40e rtl8192ce dl2 qmi_wwan mii peak_usb plusb can-dev slcan amd-xgbe team_mode_roundrobin ste10Xp thunder_xcv pptp thunder_bgx ixgbe davicom icplus tap tun smsc75xx smsc dlci hns_dsaf mlxsw_core rt2800mmi softing uPD60620 vaser_usb dp83867 brcmfmac mwifiex_pcie mlx4_core micrel team macvlan bnx2 virtio_net rtl_pci zaurus hns_mdi libcxgb hv_netvsc nicvf mt76x0u teranetics mlxfw cdc_eem qcom-emac pppox mt76-usb sierra_net i40evf bcm87xx mwifiex pegasus rt2x00mmi sja1000 ena hclgevf cnic cxgb4vf ppp_synctty iwlmvm team_mode_broadcast vxlan vsockmon hdlc_cisc rtl8723-common bsd_comp fakelb dp83822 dp83tc811 cicada fm10 8139t sfc hs geneve hclge xgene-enet-v2 cdc_mbim hdlc asix netdevsim rt2800pci team_mode_random lxt ems_usb mlxsw_pci sr9700 mdio-thunder mlxsw_switchib macvtap atlantic cdc_ether mcs7830 nicpf mdi peak_pci atl1e cdc_subset ipvtap btcoexist mt76x0-common veth slip iwldvm bcm7xxx vitesse netconsole epic100 myri10ge r8169 qede microchip_t1 liquidi bnx2x brcmutil mwifiex_sdi mlx5_core rtlwifi vmxnet3 nlmon hns3 hdlc_raw esd_usb2 atl2 mt76x2-common iwlwifi mdio-bcm-unimac national ath rtwpci rtw88 nfp rtl8821ae fjes thunderbolt-net 8139cp atl1 mscc vcan dp83848 dp83640 hdlc_fr e1000e ipheth net_failover aquantia rtl8192ee igbvf rocker intel-xway tg3" --omit "ramdisk network ifcfg qemu-net" --install "chmod" --nofscks` + +## Setting the Disk Scheduling Algorithm + +This section describes how to set the disk scheduling algorithm. + +### Temporarily Modifying the Scheduling Policy + +For example, if all I/O scheduling algorithms are changed to **mq-deadline**, the modification becomes invalid after the system is restarted. + +``` +echo mq-deadline > /sys/block/sd*/queue/scheduler +``` + +### Permanently Setting the Scheduling Policy + +You can add **elevator=mq-deadline** to the kernel line in the kernel boot configuration file **grub.cfg**. The setting takes effect after the system is restarted. + +``` +linux /vmlinuz-4.19.90-2003.4.0.0036.oe1.x86_64 root=/dev/mapper/openeuler-root ro resume=/dev/mapper/openeuler-swap rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap quiet crashkernel=512M elevator=mq-deadline +``` \ No newline at end of file diff --git a/content/en/docs/Administration/configuring-services.md b/docs/en/docs/Administration/configuring-services.md similarity index 100% rename from content/en/docs/Administration/configuring-services.md rename to docs/en/docs/Administration/configuring-services.md diff --git a/content/en/docs/Administration/configuring-the-ftp-server.md b/docs/en/docs/Administration/configuring-the-ftp-server.md similarity index 99% rename from content/en/docs/Administration/configuring-the-ftp-server.md rename to docs/en/docs/Administration/configuring-the-ftp-server.md index 98104b86eed332120d8b8de539b866cb996812bb..e841f0f63bc612e9e07973d8ae8e67c8f11cd14d 100644 --- a/content/en/docs/Administration/configuring-the-ftp-server.md +++ b/docs/en/docs/Administration/configuring-the-ftp-server.md @@ -87,7 +87,7 @@ To start, stop, or restart the vsftpd service, run the corresponding command as tcp6 0 0 :::21 :::* LISTEN 19716/vsftpd ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >If the **netstat** command does not exist, run the **dnf install net-tools** command to install the **net-tools** software and then run the **netstat** command. - Stopping the vsftpd services @@ -170,7 +170,7 @@ You can modify the vsftpd configuration file to control user permissions. [Tabl ### Default Configuration Description ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The configuration content in this document is for reference only. You can modify the content based on the site requirements \(for example, security hardening requirements\). In the openEuler system, vsftpd does not open to anonymous users by default. Run the vim command to view the main configuration file. The content is as follows: @@ -385,7 +385,7 @@ ftp> bye 221 Goodbye. ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If the **ftp** command does not exist, run the **dnf install ftp** command as the **root** user to install the **ftp** software and then run the **ftp** command. ## Configuring a Firewall @@ -478,7 +478,7 @@ Generally, the get or mget command is used to download files. ftp> mget *.* ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >- In this case, a message is displayed each time a file is downloaded. To block the prompt information, run the **prompt off** command before running the **mget \*.\*** command. >- The files are downloaded to the current directory on the Linux host. For example, if you run the ftp command in /home/myopenEuler/, all files are downloaded to /home/myopenEuler/. diff --git a/content/en/docs/Administration/configuring-the-network.md b/docs/en/docs/Administration/configuring-the-network.md similarity index 97% rename from content/en/docs/Administration/configuring-the-network.md rename to docs/en/docs/Administration/configuring-the-network.md index 370ae8c6afdd5762779bfa1bf1a3da3a14eec05a..f3d54c7151a748c0fbfbbc8787d387797339f0e4 100644 --- a/content/en/docs/Administration/configuring-the-network.md +++ b/docs/en/docs/Administration/configuring-the-network.md @@ -27,7 +27,7 @@ ### Using the nmcli Command ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The network configuration configured by running the **nmcli** command takes effect immediately and will not be lost after the system restarts. @@ -78,6 +78,25 @@ Common commands are listed as follows: # nmcli device disconnect enp3s0 ``` +#### Device Management + +##### Connecting to a Device + +Run the following command to connect NetworkManager to the corresponding network device. Try to find the proper connection configuration and activate it. + + ``` + $nmcli device connect "$IFNAME" + ``` + +> If the corresponding connection configuration does not exist, NetworkManager creates and activates a configuration file with default settings. + +##### Disconnecting to a Device + +Run the following command to disconnect NetworkManager with the network device and prevent the device from being automatically activated. + + ``` + $nmcli device disconnect "$IFNAME" + ``` #### Setting Network Connections @@ -93,7 +112,7 @@ enp3s0 c88d7b69-f529-35ca-81ab-aa729ac542fd ethernet enp3s0 virbr0 ba552da6-f014-49e3-91fa-ec9c388864fa bridge virbr0 ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >In the command output, **NAME** indicates the connection ID \(name\). After a network connection is added, the corresponding configuration file is generated and associated with the corresponding device. To check for available devices, run the following command: @@ -159,7 +178,7 @@ To add a static IPv4 network connection, run the following command: nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >To add an IPv6 address and related gateway information, use the **ip6** and **gw6** options. For example, to create a static connection configuration file named **net-static**, run the following command as the **root** user: @@ -243,27 +262,40 @@ connection.llmnr: -1 (default) ``` ##### Adding a Wi-Fi Connection +You can add the Wi-Fi connection using either of the following methods: + +**Method 1: Connect to the Wi-Fi network using a network port.** + +Connect to the Wi-Fi network specified by the SSID or BSSID. Run the following command to find a matching connection or create a connection, and then activate the connection on the device. + +``` +$ nmcli device wifi connect "$SSID" password +$ PASSWORD" ifname "$IFNAME" +$ nmcli --ask device wifi connect "$SSID" +``` + +**Method 2: Connect to the Wi-Fi network using the configuration file.** -Run the following command to check for available Wi-Fi access points: +1,Run the following command to check for available Wi-Fi access points: ``` $ nmcli dev wifi list ``` -Run the following command to generate a static IP address configuration that allows Wi-Fi connections automatically allocated by the DNS: +2,Run the following command to generate a static IP address configuration that allows Wi-Fi connections automatically allocated by the DNS: ``` $ nmcli con add con-name Wifi ifname wlan0 type wifi ssid MyWifi ip4 192.168.100.101/24 gw4 192.168.100.1 ``` -Run the following command to set a WPA2 password, for example, **answer**: +3,Run the following command to set a WPA2 password, for example, **answer**: ``` $ nmcli con modify Wifi wifi-sec.key-mgmt wpa-psk $ nmcli con modify Wifi wifi-sec.psk answer ``` -Run the following command to change the Wi-Fi status: +4,Run the following command to change the Wi-Fi status: ``` $ nmcli radio wifi [ on | off ] @@ -321,7 +353,7 @@ $ nmcli connection show id 'Wifi ' | grep mtu ### Using the ip Command ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The network configuration configured using the **ip** command takes effect immediately, but the configuration will be lost after the system restarts. @@ -413,7 +445,7 @@ In the preceding command, **192.168.2.1** is the IP address of the target netw ### Configuring the Network Through the ifcfg File ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The network configured in the **ifcfg** file does not take effect immediately. You need to run the **systemctl reload NetworkManager** command as the **root** user to restart the network service for the configuration to take effect. #### Configuring a Static Network @@ -486,7 +518,7 @@ There are three types of host names: **static**, **transient**, and **pretty* - **transient**: Dynamic host name, which is maintained by the kernel. The initial value is a static host name. The default value is **localhost**. The value can be changed when the DHCP or mDNS server is running. - **pretty**: Flexible host name, which can be set in any form \(including special characters/blanks\). Static and transient host names are subject to the general domain name restrictions. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Static and transient host names can contain only letters \(a–z and A–Z\), digits \(0–9\), hyphens \(-\), underlines \(\_\), and periods \(.\). The host names cannot start or end with a period \(.\) or contain two consecutive periods \(.\). The host name can contain a maximum of 64 characters. ### Configuring a Host Name by Running the **hostnamectl** Command @@ -498,7 +530,7 @@ Run the following command to view the current host name: $ hostnamectl status ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If no option is specified in the command, the **status** option is used by default. #### Setting All Host Names @@ -684,7 +716,7 @@ Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkMa Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8) ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If an interface is in **up** state, run the **ifdown** _enp3s0_ command to change the state to **down**. In the command, _enp3s0_ indicates the actual NIC name. After that, enable all the slave interfaces to enable the bonding \(do not set them to **Down**\). @@ -834,7 +866,7 @@ Both IPv6 and IPv4 addresses can be obtained through DHCP as the **root** user. } ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >- \: a 32-digit integer, indicating the enterprise ID. The enterprise is registered through the IANA. >- \: a 16-digit integer, indicating the length of the vendor class string. >- \: character string of the vendor class to be set, for example, HWHW. @@ -865,7 +897,7 @@ Both IPv6 and IPv4 addresses can be obtained through DHCP as the **root** user. } ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >In substring \(option dhcp6.vendor-class, 6, 10\), the start position of the substring is 6, because the substring contains four bytes of and two bytes of . The end position of the substring is 6+. In this example, the vendor class string is HWHW, and the length of the string is 4. Therefore, the end position of the substring is 6 + 4 = 10. You can specify and as required. On the server: @@ -894,7 +926,7 @@ struct sockaddr_in6 { }; ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >sin6\_scope\_id: a 32-bit integer. For the link-local address, it identifies the index of the specified interface. For the link-range sin6\_addr, it identifies the index of the specified interface. For the site-range sin6\_addr, it is used as the site identifier \(the site-local address has been discarded\). When the link-local address is used for socket communication, the interface index corresponding to the address needs to be specified when the destination address is constructed. Generally, you can use the if\_nametoindex function to convert an interface name into an interface index number. Details are as follows: @@ -945,7 +977,7 @@ PERSISTENT_DHCLIENT=yes|no|1|0 - DHCPV6C: **no** indicates that an IPv6 address is statically configured, and **yes** indicates that the DHCPv6 dhclient is enabled to dynamically obtain the IPv6 address. - PERSISTENT\_DHCLIENT: **no|0** indicates that the IPv4 dhclient process is configured as nonpersistent. If the dhclient sends a request packet to the DHCP server but does not receive any response, the dhclient exits after a period of time and the exit value is 2. **yes|1** indicates that the IPv4 dhclient process is configured to be persistent. The dhclient process repeatedly sends request packets to the DHCP server. **If PERSISTENT\_DHCLIENT is not configured, dhclient of IPv4 is set to yes|1 by default.** - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The PERSISTENT\_DHCLIENT configuration takes effect only for IPv4 and does not take effect for IPv6-related dhclient -6 processes. By default, the persistence configuration is not performed for IPv6. @@ -1298,6 +1330,6 @@ $ActionQueueType Direct $MainMsgQueueType Direct ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- In direct mode, the queue size is reduced by 1. Therefore, one log is reserved in the queue for the next log output. >- The direct mode degrades the rsyslog performance of the server. diff --git a/content/en/docs/Administration/configuring-the-repo-server.md b/docs/en/docs/Administration/configuring-the-repo-server.md similarity index 86% rename from content/en/docs/Administration/configuring-the-repo-server.md rename to docs/en/docs/Administration/configuring-the-repo-server.md index 6399f5afef0c40891d748774022984c4bd8b2fc9..ac16cca4f59dc3a2dcf03245aee896bed569b0c9 100644 --- a/content/en/docs/Administration/configuring-the-repo-server.md +++ b/docs/en/docs/Administration/configuring-the-repo-server.md @@ -1,7 +1,7 @@ # Configuring the Repo Server ->![](public_sys-resources/icon-note.gif) **NOTE:** -> openEuler provides multiple repo sources for users online. For details about the repo sources, see [System Installation](../Releasenotes/installing-the-os.html). If you cannot obtain the openEuler repo source online, you can use the ISO release package provided by openEuler to create a local openEuler repo source. This section uses the **openEuler-20.03-LTS-aarch64-dvd.iso** file as an example. Modify the ISO file as required. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> openEuler provides multiple repo sources for users online. For details about the repo sources, see [System Installation](./../Releasenotes/installing-the-os.html). If you cannot obtain the openEuler repo source online, you can use the ISO release package provided by openEuler to create a local openEuler repo source. This section uses the **openEuler-20.03-LTS-SP1-aarch64-dvd.iso** file as an example. Modify the ISO file as required. @@ -24,17 +24,17 @@ ## Overview -Create the **openEuler-20.03-LTS-aarch64-dvd.iso** file provided by openEuler as the repo source. The following uses Nginx as an example to describe how to deploy the repo source and provide the HTTP service. +Create the **openEuler-20.03-LTS-SP1-aarch64-dvd.iso** file provided by openEuler as the repo source. The following uses Nginx as an example to describe how to deploy the repo source and provide the HTTP service. ## Creating or Updating a Local Repo Source -Mount the openEuler ISO file **openEuler-20.03-LTS-aarch64-dvd.iso** to create and update a repo source. +Mount the openEuler ISO file **openEuler-20.03-LTS-SP1-aarch64-dvd.iso** to create and update a repo source. ### Obtaining the ISO File Obtain the openEuler ISO file from the following website: -[https://repo.openeuler.org/openEuler-20.03-LTS/ISO/](https://repo.openeuler.org/openEuler-20.03-LTS/ISO/) +[https://repo.openeuler.org/openEuler-20.03-LTS-SP1/ISO/](https://repo.openeuler.org/openEuler-20.03-LTS-SP1/ISO/) ### Mounting an ISO File to Create a Repo Source @@ -43,7 +43,7 @@ Run the mount command as the **root** user to mount the ISO file. The following is an example: ``` -# mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ +# mount /home/openEuler/openEuler-20.03-LTS-SP1-aarch64-dvd.iso /mnt/ ``` The mounted mnt directory is as follows: @@ -67,7 +67,7 @@ In the preceding command, **Packages** indicates the directory where the RPM p You can copy related files in the ISO file to a local directory to create a local repo source. The following is an example: ``` -# mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ +# mount /home/openEuler/openEuler-20.03-LTS-SP1-aarch64-dvd.iso /mnt/ $ mkdir -p ~/srv/repo/ $ cp -r /mnt/Packages ~/srv/repo/ $ cp -r /mnt/repodata ~/srv/repo/ @@ -99,7 +99,7 @@ You can update the repo source in either of the following ways: In this command, --update indicates the update, and --workers indicates the number of threads, which can be customized. -> ![](public_sys-resources/icon-note.gif) **NOTE:** +> ![](./public_sys-resources/icon-note.gif) **NOTE:** If the command output contains "createrepo: command not found", run the **dnf install createrepo** command as the **root** user to install the **createrepo** softeware. ## Deploying the Remote Repo Source @@ -112,7 +112,7 @@ Install openEuler OS and deploy the repo source using Nginx on openEuler OS. 2. After installing Nginx, configure /etc/nginx/nginx.conf as the **root** user. - > ![](public_sys-resources/icon-note.gif) **NOTE:** + > ![](./public_sys-resources/icon-note.gif) **NOTE:** The configuration content in this document is for reference only. You can configure the content based on the site requirements (for example, security hardening requirements). ``` @@ -172,7 +172,7 @@ The configuration content in this document is for reference only. You can config - [Figure 1](#en-us_topic_0151920971_fd25e3f1d664b4087ae26631719990a71) indicates that the Nginx service is started successfully. **Figure 1** The Nginx service is successfully started. -![](figures/the-nginx-service-is-successfully-started.png "the-nginx-service-is-successfully-started") +![](./figures/the-nginx-service-is-successfully-started.png "the-nginx-service-is-successfully-started") - If the Nginx service fails to be started, view the error information. @@ -180,8 +180,8 @@ The configuration content in this document is for reference only. You can config $ systemctl status nginx.service --full ``` - **Figure 2** Nginx startup failure - ![](figures/nginx-startup-failure.png "nginx-startup-failure") + **Figure 2** Nginx startup failure + ![](./figures/nginx-startup-failure.png "nginx-startup-failure") As shown in [Figure 2](#en-us_topic_0151920971_f1f9f3d086e454b9cba29a7cae96a4c54), the Nginx service fails to be created because the /var/spool/nginx/tmp/client\_body directory fails to be created. You need to manually create the directory as the **root** user. Similar problems are solved as follows: @@ -229,21 +229,21 @@ The configuration content in this document is for reference only. You can config 4. After the Nginx service is configured, you can use the IP address to access the web page, as shown in [Figure 3](#en-us_topic_0151921017_fig1880404110396). **Figure 3** Nginx deployment succeeded -![](figures/nginx-deployment-succeeded.png "nginx-deployment-succeeded") +![](./figures/nginx-deployment-succeeded.png "nginx-deployment-succeeded") 5. Use either of the following methods to add the repo source to the /usr/share/nginx/repo directory: - Copy related files in the image to the /usr/share/nginx/repo directory as the **root** user. ``` - # mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ + # mount /home/openEuler/openEuler-20.03-LTS-SP1-aarch64-dvd.iso /mnt/ # cp -r /mnt/Packages /usr/share/nginx/repo/ # cp -r /mnt/repodata /usr/share/nginx/repo/ # cp -r /mnt/RPM-GPG-KEY-openEuler /usr/share/nginx/repo/ # chmod -R 755 /usr/share/nginx/repo ``` - The **openEuler-20.03-LTS-aarch64-dvd.iso** file is stored in the **/home/openEuler** directory. + The **openEuler-20.03-LTS-SP1-aarch64-dvd.iso** file is stored in the **/home/openEuler** directory. - Create a soft link for the repo source in the /usr/share/nginx/repo directory as the **root** user. @@ -274,7 +274,7 @@ You can configure the built repo as the yum source and create the \*\*\*.repo co gpgkey=file:///home/openEuler/srv/repo/RPM-GPG-KEY-openEuler ``` - > ![](public_sys-resources/icon-note.gif) **NOTE:** + > ![](./public_sys-resources/icon-note.gif) **NOTE:** > > - The repoid in \[repoid\] indicates the ID of the software repository. Repoids in all .repo configuration files must be unique. In the example, repoid is set to **base**. > - **name** indicates the string that the software repository describes. @@ -298,7 +298,7 @@ You can configure the built repo as the yum source and create the \*\*\*.repo co gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler ``` - > ![](public_sys-resources/icon-note.gif) **NOTE:** + > ![](./public_sys-resources/icon-note.gif) **NOTE:** > 192.168.139.209 is an example. Replace it with the actual IP address. - If the openEuler repo source provided by openEuler is used as the yum source, the content of **openEuler.repo** is as follows (the aarch64-based OS repo source is used as an example): @@ -306,10 +306,10 @@ You can configure the built repo as the yum source and create the \*\*\*.repo co ``` [base] name=base - baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/ + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/ enabled=1 gpgcheck=1 - gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/RPM-GPG-KEY-openEuler ``` ### repo Priority diff --git a/content/en/docs/Administration/configuring-the-web-server.md b/docs/en/docs/Administration/configuring-the-web-server.md similarity index 98% rename from content/en/docs/Administration/configuring-the-web-server.md rename to docs/en/docs/Administration/configuring-the-web-server.md index 080c8e167d71925c97fd52da903bc40758e72e50..c915961e7b8231156bd3d35f4d58db3afc153345 100644 --- a/content/en/docs/Administration/configuring-the-web-server.md +++ b/docs/en/docs/Administration/configuring-the-web-server.md @@ -41,7 +41,7 @@ You can use the systemctl tool to manage the httpd service, including starting, # dnf install httpd ``` - For more information about service management, see [Service Management](service-management.html). + For more information about service management, see [Service Management](./service-management.html). - To start, stop, and restart the httpd service, you must have the root permission. @@ -61,7 +61,7 @@ You can use the systemctl tool to manage the httpd service, including starting, ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If the running Apache HTTP server functions as a secure server, a password is required after the system is started. The password is an encrypted private SSL key. #### Stopping the Service @@ -155,7 +155,7 @@ If the following information is displayed, the syntax of the configuration file Syntax OK ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- Before modifying the configuration file, back up the original file so that the configuration file can be quickly restored if a fault occurs. >- The modified configuration file takes effect only after the web service is restarted. @@ -194,7 +194,7 @@ For example, to load the asis DSO module, perform the following steps: ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >**Common httpd commands** >- httpd -v: views the httpd version number. >- httpd -l: views the static modules compiled into the httpd program. @@ -313,7 +313,7 @@ Nginx is a lightweight web server which also acts as a reverse proxy server and ### Installing Nginx -1. Configure the local yum source. For details, see [Configuring the Repo Server](configuring-the-repo-server.html). +1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). 2. Clear the cache. ``` @@ -347,7 +347,7 @@ You can use the systemctl tool to manage the Nginx service, including starting, #### Prerequisites - Ensure that the Nginx service has been installed. If not, install it by referring to [Installing Nginx](#installing-nginx). - For more information about service management, see [Service Management](service-management.html). + For more information about service management, see [Service Management](./service-management.html). - To start, stop, and restart the Nginx service, you must have the **root** permission. @@ -367,7 +367,7 @@ You can use the systemctl tool to manage the Nginx service, including starting, ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If the running Nginx server functions as a secure server, a password is required after the system is started. The password is an encrypted private SSL key. #### Stopping the Service @@ -457,7 +457,7 @@ Although the default configuration can be used in most cases, you need to be fam If the command output contains **syntax is ok**, the syntax of the configuration file is correct. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- Before modifying the configuration file, back up the original file so that the configuration file can be quickly restored if a fault occurs. >- The modified configuration file takes effect only after the web service is restarted. diff --git a/content/en/docs/Administration/faqs.md b/docs/en/docs/Administration/faqs.md similarity index 52% rename from content/en/docs/Administration/faqs.md rename to docs/en/docs/Administration/faqs.md index 5fc145d13b938d547d649182d524a22e2eb9c73d..d05a9a318ee6d2793dd2f560d1a8136e1372b5c8 100644 --- a/content/en/docs/Administration/faqs.md +++ b/docs/en/docs/Administration/faqs.md @@ -1,14 +1,7 @@ # FAQs - -- [FAQs](#faqs) - - [Why Is the Memory Usage of the libvirtd Service Queried by Running the systemctl and top Commands Different?](#why-is-the-memory-usage-of-the-libvirtd-service-queried-by-running-the-systemctl-and-top-commands-different) - - [An Error Occurs When stripsize Is Set to 4 During RAID 0 Volume Configuration](#an-error-occurs-when-stripsize-is-set-to-4-during-raid-0-volume-configuration) - - [Failed to Compile MariaDB Using rpmbuild](#failed-to-compile-mariadb-using-rpmbuild) - - [Failed to Start the SNTP Service Using the Default Configuration](#failed-to-start-the-sntp-service-using-the-default-configuration) - - [Installation Failure Caused by Software Package Conflict, File Conflict, or Missing Software Package](#installation-failure-caused-by-software-package-conflict-file-conflict-or-missing-software-package) +[[toc]] - ## Why Is the Memory Usage of the libvirtd Service Queried by Running the systemctl and top Commands Different? ### Symptom @@ -162,3 +155,122 @@ If a software package is missing, perform the following steps \(the missed softw ``` 3. Perform the upgrade again. + +## Why Do OpenSSH-related Packages Fail to Be Installed when the OpenSSH Software Package Is Upgraded in Default DNF Update Mode? + +### Symptom + +When the OpenSSH software package is upgraded in default DNF update mode, a message indicating that the OpenSSH-related packages cannot be installed is displayed as follows: + ``` +cannot install both openssh-7.8p1-8.oe1.aarch64 and openssh-8.2p1-5.oe1.aarch64 + +cannot install both openssh-7.8p1-8.oe1.aarch64 and openssh-8.2p1-4.oe1.aarch64 + +cannot install the best update condidate for package openssh-clients-8.2p1-5.oe1.aarch64 + +cannot install the best update condidate for package openssh-8.2p1-5.oe1.aarch64 + ``` + +### Possible Cause + +By default, the best mode of the DNF package manager (the corresponding parameter is **--best**) is enabled. The **--best** option for DNF always tries to upgrade to the latest version available even if dependencies cannot be satisfied. By enabling the DNF best mode by default, the user will be reminded that a later package version is available but it fails to satisfy the dependencies. If a problem occurs, the DNF displays a message to notify the user of the problem. The openEuler Community developers are looking to make this default setting change in case that a security fix package cannot be upgraded due to dependency issues, under the current premise that it could be silently ignored and the user would not be aware. In addition, using the DNF best mode will quickly alert developers to problems in upgrade paths. + +### Solution + +A **--nobest** option for DNF will be available to override or disable the default behavior, allowing the user to properly upgrade the security fix package when the package to be upgraded has dependency issues. + +Open source software developers of openEuler 20.03-LTS-SP1 have identified this scenario during the upgrade of the security fix version of the OpenSSH software package. It is recommended that users select a proper upgrade mode based on the preceding analysis. openEuler also provides users with specific instructions on the upgrade operation: + + ``` + dnf update –y –nobest openssh + ``` +## The libiscsi Fails to Downgrade + +### Symptom + +The libiscsi-1.19.2 or a later version fails to downgrade to libiscsi-1.19.1 or an earlier version. + +``` +Error: Transaction test error: +file /usr/bin/iscsi-inq from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-ls from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-perf from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-readcapacity16 from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-swp from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-test-cu from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +``` + +### Cause Analysis + +In versions earlier than the libiscsi-1.19.1, binary files such as **iscsi-xxx** are packed into the main package **libiscsi**. However, these binary files introduce the improper dependency CUnit. To solve this problem, the libiscsi-1.19.2 incorporates these binary files into a subpackage **libiscsi-utils**, and the **libiscsi** is weakly dependent on the **libiscsi-utils**. As a result, the integration of the **libiscsi-utils** is optional during mirroring. The **libiscsi** is not affected even if the **libiscsi-utils** is uninstalled or not integrated. + +When the **libiscsi-utils** is installed in the system, it will not downgrade because the libiscsi-1.19.1 or an earlier version that downgrades from the libiscsi-1.19.2 or a later version cannot provide the corresponding libiscsi-utils. However, **libiscsi-utils** depends on the main package **libiscsi** that has been generated before the downgrade. As a result, the dependency problem cannot be resolved and the downgrade fails. + +### Solution + +Run the following command to uninstall the **libiscsi-utils** and then perform the downgrade: + +``` +yum remove libiscsi-utils +``` + +## The xfsprogs Fails to Downgrade + +### Symptom + +xfsprogs-5.6.0-2 or a later version fails to downgrade to xfsprogs-5.6.0-1 or an earlier version. + +``` +Error: +Problem: problem with installed package xfsprogs-xfs_scrub-5.6.0-2.oe1.x86_64 +- package xfsprogs-xfs_scrub-5.6.0-2.oe1.x86_64 requires xfsprogs = 5.6.0-2.oe1, but none of the providers can be installed +- cannot install both xfsprogs-5.6.0-1.oe1.x86_64 and xfsprogs-5.6.0-2.oe1.x86_64 +- cannot install both xfsprogs-5.6.0-2.oe1.x86_64 and xfsprogs-5.6.0-1.oe1.x86_64 +- conflicting requests +``` + +### Cause Analysis + +To reduce the dependency of the **xfsprogs** main package, the xfsprogs-5.6.0-2 version separates the **xfs\_scrub\*** command from the main package and incorporates the command into a subpackage **xfsprogs-xfs\_scrub**. The **xfsprogs** main package is weakly dependent on the **xfsprogs-xfs\_scrub**. As a result, the integration or uninstallation of the **xfsprogs-xfs\_scrub** is optional during mirroring. The xfsprogs main package is not affected even if the **xfsprogs-xfs\_scrub** is uninstalled or not integrated. + +When the **xfsprogs-xfs\_scrub** is installed in the system, it will not downgrade because the xfsprogs-5.6.0-1 or an earlier version that downgrades from the xfsprogs-5.6.0-2 or a later version cannot provide the corresponding xfsprogs-xfs\_scrub. However, **xfsprogs-xfs\_scrub** depends on the xfsprogs main package that has been generated before the downgrade. As a result, the dependency problem cannot be resolved and the downgrade fails. + +### Solution + +Run the following command to uninstall the **xfsprogs-xfs\_scrub** subpackage and then perform the downgrade: + +``` +yum remove xfsprogs-xfs_scrub +``` + +## ReDoS Caused by Improper Use of glibc Regular Expressions + +### Symptom + +When the regcomp and regexec interfaces of glibc are used for programming, or shell commands that use glibc regular expressions, such as **grep** and **sed**, are executed, improper regular expressions or input may cause the regular expression denial of service (ReDoS) (CVE-2019-9192/CVE-2018-28796). The typical regular expression pattern is the combination of reverse reference (indicated by **\\1**), **\*** (zero match or multiple matches), **+** (one match or multiple matches), and **{m,n}** (m: minimum number of matches; n: maximum number of matches). You can also enter an ultra-long character string together with the regular expression. Examples are shown as follows: + +``` +# echo D | grep -E "$(printf '(\0|)(\\1\\1)*')"Segmentation fault (core dumped) +# grep -E "$(printf '(|)(\\1\\1)*')" +Segmentation fault (core dumped) +# echo A | sed '/\(\)\(\1\1\)*/p' +Segmentation fault (core dumped) +# time python -c 'print "a"*40000' | grep -E "a{1,32767}" +Segmentation fault (core dumped) +# time python -c 'print "a"*40900' | grep -E "(a)\\1" +Segmentation fault (core dumped) +``` + +### Cause Analysis + +A core dump occurs on the process that uses the regular expression. This occurs because the glibc regular expression is implemented using the hybrid DFA-NFA algorithm. The internal principle is to use the greedy algorithm for recursive search to match as many character strings as possible. The greedy algorithm causes the ReDoS when processing recursive regular expressions. + +### Solution + +1. Strictly control the user permission to reduce the scope of attack. +2. Ensure that the regular expression is correct. Do not enter an invalid regular expression or a combination that may trigger infinite recursion, such as an ultra-long character string accompanied with **\\1** or **\***. + ``` + # ()(\1\1)* + # "a"*400000 + ``` +3. After detecting a process exception in the program, restart the process to restore services, which helps improve program reliability. \ No newline at end of file diff --git "a/content/en/docs/Administration/figures/\346\220\255\345\273\272\346\225\260\346\215\256\347\233\230-0.png" b/docs/en/docs/Administration/figures/Creating_DataDisk-0.png similarity index 100% rename from "content/en/docs/Administration/figures/\346\220\255\345\273\272\346\225\260\346\215\256\347\233\230-0.png" rename to docs/en/docs/Administration/figures/Creating_DataDisk-0.png diff --git "a/content/en/docs/Administration/figures/\346\220\255\345\273\272\346\225\260\346\215\256\347\233\230.png" b/docs/en/docs/Administration/figures/Creating_DataDisk.png similarity index 100% rename from "content/en/docs/Administration/figures/\346\220\255\345\273\272\346\225\260\346\215\256\347\233\230.png" rename to docs/en/docs/Administration/figures/Creating_DataDisk.png diff --git a/content/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e-1.png b/docs/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e-1.png similarity index 100% rename from content/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e-1.png rename to docs/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e-1.png diff --git a/content/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e.png b/docs/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e.png similarity index 100% rename from content/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e.png rename to docs/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e.png diff --git a/content/en/docs/Administration/figures/en-us_image_0229622729.png b/docs/en/docs/Administration/figures/en-us_image_0229622729.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0229622729.png rename to docs/en/docs/Administration/figures/en-us_image_0229622729.png diff --git a/content/en/docs/Administration/figures/en-us_image_0229622789.png b/docs/en/docs/Administration/figures/en-us_image_0229622789.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0229622789.png rename to docs/en/docs/Administration/figures/en-us_image_0229622789.png diff --git a/content/en/docs/Administration/figures/en-us_image_0230050789.png b/docs/en/docs/Administration/figures/en-us_image_0230050789.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0230050789.png rename to docs/en/docs/Administration/figures/en-us_image_0230050789.png diff --git a/content/en/docs/Administration/figures/en-us_image_0231143189.png b/docs/en/docs/Administration/figures/en-us_image_0231143189.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0231143189.png rename to docs/en/docs/Administration/figures/en-us_image_0231143189.png diff --git a/content/en/docs/Administration/figures/en-us_image_0231143191.png b/docs/en/docs/Administration/figures/en-us_image_0231143191.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0231143191.png rename to docs/en/docs/Administration/figures/en-us_image_0231143191.png diff --git a/content/en/docs/Administration/figures/en-us_image_0231143193.png b/docs/en/docs/Administration/figures/en-us_image_0231143193.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0231143193.png rename to docs/en/docs/Administration/figures/en-us_image_0231143193.png diff --git a/content/en/docs/Administration/figures/en-us_image_0231143195.png b/docs/en/docs/Administration/figures/en-us_image_0231143195.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0231143195.png rename to docs/en/docs/Administration/figures/en-us_image_0231143195.png diff --git a/content/en/docs/Administration/figures/en-us_image_0231143196.png b/docs/en/docs/Administration/figures/en-us_image_0231143196.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0231143196.png rename to docs/en/docs/Administration/figures/en-us_image_0231143196.png diff --git a/content/en/docs/Administration/figures/en-us_image_0231143197.png b/docs/en/docs/Administration/figures/en-us_image_0231143197.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0231143197.png rename to docs/en/docs/Administration/figures/en-us_image_0231143197.png diff --git a/content/en/docs/Administration/figures/en-us_image_0231143198.png b/docs/en/docs/Administration/figures/en-us_image_0231143198.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0231143198.png rename to docs/en/docs/Administration/figures/en-us_image_0231143198.png diff --git a/content/en/docs/Administration/figures/en-us_image_0231563132.png b/docs/en/docs/Administration/figures/en-us_image_0231563132.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0231563132.png rename to docs/en/docs/Administration/figures/en-us_image_0231563132.png diff --git a/content/en/docs/Administration/figures/en-us_image_0231563134.png b/docs/en/docs/Administration/figures/en-us_image_0231563134.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0231563134.png rename to docs/en/docs/Administration/figures/en-us_image_0231563134.png diff --git a/content/en/docs/Administration/figures/en-us_image_0231563135.png b/docs/en/docs/Administration/figures/en-us_image_0231563135.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0231563135.png rename to docs/en/docs/Administration/figures/en-us_image_0231563135.png diff --git a/content/en/docs/Administration/figures/en-us_image_0231563136.png b/docs/en/docs/Administration/figures/en-us_image_0231563136.png similarity index 100% rename from content/en/docs/Administration/figures/en-us_image_0231563136.png rename to docs/en/docs/Administration/figures/en-us_image_0231563136.png diff --git a/content/en/docs/Administration/figures/example-command-output.png b/docs/en/docs/Administration/figures/example-command-output.png similarity index 100% rename from content/en/docs/Administration/figures/example-command-output.png rename to docs/en/docs/Administration/figures/example-command-output.png diff --git "a/content/en/docs/Administration/figures/\347\231\273\345\275\225.png" b/docs/en/docs/Administration/figures/login.png similarity index 100% rename from "content/en/docs/Administration/figures/\347\231\273\345\275\225.png" rename to docs/en/docs/Administration/figures/login.png diff --git a/content/en/docs/Administration/figures/mariadb-logical-architecture.png b/docs/en/docs/Administration/figures/mariadb-logical-architecture.png similarity index 100% rename from content/en/docs/Administration/figures/mariadb-logical-architecture.png rename to docs/en/docs/Administration/figures/mariadb-logical-architecture.png diff --git a/content/en/docs/Administration/figures/nginx-deployment-succeeded.png b/docs/en/docs/Administration/figures/nginx-deployment-succeeded.png similarity index 100% rename from content/en/docs/Administration/figures/nginx-deployment-succeeded.png rename to docs/en/docs/Administration/figures/nginx-deployment-succeeded.png diff --git a/content/en/docs/Administration/figures/nginx-startup-failure.png b/docs/en/docs/Administration/figures/nginx-startup-failure.png similarity index 100% rename from content/en/docs/Administration/figures/nginx-startup-failure.png rename to docs/en/docs/Administration/figures/nginx-startup-failure.png diff --git a/content/en/docs/Administration/figures/postgres.png b/docs/en/docs/Administration/figures/postgres.png similarity index 100% rename from content/en/docs/Administration/figures/postgres.png rename to docs/en/docs/Administration/figures/postgres.png diff --git a/content/en/docs/Administration/figures/postgresql-architecture.png b/docs/en/docs/Administration/figures/postgresql-architecture.png similarity index 100% rename from content/en/docs/Administration/figures/postgresql-architecture.png rename to docs/en/docs/Administration/figures/postgresql-architecture.png diff --git a/content/en/docs/Administration/figures/the-nginx-service-is-successfully-started.png b/docs/en/docs/Administration/figures/the-nginx-service-is-successfully-started.png similarity index 100% rename from content/en/docs/Administration/figures/the-nginx-service-is-successfully-started.png rename to docs/en/docs/Administration/figures/the-nginx-service-is-successfully-started.png diff --git a/content/en/docs/Administration/managing-hard-disks-through-lvm.md b/docs/en/docs/Administration/managing-hard-disks-through-lvm.md similarity index 99% rename from content/en/docs/Administration/managing-hard-disks-through-lvm.md rename to docs/en/docs/Administration/managing-hard-disks-through-lvm.md index 45c63cd6e2a964cc0857e8be9103f0f62584b4f1..10e5910556072e84aefd1d61cecf406d0f0d2fb0 100644 --- a/content/en/docs/Administration/managing-hard-disks-through-lvm.md +++ b/docs/en/docs/Administration/managing-hard-disks-through-lvm.md @@ -60,10 +60,10 @@ When disks are managed using LVM, file systems are distributed on multiple disks ## Installing the LVM ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The LVM has been installed on the openEuler OS by default. You can run the **rpm -qa | grep lvm2** command to check whether it is installed. If the command output contains "lvm2", the LVM has been installed. In this case, skip this section. If no information is output, the LVM is not installed. Install it by referring to this section. -1. Configure the local yum source. For details, see [Configuring the Repo Server](configuring-the-repo-server.html). +1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). 2. Clear the cache. ``` @@ -358,7 +358,7 @@ In the preceding information: - _lvname_: device file corresponding to the LV whose attributes are to be displayed. If this option is not set, attributes of all LVs are displayed. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Device files corresponding to LVs are stored in the VG directory. For example, if LV **lv1** is created in VG **vg1**, the device file corresponding to **lv1** is **/dev/vg1/lv1**. diff --git a/content/en/docs/Administration/process-management.md b/docs/en/docs/Administration/process-management.md similarity index 99% rename from content/en/docs/Administration/process-management.md rename to docs/en/docs/Administration/process-management.md index e745e2271bdefd0a6a940ca09e88ff61d8547874..4032595e9628a73264e53976e363328e2a4cb716 100644 --- a/content/en/docs/Administration/process-management.md +++ b/docs/en/docs/Administration/process-management.md @@ -111,7 +111,7 @@ Both the top and the ps commands can display a list of currently running process [Figure 1](#en-us_topic_0151921029_f289234fcdbac453796200d80e9889cd1) provides an example output of the top command. **Figure 1** Example command output -![](figures/example-command-output.png "example-command-output") +![](./figures/example-command-output.png "example-command-output") ### kill Command The **kill** command is used to terminate a process regardless of whether the process is running in foreground or background. It differs from the combo key **Ctrl+c**, which can terminate only foreground processes. The kill command is used to terminate a process regardless of whether the process is running in foreground or background. The reason for terminating a background process can be heavy use of CPU resources or deadlock. @@ -310,7 +310,7 @@ For example, to create a crontab file for the userexample user, perform the foll After the new file is installed, you will find a file named userexample in the **/var/spool/cron** directory. This file is the required crontab file. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Do not restart the cron service after a crontab file is modified, because the cron service, once started, reads the crontab file every minute to check whether there are commands that need to be executed periodically. You do not need to restart the **cron** service after modifying the **crontab** file. #### /etc/crontab File @@ -328,7 +328,7 @@ HOME=/ 42 4 1 * * root run-parts /etc/cron.monthly //Run scripts in the /etc/cron.monthly directory once a month. ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If the **run-parts** parameter is deleted, a script name instead of a directory name is executed. ## Suspending/Resuming a Process diff --git a/content/en/docs/Administration/public_sys-resources/icon-caution.gif b/docs/en/docs/Administration/public_sys-resources/icon-caution.gif similarity index 100% rename from content/en/docs/Administration/public_sys-resources/icon-caution.gif rename to docs/en/docs/Administration/public_sys-resources/icon-caution.gif diff --git a/content/en/docs/Administration/public_sys-resources/icon-danger.gif b/docs/en/docs/Administration/public_sys-resources/icon-danger.gif similarity index 100% rename from content/en/docs/Administration/public_sys-resources/icon-danger.gif rename to docs/en/docs/Administration/public_sys-resources/icon-danger.gif diff --git a/content/en/docs/Administration/public_sys-resources/icon-note.gif b/docs/en/docs/Administration/public_sys-resources/icon-note.gif similarity index 100% rename from content/en/docs/Administration/public_sys-resources/icon-note.gif rename to docs/en/docs/Administration/public_sys-resources/icon-note.gif diff --git a/content/en/docs/Administration/public_sys-resources/icon-notice.gif b/docs/en/docs/Administration/public_sys-resources/icon-notice.gif similarity index 100% rename from content/en/docs/Administration/public_sys-resources/icon-notice.gif rename to docs/en/docs/Administration/public_sys-resources/icon-notice.gif diff --git a/content/en/docs/Administration/public_sys-resources/icon-tip.gif b/docs/en/docs/Administration/public_sys-resources/icon-tip.gif similarity index 100% rename from content/en/docs/Administration/public_sys-resources/icon-tip.gif rename to docs/en/docs/Administration/public_sys-resources/icon-tip.gif diff --git a/content/en/docs/Administration/public_sys-resources/icon-warning.gif b/docs/en/docs/Administration/public_sys-resources/icon-warning.gif similarity index 100% rename from content/en/docs/Administration/public_sys-resources/icon-warning.gif rename to docs/en/docs/Administration/public_sys-resources/icon-warning.gif diff --git a/content/en/docs/Administration/service-management.md b/docs/en/docs/Administration/service-management.md similarity index 98% rename from content/en/docs/Administration/service-management.md rename to docs/en/docs/Administration/service-management.md index 58457238c65e283618308bc13ea644c034a77fd8..f7950c0494a2d0714b2cef3d08edd88b4e90a9a0 100644 --- a/content/en/docs/Administration/service-management.md +++ b/docs/en/docs/Administration/service-management.md @@ -115,13 +115,6 @@ In systemd, the targets of most actions are units, which are resources systemd k

A group of hierarchically organized units that manage system processes.

Snapshot unit

-

.snapshot

-

A saved state of the systemd manager.

-

Socket unit

.socket

@@ -710,7 +703,7 @@ Give root password for maintenance (or press Control-D to continue): ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >You need to restart the system to enter the normal working mode from the rescue mode. ### Changing to Emergency Mode @@ -728,7 +721,7 @@ Give root password for maintenance (or press Control-D to continue): ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >You need to restart the system to enter the normal working mode from the emergency mode. ## Shutting Down, Suspending, and Hibernating the Operating System diff --git a/content/en/docs/Administration/setting-up-the-database-server.md b/docs/en/docs/Administration/setting-up-the-database-server.md similarity index 95% rename from content/en/docs/Administration/setting-up-the-database-server.md rename to docs/en/docs/Administration/setting-up-the-database-server.md index c88049f01333ce83b94cb8d52d8979a4eeca1df7..5a9965be1a1b6203f5115cf44adaf91884a53761 100644 --- a/content/en/docs/Administration/setting-up-the-database-server.md +++ b/docs/en/docs/Administration/setting-up-the-database-server.md @@ -32,7 +32,7 @@ [Figure 1](#fig26022387391) shows the PostgreSQL architecture and [Table 1](#table62020913417) describes the main processes. **Figure 1** PostgreSQL architecture -![](figures/postgresql-architecture.png "postgresql-architecture") +![](./figures/postgresql-architecture.png "postgresql-architecture") **Table 1** Main processes in PostgreSQL @@ -109,14 +109,14 @@ ### Configuring the Environment ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The following environment configuration is for reference only. Configure the environment based on the site requirements. #### Disabling the Firewall and Automatic Startup ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >It is recommended that firewall be disabled in the test environment to prevent network impact. Configure the firewall based on actual requirements. 1. Stop the firewall service as the **root** user. @@ -131,7 +131,7 @@ # systemctl disable firewalld ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The automatic startup is automatically disabled as the firewall is disabled. @@ -146,7 +146,7 @@ #### Creating a User Group and a User ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >In the server environment, independent users are assigned to each process to implement permission isolation for security purposes. The user group and user are created for the OS, not for the database. 1. Create a PostgreSQL user or user group as the **root** user. @@ -168,7 +168,7 @@ #### Creating Data Drives ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- When testing the ultimate performance, you are advised to attach NVMe SSDs with better I/O performance to create PostgreSQL test instances to avoid the impact of disk I/O on the performance test result. This section uses NVMe SSDs as an example. For details, see Step 1 to Step 4. >- In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. > \# mkdir /data @@ -206,7 +206,7 @@ #### Installing PostgreSQL -1. Configure the local yum source. For details, see [Configuring the Repo Server](configuring-the-repo-server.html). +1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). 2. Clear the cache. ``` @@ -238,7 +238,7 @@ ##### Initializing the Database ->![](public_sys-resources/icon-notice.gif) **NOTICE:** +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** >Perform this step as the postgres user. 1. Switch to the created PostgreSQL user. @@ -270,7 +270,7 @@ If the following information is displayed, the PostgreSQL processes have been started. - ![](figures/postgres.png) + ![](./figures/postgres.png) ##### Logging In to the Database @@ -281,9 +281,9 @@ $ /usr/bin/psql -U postgres ``` - ![](figures/登录.png) + ![](./figures/login.png) - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >You do not need to enter a password when logging in to the database for the first time. @@ -295,7 +295,7 @@ postgres=#alter user postgres with password '123456'; ``` - ![](figures/en-us_image_0230050789.png) + ![](./figures/en-us_image_0230050789.png) ##### Exiting the Database @@ -708,7 +708,7 @@ postgres=# \l; You can run the **DROP DATABASE** statement or **dropdb** command to delete a database. The **dropdb** command encapsulates the **DROP DATABASE** statement and needs to be executed on the shell GUI instead of the database GUI. ->![](public_sys-resources/icon-caution.gif) **CAUTION:** +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** >Exercise caution when deleting a database. Once a database is deleted, all tables and data in the database will be deleted. ``` @@ -802,7 +802,7 @@ The MariaDB database management system is a branch of MySQL and is maintained by [Figure 2](#fig13492418164520) shows the MariaDB architecture. **Figure 2** MariaDB logical architecture -![](figures/mariadb-logical-architecture.png "mariadb-logical-architecture") +![](./figures/mariadb-logical-architecture.png "mariadb-logical-architecture") When MariaDB receives a SQL statement, the execution process is as follows: @@ -824,14 +824,14 @@ Each storage engine manages and stores data in different ways, and supports diff ### Configuring the Environment ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The following environment configuration is for reference only. Configure the environment based on the site requirements. #### Disabling the Firewall and Automatic Startup ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >It is recommended that firewall be disabled in the test environment to prevent network impact. Configure the firewall based on actual requirements. 1. Stop the firewall service as the **root** user. @@ -846,7 +846,7 @@ Each storage engine manages and stores data in different ways, and supports diff # systemctl disable firewalld ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The automatic startup is automatically disabled as the firewall is disabled. @@ -861,7 +861,7 @@ Each storage engine manages and stores data in different ways, and supports diff #### Creating a User Group and a User ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >In the server environment, independent users are assigned to each process to implement permission isolation for security purposes. The user group and user are created for the OS, not for the database. 1. Create a MySQL user or user group as the **root** user. @@ -885,7 +885,7 @@ Each storage engine manages and stores data in different ways, and supports diff #### Creating Data Drives ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- If a performance test needs to be performed, an independent drive is required for the data directory. You need to format and mount the drive. For details, see Method 1 or Method 2. >- In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. > \# mkdir /data @@ -923,13 +923,13 @@ Each storage engine manages and stores data in different ways, and supports diff In the last line, **/dev/nvme0n1p1** is only an example. - ![](figures/搭建数据盘.png) + ![](./figures/Creating_DataDisk.png) ##### Method 2: Using LVM for Drive Management as the **root** user ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Install the LVM2 package in the image as follows: ->1. Configure the local yum source. For details, see [Configuring the Repo Server](configuring-the-repo-server.html). If the repository has been configured, skip this step. +>1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). If the repository has been configured, skip this step. >2. Install LVM2. > **\# yum install lvm2** @@ -971,7 +971,7 @@ Each storage engine manages and stores data in different ways, and supports diff In the last line, **/dev/datavg/datalv** is only an example. - ![](figures/d1376b2a-d036-41c4-b852-e8368f363b5e.png) + ![](./figures/d1376b2a-d036-41c4-b852-e8368f363b5e.png) #### Creating a Database Directory and Granting Permissions @@ -991,7 +991,7 @@ Each storage engine manages and stores data in different ways, and supports diff #### Installing MariaDB -1. Configure the local yum source. For details, see [Configuring the Repo Server](configuring-the-repo-server.html). +1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). 2. Clear the cache. ``` @@ -1041,7 +1041,7 @@ Each storage engine manages and stores data in different ways, and supports diff After the command is executed, the system prompts you to enter the password. The password is the one set in [2](#li197143190587). - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Run the **\\q** or **exit** command to exit the database. @@ -1174,7 +1174,7 @@ In the preceding information: - **FOR 'username'@'hostname'**: specifies the username and hostname whose password is to be changed. This parameter is optional. - **PASSWORD\('newpassword'\)**: indicates that the **PASSWORD\(\)** function is used to set a new password. That is, the new password must be transferred to the **PASSWORD\(\)** function for encryption. ->![](public_sys-resources/icon-caution.gif) **CAUTION:** +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** >The **PASSWORD\(\)** function is a unidirectional encryption function. Once encrypted, the original plaintext cannot be decrypted. If the **FOR** clause is not added to the **SET PASSWORD** statement, the password of the current user is changed. @@ -1198,7 +1198,7 @@ Use the **DROP USER** statement to delete one or more user accounts and relate DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']...; ``` ->![](public_sys-resources/icon-caution.gif) **CAUTION:** +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** >The deletion of users does not affect the tables, indexes, or other database objects that they have created, because the database does not record the accounts that have created these objects. The **DROP USER** statement can be used to delete one or more database accounts and their original permissions. @@ -1321,7 +1321,7 @@ In the preceding command, **databasename** indicates the database name. You can run the **DROP DATABASE** statement to delete a database. ->![](public_sys-resources/icon-caution.gif) **CAUTION:** +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** >Exercise caution when deleting a database. Once a database is deleted, all tables and data in the database will be deleted. ``` @@ -1415,7 +1415,7 @@ In the preceding information: Run the **mysql** command as the **root** user to restore the database. -Back up one or more tables: +Restore one or more tables: ``` mysql -h hostname -P portnumber -u username -ppassword databasename < infile @@ -1451,14 +1451,14 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard ### Configuring the Environment ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The following environment configuration is for reference only. Configure the environment based on the site requirements. #### Disabling the Firewall and Automatic Startup ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >It is recommended that firewall be disabled in the test environment to prevent network impact. Configure the firewall based on actual requirements. 1. Stop the firewall service as the **root** user. @@ -1473,7 +1473,7 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard # systemctl disable firewalld ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The automatic startup is automatically disabled as the firewall is disabled. @@ -1488,7 +1488,7 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard #### Creating a User Group and a User ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >In the server environment, independent users are assigned to each process to implement permission isolation for security purposes. The user group and user are created for the OS, not for the database. 1. Create a MySQL user or user group as the **root** user. @@ -1512,7 +1512,7 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard #### Creating Data Drives ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- If a performance test needs to be performed, an independent drive is required for the data directory. You need to format and mount the drive. For details, see Method 1 or Method 2. >- In a non-performance test, run the following command as the **root** user to create a data directory. Then skip this section. > \# mkdir /data @@ -1550,13 +1550,13 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard In the last line, **/dev/nvme0n1p1** is only an example. - ![](figures/搭建数据盘-0.png) + ![](./figures/Creating_DataDisk-0.png) ##### Method 2: Using LVM for Drive Management as the **root** user ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Install the LVM2 package in the image as follows: ->1. Configure the local yum source. For details, see [Configuring the Repo Server](configuring-the-repo-server.html). If the repository has been configured, skip this step. +>1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). If the repository has been configured, skip this step. >2. Install LVM2. > **\# yum install lvm2** @@ -1598,7 +1598,7 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard In the last line, **/dev/datavg/datalv** is only an example. - ![](figures/d1376b2a-d036-41c4-b852-e8368f363b5e-1.png) + ![](./figures/d1376b2a-d036-41c4-b852-e8368f363b5e-1.png) #### Creating a Database Directory and Granting Permissions @@ -1618,8 +1618,21 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard #### Installing MySQL - -1. Configure the local yum source. For details, see [Configuring the Repo Server](configuring-the-repo-server.html). +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> For 20.03 LTS SP1, if you run the **rpm -Uvh XXX** command (XXX indicates the version, for example, mysql-8.0.21-1.oe1.aarch64.rpm) to upgrade mysql-8.0.17-3.oe1 to the latest version, the functions are unavailable after the upgrade. You can use either of the following methods to upgrade the version. The following uses the upgrade from mysql-8.0.17-3.oe1 to mysql-8.0.21-1.oe1 as an example: +> +>Method 1: Run the following upgrade command: + ``` + # rpm -Uvh mysql-8.0.21-1.oe1.aarch64.rpm --noscripts + ``` +> +>Method 2: Run the following commands to uninstall the MySQL of the earlier version and then install the MySQL of the new version: + ``` + # rpm -e mysql-8.0.17-3.oe1 + # rpm -ivh mysql-8.0.21-1.oe1.aarch64.rpm + ``` + +1. Configure the local yum source. For details, see [Configuring the Repo Server](./configuring-the-repo-server.html). 2. Clear the cache. ``` @@ -1635,13 +1648,13 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard 4. Install the MySQL server as the **root** user. ``` - # dnf install mysql + # dnf install mysql-server ``` 5. Check the installed RPM package. ``` - $ rpm -qa | grep mysql + $ rpm -qa | grep mysql-server ``` @@ -1682,9 +1695,9 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard $ cat /etc/my.cnf ``` - ![](figures/en-us_image_0231563132.png) + ![](./figures/en-us_image_0231563132.png) - >![](public_sys-resources/icon-caution.gif) **CAUTION:** + >![](./public_sys-resources/icon-caution.gif) **CAUTION:** >In the configuration file, **basedir** specifies the software installation path. Change it based on actual situation. 3. Change the group and user of the **/etc/my.cnf** file to **mysql:mysql** as the **root** user. @@ -1700,7 +1713,7 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard # echo export PATH=$PATH:/usr/local/mysql/bin >> /etc/profile ``` - >![](public_sys-resources/icon-caution.gif) **CAUTION:** + >![](./public_sys-resources/icon-caution.gif) **CAUTION:** >In the command, **/usr/local/mysql/bin** is the absolute path of the **bin** files in the MySQL software installation directory. Change it based on actual situation. 2. Run the following command as the **root** user to make the environment variables take effect: @@ -1711,7 +1724,7 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard 3. Initialize the database as the **root** user. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The second line from the bottom contains the initial password, which will be used when you log in to the database. ``` @@ -1725,7 +1738,7 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard 4. Start the database. - >![](public_sys-resources/icon-caution.gif) **CAUTION:** + >![](./public_sys-resources/icon-caution.gif) **CAUTION:** >Start MySQL as user **mysql** if it is the first time to start the database service. If you start MySQL as user **root**, a message will be displayed indicating that the **mysql.log** file is missing. If you start MySQL as user **mysql**, the **mysql.log** file will be generated in the **/data/mysql/log** directory. No error will be displayed if you start the database as user **root** again. 1. Modify the file permission as the **root** user. @@ -1750,7 +1763,7 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard 5. Log in to the database. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >- Enter the initial password generated during database initialization \([3](#li15634560582)\). >- If MySQL is installed by using an RPM package obtained from the official website, the **mysqld** file is located in the **/usr/sbin** directory. Ensure that the directory specified in the command is correct. @@ -1758,7 +1771,7 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard $ /usr/local/mysql/bin/mysql -uroot -p -S /data/mysql/run/mysql.sock ``` - ![](figures/en-us_image_0231563134.png) + ![](./figures/en-us_image_0231563134.png) 6. Configure the database accounts and passwords. 1. After logging in to the database, change the password of user **root** for logging in to the database. @@ -1780,7 +1793,7 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard mysql>flush privileges; ``` - ![](figures/en-us_image_0231563135.png) + ![](./figures/en-us_image_0231563135.png) 7. Exit the database. @@ -1790,7 +1803,7 @@ The Structured Query Language \(SQL\) used by MySQL is the most common standard mysql>exit ``` - ![](figures/en-us_image_0231563136.png) + ![](./figures/en-us_image_0231563136.png) #### Uninstalling MySQL @@ -1943,7 +1956,7 @@ Use the **DROP USER** statement to delete one or more user accounts and relate DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']...; ``` ->![](public_sys-resources/icon-caution.gif) **CAUTION:** +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** >The deletion of users does not affect the tables, indexes, or other database objects that they have created, because the database does not record the accounts that have created these objects. The **DROP USER** statement can be used to delete one or more database accounts and their original permissions. @@ -2065,7 +2078,7 @@ In the preceding command, _databasename_ indicates the database name. Run the **DROP DATABASE** statement to delete a database. ->![](public_sys-resources/icon-caution.gif) **CAUTION:** +>![](./public_sys-resources/icon-caution.gif) **CAUTION:** >Exercise caution when deleting a database. Once a database is deleted, all tables and data in the database will be deleted. ``` @@ -2159,7 +2172,7 @@ In the preceding information: Run the **mysql** command as the **root** user to restore the database. -Back up one or more tables: +Restore one or more tables: ``` mysql -h hostname -P portnumber -u username -ppassword databasename < infile diff --git a/content/en/docs/Administration/user-and-user-group-management.md b/docs/en/docs/Administration/user-and-user-group-management.md similarity index 97% rename from content/en/docs/Administration/user-and-user-group-management.md rename to docs/en/docs/Administration/user-and-user-group-management.md index a63178022f5bebfc4764bc4302eadf80708b2003..34306a56e606bf88006cfc3bb3340a854306ab44 100644 --- a/content/en/docs/Administration/user-and-user-group-management.md +++ b/docs/en/docs/Administration/user-and-user-group-management.md @@ -48,7 +48,7 @@ For example, to create a user named userexample, run the following command as th # useradd userexample ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If no prompt is displayed, the user is successfully created. After the user is created, run the **passwd** command to assign a password to the user. A new account without a password will be banned. To view information about the new user, run the **id** command: @@ -96,7 +96,7 @@ Retype new password: passwd: all authentication tokens updated successfully. ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If the command output contains **BAD PASSWORD: The password fails the dictionary check - it is too simplistic/sytematic**, the password is too simple and needs to be reset. ### Modifying a User Account @@ -161,7 +161,7 @@ For example, run the following command to delete user Test: If you also need to delete the user's home directory and all contents in the directory, run the **userdel** command with the -r option to delete them recursively. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >You are not advised to directly delete a user who has logged in to the system. To forcibly delete a user, run the **userdel -f** _Test_ command. ### Granting Rights to a Common User @@ -213,7 +213,7 @@ The information configured in the **/etc/sudoers** file is as follows: This indicates that newuser1 on the ted1 host can run the **useradd** and **userdel** commands as the user **root**. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >- You can define multiple aliases in a line and separate them with colons \(:\). >- You can add an exclamation mark \(!\) before a command or a command alias to make the command or the command alias invalid. >- There are two keywords: ALL and NOPASSWD. ALL indicates all files, hosts, or commands, and NOPASSWD indicates that no password is required. @@ -297,7 +297,7 @@ For example, run the following command to delete user group Test: # groupdel Test ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The user's primary group cannot be directly deleted. To forcibly delete a user's primary group, run the **groupdel -f** _Test_ command. ### Adding a User to a Group or Removing a User from a Group diff --git a/content/en/docs/Administration/using-the-dnf-to-manage-software-packages.md b/docs/en/docs/Administration/using-the-dnf-to-manage-software-packages.md similarity index 96% rename from content/en/docs/Administration/using-the-dnf-to-manage-software-packages.md rename to docs/en/docs/Administration/using-the-dnf-to-manage-software-packages.md index 4f2074cc13cc035f17b1184fd1d6cb83eab94c61..add57f7a8b6989a47b3a27a5f25b34b946ceddb6 100644 --- a/content/en/docs/Administration/using-the-dnf-to-manage-software-packages.md +++ b/docs/en/docs/Administration/using-the-dnf-to-manage-software-packages.md @@ -2,7 +2,7 @@ DNF is a Linux software package management tool used to manage RPM software packages. The DNF can query software package information, obtain software packages from a specified software library, automatically process dependencies to install or uninstall software packages, and update the system to the latest available version. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- DNF is fully compatible with YUM and provides YUM-compatible command lines and APIs for extensions and plug-ins. >- You must have the administrator rights to use the DNF. All commands in this chapter must be executed by the administrator. @@ -130,8 +130,8 @@ The repository part allows you to customize openEuler software source repositori baseurl=repository_url ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** - >openEuler provides an online image source at [https://repo.openeuler.org/](https://repo.openeuler.org/). For example, if the openEuler 20.03 version is aarch64, the **baseurl** can be set to [https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/](https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/). + >![](./public_sys-resources/icon-note.gif) **NOTE:** + >openEuler provides an online image source at [https://repo.openeuler.org/](https://repo.openeuler.org/). For example, if the openEuler 20.03 SP1 version is aarch64, the **baseurl** can be set to [https://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/](https://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/). Common options are as follows: @@ -160,25 +160,24 @@ The repository part allows you to customize openEuler software source repositori - Configuring the .repo file in the /etc/yum.repos.d directory - openEuler provides multiple repo sources for users online. For details about the repo sources, see [System Installation](../Releasenotes/installing-the-os.md.html). This section uses the OS repo source of the AArch64 architecture as an example. + openEuler provides multiple repo sources for users online. For details about the repo sources, see [System Installation](./../Releasenotes/installing-the-os.md.html). - For example, run the following command as the **root** user to add the openeuler repo source to the openEuler_aarch64.repo file. + For example, run the following command as the administrator authority to add the openeuler repo source to the openEuler.repo file. ``` - # vi /etc/yum.repos.d/openEuler_aarch64.repo + # vi /etc/yum.repos.d/openEuler.repo ``` ``` - [osrepo] - name=osrepo - baseurl=https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/ + [OS] + name=openEuler-$releasever - OS + baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/$basearch/ enabled=1 gpgcheck=1 - gpgkey=https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler - + gpgkey=https://repo.openeuler.org/openEuler-20.09/OS/$basearch/RPM-GPG-KEY-openEuler ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** > - **enabled** indicates whether to enable the software source repository. The value can be **1** or **0**. The default value is **1**, indicating that the software source repository is enabled. > - **gpgkey** is the public key used to verify the signature. @@ -356,8 +355,8 @@ The following is an example: # dnf install httpd ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** ->If the RPM package fails to be installed, see [Installation Failure Caused by Software Package Conflict, File Conflict, or Missing Software Package](faqs.html#installation-failure-caused-by-software-package-conflict-file-conflict-or-missing-software-package). +>![](./public_sys-resources/icon-note.gif) **NOTE:** +>If the RPM package fails to be installed, see [Installation Failure Caused by Software Package Conflict, File Conflict, or Missing Software Package](./faqs.html#installation-failure-caused-by-software-package-conflict-file-conflict-or-missing-software-package). ### Downloading Software Packages To download the software package using the DNF, run the following command as the user **root**: diff --git a/content/en/docs/Administration/using-the-kae.md b/docs/en/docs/Administration/using-the-kae.md similarity index 97% rename from content/en/docs/Administration/using-the-kae.md rename to docs/en/docs/Administration/using-the-kae.md index 66b0fd514d36a969872499fac630e00f9c55c890..e19884366b12f329fb877b7fec4bae2a4c320123 100644 --- a/content/en/docs/Administration/using-the-kae.md +++ b/docs/en/docs/Administration/using-the-kae.md @@ -80,12 +80,12 @@ The KAE applies to the following scenarios, as shown in [Table 1](#table1191582 ##### Environment Requirements - The accelerator engine is enabled on TaiShan 200 servers. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- You need to import the accelerator license. For details, see section "License Management" in the [TaiShan Rack Server iBMC \(V500 or Later\) User Guide](https://support.huawei.com/enterprise/en/doc/EDOC1100121685/426cffd9?idPath=7919749|9856522|21782478|8060757). >- If the accelerator is used in the physical machine scenario, the SMMU must be disabled. For details, see the [TaiShan 200 Server BIOS Parameter Reference](https://support.huawei.com/enterprise/en/doc/EDOC1100088647). - CPU: Kunpeng 920 -- OS: openEuler-20.03-LTS-aarch64-dvd.iso +- OS: openEuler-20.03-LTS-SP1-aarch64-dvd.iso ##### KAE Software Description **Table 2** RPM software packages of the KAE @@ -138,7 +138,7 @@ The KAE applies to the following scenarios, as shown in [Table 1](#table1191582 3. Use SSH to copy all accelerator engine software package to the created directory. 4. In the directory, run the **rpm -ivh** command to install the accelerator engine software packages. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Install the **libwd** package first because the **libkae** package installation depends on the **libwd** package. ``` @@ -282,7 +282,7 @@ You can run the following commands to test some accelerator functions. ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >\#After KAE acceleration, the signature performance is improved from 724.1 sign/s to 2819 sign/s. - Use the OpenSSL software algorithm to test the asynchronous RSA performance. @@ -304,7 +304,7 @@ You can run the following commands to test some accelerator functions. ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >\#After KAE acceleration, the asynchronous RSA signature performance is improved from 735.7 sign/s to 54384.1 sign/s. - Use the OpenSSL software algorithm to test the performance of the SM4 CBC mode. @@ -332,7 +332,7 @@ You can run the following commands to test some accelerator functions. ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >After KAE acceleration, the SM4 CBC mode performance is improved from 82312.53 kbit/s to 383317.33 kbit/s when the input data block size is 8 MB. - Use the OpenSSL software algorithm to test the SM3 mode performance. @@ -359,7 +359,7 @@ You can run the following commands to test some accelerator functions. ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >After KAE acceleration, the SM3 algorithm performance is improved from 52428.80 kbit/s to 668292.44 kbit/s when the input data block size is 8 MB. - Use the OpenSSL software algorithm to test the asynchronous performance of the AES algorithm in CBC mode. @@ -388,7 +388,7 @@ You can run the following commands to test some accelerator functions. ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- The AES algorithm supports only asynchronous usage when the data length is 256 KB or less. >- After KAE acceleration, the AES algorithm performance is improved from 1123328.00 kbit/s to 3996774.40 kbit/s when the input data block size is 100 KB. @@ -405,15 +405,15 @@ You can run the **rpm -Uvh** command to upgrade the accelerator software. The command and output are as follows: - ![](figures/en-us_image_0231143189.png) + ![](./figures/en-us_image_0231143189.png) - ![](figures/en-us_image_0231143191.png) + ![](./figures/en-us_image_0231143191.png) 5. Run the **rpm -qa** command to check whether the upgrade is successful. Ensure that the queried version is the latest version. - ![](figures/en-us_image_0231143193.png) + ![](./figures/en-us_image_0231143193.png) - ![](figures/en-us_image_0231143195.png) + ![](./figures/en-us_image_0231143195.png) 6. Restart the system or run the following commands to manually uninstall the drivers of the earlier version, load the drivers of the latest version, and check whether the new drivers are successfully loaded. @@ -458,16 +458,16 @@ You do not need the accelerator engine software or you want to install new accel 3. Run the **rpm -e** command to uninstall the accelerator engine software packages. The following is an example: - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Due to the dependency relationships, the **libkae** package must be uninstalled before the **libwd** package. - ![](figures/en-us_image_0231143196.png) + ![](./figures/en-us_image_0231143196.png) - ![](figures/en-us_image_0231143197.png) + ![](./figures/en-us_image_0231143197.png) 4. Run the **rpm -qa |grep** command to check whether the uninstallation is successful. - ![](figures/en-us_image_0231143198.png) + ![](./figures/en-us_image_0231143198.png) ## Querying Logs @@ -511,7 +511,7 @@ You do not need the accelerator engine software or you want to install new accel ## Acceleration Engine Application ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If you have not purchased the engine license, you are advised not to use the KAE engine to invoke the corresponding algorithms. Otherwise, the performance of the OpenSSL encryption algorithm may be affected. diff --git a/content/en/docs/Administration/viewing-system-information.md b/docs/en/docs/Administration/viewing-system-information.md similarity index 87% rename from content/en/docs/Administration/viewing-system-information.md rename to docs/en/docs/Administration/viewing-system-information.md index 460bfa3bfff0bf5e5a08802b9e44037442e36086..322c28ac81b19afab4a59e2d0aff4a61a360311b 100644 --- a/content/en/docs/Administration/viewing-system-information.md +++ b/docs/en/docs/Administration/viewing-system-information.md @@ -11,10 +11,10 @@ ``` $ cat /etc/os-release NAME="openEuler" - VERSION="20.09" + VERSION="20.03 (LTS)" ID="openEuler" - VERSION_ID="20.09" - PRETTY_NAME="openEuler 20.09" + VERSION_ID="20.03" + PRETTY_NAME="openEuler 20.03 (LTS)" ANSI_COLOR="0;31" ``` diff --git a/content/en/docs/ApplicationDev/application-development.md b/docs/en/docs/ApplicationDev/application-development.md similarity index 95% rename from content/en/docs/ApplicationDev/application-development.md rename to docs/en/docs/ApplicationDev/application-development.md index d80e8b2f7d0a55040966ae74f04c1a3b2cde40b2..37e6fe6f72174bce3105f26947d0475221719f63 100644 --- a/content/en/docs/ApplicationDev/application-development.md +++ b/docs/en/docs/ApplicationDev/application-development.md @@ -29,13 +29,13 @@ The symbols that may be found in this document are defined as follows.

+

![](./figures/en-us_image_0229243712.png)

Indicates a potentially hazardous situation which, if not avoided, could result in equipment damage, data loss, performance deterioration, or unanticipated results.

NOTICE is used to address practices not related to personal injury.

+

![](./figures/en-us_image_0229243671.png)

Supplements the important information in the main text.

NOTE is used to address information not related to personal injury, equipment damage, and environment deterioration.

@@ -80,7 +80,7 @@ The symbols that may be found in this document are defined as follows.

Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected.

{ x | y | ... }*

+

{ x | y | ... }\*

Optional items are grouped in brackets and separated by vertical bars. A minimum of one or a maximum of all can be selected.

Sets the name of the NIC on a host.

Mandatory. The value can contain a maximum of 15 characters, including letters, digits, underscores (_), hyphens (-), and periods (.). It must start with a letter. The device name must be unique on the same host.

+

Mandatory. The value can contain a maximum of 15 characters, including letters, digits, underscores (\_), hyphens (-), and periods (.). It must start with a letter. The device name must be unique on the same host.

name

diff --git a/content/en/docs/Container/appendix.md b/docs/en/docs/Container/appendix.md similarity index 100% rename from content/en/docs/Container/appendix.md rename to docs/en/docs/Container/appendix.md diff --git a/content/en/docs/Container/application-scenarios-2.md b/docs/en/docs/Container/application-scenarios-2.md similarity index 100% rename from content/en/docs/Container/application-scenarios-2.md rename to docs/en/docs/Container/application-scenarios-2.md diff --git a/content/en/docs/Container/application-scenarios.md b/docs/en/docs/Container/application-scenarios.md similarity index 100% rename from content/en/docs/Container/application-scenarios.md rename to docs/en/docs/Container/application-scenarios.md diff --git a/content/en/docs/Container/checking-the-container-health-status.md b/docs/en/docs/Container/checking-the-container-health-status.md similarity index 100% rename from content/en/docs/Container/checking-the-container-health-status.md rename to docs/en/docs/Container/checking-the-container-health-status.md diff --git a/content/en/docs/Container/command-reference.md b/docs/en/docs/Container/command-reference.md similarity index 100% rename from content/en/docs/Container/command-reference.md rename to docs/en/docs/Container/command-reference.md diff --git a/content/en/docs/Container/configurable-cgroup-path.md b/docs/en/docs/Container/configurable-cgroup-path.md similarity index 100% rename from content/en/docs/Container/configurable-cgroup-path.md rename to docs/en/docs/Container/configurable-cgroup-path.md diff --git a/content/en/docs/Container/configuring-networking-for-a-secure-container.md b/docs/en/docs/Container/configuring-networking-for-a-secure-container.md similarity index 98% rename from content/en/docs/Container/configuring-networking-for-a-secure-container.md rename to docs/en/docs/Container/configuring-networking-for-a-secure-container.md index ae4bbcea38c500e6eab7603423c1d5c23d7433f1..001355c89d3ee5d8426dfd8bb199310105275cfb 100644 --- a/content/en/docs/Container/configuring-networking-for-a-secure-container.md +++ b/docs/en/docs/Container/configuring-networking-for-a-secure-container.md @@ -117,7 +117,7 @@ Related commands are as follows: null ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >If an IP address is specified for an NIC that is successfully added, Kata adds a default route whose destination is in the same network segment as the IP address of the NIC. In the preceding example, after the NIC is added, the following route is added to the container: >``` >[root@6ec7a98 /]# ip route @@ -197,7 +197,7 @@ Related commands are as follows: - **gateway**: Next-hop gateway of the route. When **"dest":"default"** is configured, the gateway is mandatory. In other cases, this parameter is optional. - **device**: Name of the NIC corresponding to the route, which is mandatory. The value contains a maximum of 15 characters. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >If a route is added for the loopback device **lo** in the container, the device name corresponding to the **device** field in the route configuration file is **lo**. 4. **Run the following command to delete a specified route:** @@ -228,7 +228,7 @@ Related commands are as follows: null ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >- In the input fields, **dest** is mandatory, and both **device** and **gateway** are optional. Kata performs fuzzy match based on different fields and deletes the corresponding routing rules. For example, if **dest** is set to an IP address, all rules of this IP address will be deleted. >- If the route of the loopback device **lo** in the container is deleted, the device name corresponding to the **device** field in the route configuration file is **lo**. @@ -238,7 +238,7 @@ Related commands are as follows: $ cat ./test-iface.json | kata-runtime kata-network del-iface 6ec7a98 - ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >When deleting an NIC, you can only delete it based on the **name** field in the NIC container. Kata does not identify other fields. The following describes the output of the **kata-runtime kata-network del-iface **command for deleting NICs: @@ -317,7 +317,7 @@ The secure container provides an API for adding the **ipvs** command and setti kata-runtime kata-ipvs ipvsadm --restore - < ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >By default, the NAT mode is used for adding a single real server. To add real servers in batches, you need to manually add the **-m** option to use the NAT mode. >The following is an example of the rule file content: >-A -t 10.10.11.12:100 -s rr -p 3000 @@ -337,7 +337,7 @@ The secure container provides an API for adding the **ipvs** command and setti kata-runtime kata-ipvs ipvsadm --parameters "--set 100 100 200" ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >1. Each container supports a maximum of 20000 iptables rules \(5000 services and three servers/services\). Both add-service and add-server are rules. >2. Before importing rules in batches, you need to clear existing rules. >3. No concurrent test scenario exists. diff --git a/content/en/docs/Container/configuring-resources-for-a-secure-container.md b/docs/en/docs/Container/configuring-resources-for-a-secure-container.md similarity index 98% rename from content/en/docs/Container/configuring-resources-for-a-secure-container.md rename to docs/en/docs/Container/configuring-resources-for-a-secure-container.md index 09c05bf98473557a452aa9d67b4f2aed5ec89a11..ded03af6d5b7f39ab1e55bb239fec3a7687b45f2 100644 --- a/content/en/docs/Container/configuring-resources-for-a-secure-container.md +++ b/docs/en/docs/Container/configuring-resources-for-a-secure-container.md @@ -45,7 +45,7 @@ When a pod is started, all containers in the pod share the same net namespace an Socket(s): 4 ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The maximum number of CPUs that can be configured is the number of CPUs \(excluding isolated cores\) that can run on the OS. The minimum number of CPUs is 0.5. 2. Configure CPU resources for running a container. @@ -98,7 +98,7 @@ When a pod is started, all containers in the pod share the same net namespace an 3. Configure CPU hot swap. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The CPU hot swap function of the secure container requires the virtualization component QEMU. The **enable\_cpu\_memory\_hotplug** option in the kata-runtime configuration file **config.toml** is used to enable or disable CPU and memory hot swap. The default value is **false**, indicating that CPU and memory hot swap is disabled. If the value is **true**, CPU and memory hot swap is enabled. @@ -157,7 +157,7 @@ When a pod is started, all containers in the pod share the same net namespace an    - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The pause container is only a placeholder container and does not have any workload. Therefore, when a lightweight VM is started, the CPU allocated by default can be shared by other containers. Therefore, you only need to hot add three CPUs to the lightweight VM for the new container started in the preceding example. - After the container where the CPU is hot added is stopped, the CPU is removed when the container is started. @@ -187,7 +187,7 @@ When a pod is started, all containers in the pod share the same net namespace an Swap: 0 0 0 ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >- If the memory size of a lightweight VM is not set using **--annotation com.github.containers.virtcontainers.sandbox\_mem**, the lightweight VM uses 1 GB memory by default. >- The minimum memory size of a pod in a secure container is 1 GB, and the maximum memory size is 256 GB. If the memory size allocated to a user exceeds 256 GB, an undefined error may occur. Currently, secure containers do not support the scenario where the memory size exceeds 256 GB. @@ -216,7 +216,7 @@ When a pod is started, all containers in the pod share the same net namespace an The memory hot add function is also configured by the **enable\_cpu\_memory\_hotplug** option in the kata-runtime configuration file **config.toml**. For details, see [3](#limiting-cpu-resources.md#en-us_topic_0183903699_li2167326144011). - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Currently, memory resources support hot add only. The **-m** option is reused in kata-runtime to implement the memory hot add function. The sum of the **-m** options of all containers in a pod is collected to determine the number of memories to be hot added to a lightweight VM. @@ -255,7 +255,7 @@ When a pod is started, all containers in the pod share the same net namespace an Swap: 0 0 0 ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The pause container is only a placeholder container and does not have any workload. Therefore, the memory allocated to the lightweight VM during startup can be shared by other containers. You only need to hot add 3 GB memory to the lightweight VM for the new container started in the preceding example. @@ -334,7 +334,7 @@ The secure container reuses the **--files-limit** option in the **docker run* docker run -tid --runtime kata-runtime --network none --annotation io.kubernetes.docker.type=podsandbox --files-limit bash ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- If the value of **--files-limit** is less than the default minimum value **1024** and is not **0**, the maximum number of file descriptors that can be opened by the QEMU process of the secure container is set to the minimum value **1024**. >- If the value of **--files-limit** is 0, the maximum number of file descriptors that can be opened by the QEMU process of the secure container is the default value obtained by dividing the maximum number of file descriptors that can be opened by the system \(/proc/sys/fs/file-max\) by 400. >- If the maximum number of file descriptors that can be opened by the QEMU process of the secure container is not displayed when the secure container is started, the maximum number of file descriptors that can be opened by the QEMU process of the secure container is the same as the system default value. diff --git a/content/en/docs/Container/container-engine.md b/docs/en/docs/Container/container-engine.md similarity index 99% rename from content/en/docs/Container/container-engine.md rename to docs/en/docs/Container/container-engine.md index 58147841a9fd75a8cf9ab7dcfe3fb0c627af57b1..5b8e754314ec95d9f920c49da86af5b650de6898 100644 --- a/content/en/docs/Container/container-engine.md +++ b/docs/en/docs/Container/container-engine.md @@ -128,9 +128,7 @@ The **docker** command supports the following parameters:

Parameter to be executed when a container is started.

For example, set the native.umask parameter.

-
#The umask value of the started container is 0022.
---exec-opt native.umask=normal 
-
+
#The umask value of the started container is 0022.--exec-opt native.umask=normal 
 #The umask value of the started container is 0027 (default value).
 --exec-opt  native.umask=secure    

 
Note: If native.umask is also configured in docker create or docker run command, the configuration in command is used.

diff --git a/content/en/docs/Container/container-management-1.md b/docs/en/docs/Container/container-management-1.md
similarity index 99%
rename from content/en/docs/Container/container-management-1.md
rename to docs/en/docs/Container/container-management-1.md
index 6b22156ca3dbc69a130f7d4bc1ce3c42a72f3654..0619fdd77430868ca53239aee2d6f4aea8cb2ec4 100644
--- a/content/en/docs/Container/container-management-1.md
+++ b/docs/en/docs/Container/container-management-1.md
@@ -578,7 +578,7 @@ When the container is running, the health check status is written into the conta
 }
 ```
 
->![](public_sys-resources/icon-note.gif) **NOTE:**   
+>![](./public_sys-resources/icon-note.gif) **NOTE:**   
 >-   A maximum of five health check status records can be stored in a container. The last five records are saved.  
 >-   Only one health check configuration item can take effect in a container at a time. The later items configured in the Dockerfile will overwrite the earlier ones. Configurations during container creation will overwrite those in images.  
 >-   In the Dockerfile, you can set  **HEALTHCHECK NONE**  to cancel the health check configuration in a referenced image. When a container is running, you can set  **--no-healthcheck**  to cancel the health check configuration in an image. Do not configure the health check and  **--no-healthcheck**  parameters at the same time during the startup.  
diff --git a/content/en/docs/Container/container-management-2.md b/docs/en/docs/Container/container-management-2.md
similarity index 99%
rename from content/en/docs/Container/container-management-2.md
rename to docs/en/docs/Container/container-management-2.md
index dbde4ac1f49c094e1d763b50d7473915598c4c1b..1ce5d85ff343c2f1e84c0cc1f0d917d373236146 100644
--- a/content/en/docs/Container/container-management-2.md
+++ b/docs/en/docs/Container/container-management-2.md
@@ -1029,7 +1029,7 @@ Example:
 $ sudo docker restart busybox
 ```
 
->![](public_sys-resources/icon-note.gif) **NOTE:**   
+>![](./public_sys-resources/icon-note.gif) **NOTE:**   
 >During the container restart, if a process in the  **D**  or  **Z**  state exists in the container, the container may fail to be restarted. In this case, you need to analyze the cause of the  **D**  or  **Z**  state of the process in the container. Restart the container after the  **D**  or  **Z**  state of the process in the container is released.  
 
 ## rm
diff --git a/content/en/docs/Container/container-management.md b/docs/en/docs/Container/container-management.md
similarity index 99%
rename from content/en/docs/Container/container-management.md
rename to docs/en/docs/Container/container-management.md
index 3597e9b292bee333c781a3a8e28614c22fccb41b..cc81d13b9c691fb1efc0253043f442eedf07bfe6 100644
--- a/content/en/docs/Container/container-management.md
+++ b/docs/en/docs/Container/container-management.md
@@ -740,12 +740,12 @@ The following table lists the parameters supported by the  **run**  command.
- >![](public_sys-resources/icon-notice.gif) **NOTICE:** + >![](./public_sys-resources/icon-notice.gif) **NOTICE:** >Scenario 1: Mount **/home/test1** and then **/home/test2**. In this case, the content in **/home/test1** overwrites the content in **/mnt**. As a result, the **abc** directory does not exist in **/mnt**, and mounting** /home/test2** to **/mnt/abc** fails. >Scenario 2: Mount **/home/test2** and then **/home/test1**. In this case, the content of **/mnt** is replaced with the content of **/home/test1** during the second mounting. In this way, the content mounted during the first mounting from **/home/test2** to **/mnt/abc** is overwritten. >The first scenario is not supported. For the second scenario, users need to understand the risk of data access failures. - >![](public_sys-resources/icon-notice.gif) **NOTICE:** + >![](./public_sys-resources/icon-notice.gif) **NOTICE:** >- In high concurrency scenarios \(200 containers are concurrently started\), the memory management mechanism of Glibc may cause memory holes and large virtual memory \(for example, 10 GB\). This problem is caused by the restriction of the Glibc memory management mechanism in the high concurrency scenario, but not by memory leakage. Therefore, the memory consumption does not increase infinitely. You can set the **MALLOC\_ARENA\_MAX** environment variable to reduce the virtual memory and increase the probability of reducing the physical memory. However, this environment variable will cause the iSulad concurrency performance to deteriorate. Set this environment variable based on the site requirements. > ``` > To balance performance and memory usage, set MALLOC_ARENA_MAX to 4. (The iSulad performance deterioration on the ARM64 server is controlled by less than 10%.) @@ -1241,7 +1241,7 @@ The following table lists the parameters supported by the **inspect** command. ### Constraints -- Lightweight containers do not support the output in \{\{.State\}\} format but support the output in the \{\{json .State\}\} format. The **-f** parameter is not supported when the object is an image. +- Lightweight containers do not support the output in \{ \{.State\} \} format but support the output in the \{ \{json .State\} \} format. The **-f** parameter is not supported when the object is an image. ### Example diff --git a/content/en/docs/Container/container-resource-management.md b/docs/en/docs/Container/container-resource-management.md similarity index 99% rename from content/en/docs/Container/container-resource-management.md rename to docs/en/docs/Container/container-resource-management.md index b09a880f1ec839182e397772a70fc16f8c3ae63f..3b7166202e7354619bb61d14e55eaa1d0386e9c3 100644 --- a/content/en/docs/Container/container-resource-management.md +++ b/docs/en/docs/Container/container-resource-management.md @@ -168,7 +168,7 @@ To restrict a container to use a specific CPU, add **--cpuset-cpus number** wh isula run -tid --cpuset-cpus 0,2-3 busybox sh ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >You can check whether the configuration is successful. For details, see "Querying Information About a Single Container." ## Restricting the Memory Usage of a Running Container @@ -459,7 +459,7 @@ overlay 10.0M 10.0M 0 100% / When using iSulad with the quota function to switch data disks, ensure that the data disks to be switched are mounted using the **prjquota** option and the mounting mode of the **/var/lib/isulad/storage/overlay2** directory is the same as that of the **/var/lib/isulad** directory. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Before switching the data disk, ensure that the mount point of **/var/lib/isulad/storage/overlay2** is unmounted. diff --git a/content/en/docs/Container/container.md b/docs/en/docs/Container/container.md similarity index 100% rename from content/en/docs/Container/container.md rename to docs/en/docs/Container/container.md diff --git a/content/en/docs/Container/cri.md b/docs/en/docs/Container/cri.md similarity index 99% rename from content/en/docs/Container/cri.md rename to docs/en/docs/Container/cri.md index 00bd00dd44c01724efe4a38d020d4c5d5c436732..cd412f0664db94d13f0fcbe4e3c9cd08245022cf 100644 --- a/content/en/docs/Container/cri.md +++ b/docs/en/docs/Container/cri.md @@ -44,7 +44,7 @@ The current CRI version is v1alpha1. For official API description, access the fo iSulad uses the API description file of version 1.14 used by Pass, which is slightly different from the official API description file. API description in this document prevails. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The listening IP address of the CRI WebSocket streaming service is **127.0.0.1** and the port number is **10350**. The port number can be configured in the **--websocket-server-listening-port** command or in the **daemon.json** configuration file. ## APIs diff --git a/content/en/docs/Container/docker-container.md b/docs/en/docs/Container/docker-container.md similarity index 100% rename from content/en/docs/Container/docker-container.md rename to docs/en/docs/Container/docker-container.md diff --git a/content/en/docs/Container/dynamically-loading-the-kernel-module.md b/docs/en/docs/Container/dynamically-loading-the-kernel-module.md similarity index 96% rename from content/en/docs/Container/dynamically-loading-the-kernel-module.md rename to docs/en/docs/Container/dynamically-loading-the-kernel-module.md index ae2efef6eef35d14072b5f71877a710d98bc93a3..7c1458075e1501d1422440e86b86ad3f3512467d 100644 --- a/content/en/docs/Container/dynamically-loading-the-kernel-module.md +++ b/docs/en/docs/Container/dynamically-loading-the-kernel-module.md @@ -5,7 +5,7 @@ Dynamically Loading the Kernel Module ## Function Description -Services in a container may depend on some kernel modules. You can set environment variables to dynamically load the kernel modules required by services in the container to the host before the system container starts. This feature must be used together with isulad-hooks. For details, see [Dynamically Managing Container Resources \(syscontainer-tools\)](dynamically-managing-container-resources-(syscontainer-tools).md). +Services in a container may depend on some kernel modules. You can set environment variables to dynamically load the kernel modules required by services in the container to the host before the system container starts. This feature must be used together with isulad-hooks. For details, see [Dynamically Managing Container Resources \(syscontainer-tools\)](./dynamically-managing-container-resources-(syscontainer-tools).md). ## Parameter Description @@ -50,7 +50,7 @@ nf_defrag_ipv6 20480 2 nf_conntrack,ip_vs libcrc32c 16384 3 nf_conntrack,nf_nat,ip_vs ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- isulad-tools must be installed on the host. >- **--hooks-spec** must be set to **isulad hooks**. diff --git a/content/en/docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md b/docs/en/docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md similarity index 99% rename from content/en/docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md rename to docs/en/docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md index 50f9a0602506b9d40ce5c640e5c7664fef3b3cd1..1c0aa377631d6c50d51d63b5b89fba237f1f658f 100644 --- a/content/en/docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md +++ b/docs/en/docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md @@ -254,7 +254,7 @@ In the preceding format: Add network interface to container 2aaca5c1af7c (eth3,eth1) done ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >When adding a virtual or physical NIC, ensure that the NIC is in the idle state. Adding a NIC in use will disconnect the system network. diff --git a/content/en/docs/Container/environment-variable-persisting.md b/docs/en/docs/Container/environment-variable-persisting.md similarity index 100% rename from content/en/docs/Container/environment-variable-persisting.md rename to docs/en/docs/Container/environment-variable-persisting.md diff --git a/content/en/docs/Container/figures/en-us_image_0183048952.png b/docs/en/docs/Container/figures/en-us_image_0183048952.png similarity index 100% rename from content/en/docs/Container/figures/en-us_image_0183048952.png rename to docs/en/docs/Container/figures/en-us_image_0183048952.png diff --git a/content/en/docs/Container/figures/en-us_image_0221924926.png b/docs/en/docs/Container/figures/en-us_image_0221924926.png similarity index 100% rename from content/en/docs/Container/figures/en-us_image_0221924926.png rename to docs/en/docs/Container/figures/en-us_image_0221924926.png diff --git a/content/en/docs/Container/figures/en-us_image_0221924927.png b/docs/en/docs/Container/figures/en-us_image_0221924927.png similarity index 100% rename from content/en/docs/Container/figures/en-us_image_0221924927.png rename to docs/en/docs/Container/figures/en-us_image_0221924927.png diff --git a/docs/en/docs/Container/figures/isula-build_arch.png b/docs/en/docs/Container/figures/isula-build_arch.png new file mode 100644 index 0000000000000000000000000000000000000000..911a9ae6f46988586ab49f15de282948f5470c37 Binary files /dev/null and b/docs/en/docs/Container/figures/isula-build_arch.png differ diff --git a/content/en/docs/Container/figures/relationship-between-the-secure-container-and-peripheral-components.png b/docs/en/docs/Container/figures/relationship-between-the-secure-container-and-peripheral-components.png similarity index 100% rename from content/en/docs/Container/figures/relationship-between-the-secure-container-and-peripheral-components.png rename to docs/en/docs/Container/figures/relationship-between-the-secure-container-and-peripheral-components.png diff --git a/docs/en/docs/Container/figures/sec-container.png b/docs/en/docs/Container/figures/sec-container.png new file mode 100644 index 0000000000000000000000000000000000000000..db0f0112328013505ec11ace1ad5c0077cf7ea40 Binary files /dev/null and b/docs/en/docs/Container/figures/sec-container.png differ diff --git a/content/en/docs/Container/image-management-1.md b/docs/en/docs/Container/image-management-1.md similarity index 100% rename from content/en/docs/Container/image-management-1.md rename to docs/en/docs/Container/image-management-1.md diff --git a/content/en/docs/Container/image-management-2.md b/docs/en/docs/Container/image-management-2.md similarity index 100% rename from content/en/docs/Container/image-management-2.md rename to docs/en/docs/Container/image-management-2.md diff --git a/content/en/docs/Container/image-management.md b/docs/en/docs/Container/image-management.md similarity index 99% rename from content/en/docs/Container/image-management.md rename to docs/en/docs/Container/image-management.md index 415f012bbd0b035529ebe1d1302946cb29a96804..53713d674f3ab41c463053781b4b8fcae363dd65 100644 --- a/content/en/docs/Container/image-management.md +++ b/docs/en/docs/Container/image-management.md @@ -245,7 +245,6 @@ $ cat /etc/isulad/daemon.json "rnd-dockerhub.huawei.com" ], "pod-sandbox-image": "", - "image-opt-timeout": "5m", "native.umask": "secure", "network-plugin": "", "cni-bin-dir": "", diff --git a/content/en/docs/Container/installation-and-deployment-1.md b/docs/en/docs/Container/installation-and-deployment-1.md similarity index 100% rename from content/en/docs/Container/installation-and-deployment-1.md rename to docs/en/docs/Container/installation-and-deployment-1.md diff --git a/content/en/docs/Container/installation-and-deployment-2.md b/docs/en/docs/Container/installation-and-deployment-2.md similarity index 99% rename from content/en/docs/Container/installation-and-deployment-2.md rename to docs/en/docs/Container/installation-and-deployment-2.md index 287c55db39ee38d50a510bb350e0394fa426ec53..e001954b7c15c4d9daa8d8ab930826bf67c20bcf 100644 --- a/content/en/docs/Container/installation-and-deployment-2.md +++ b/docs/en/docs/Container/installation-and-deployment-2.md @@ -52,12 +52,12 @@ cat /etc/docker/daemon.json Re-configuring various running directories and files \(including **--graph** and **--exec-root**\) may cause directory conflicts or file attribute changes, affecting the normal use of applications. ->![](public_sys-resources/icon-notice.gif) **NOTICE:** +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** >Therefore, the specified directories or files should be used only by Docker to avoid file attribute changes and security issues caused by conflicts. - Take **--graph** as an example. When **/new/path/** is used as the new root directory of the daemon, if a file exists in **/new/path/** and the directory or file name conflicts with that required by Docker \(for example, **containers**, **hooks**, and **tmp**\), Docker may update the original directory or file attributes, including the owner and permission. ->![](public_sys-resources/icon-notice.gif) **NOTICE:** +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** >From Docker 17.05, the **--graph** parameter is marked as **Deprecated** and replaced with the **--data-root** parameter. ### Daemon Network Configuration @@ -72,7 +72,7 @@ The default **umask** value of the main container process and exec process is The default value of **umask** is **0027** when Docker starts a container. You can change the value to **0022** by running the **--exec-opt native.umask=normal** command during container startup. ->![](public_sys-resources/icon-notice.gif) **NOTICE:** +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** >If **native.umask** is configured in **docker create** or **docker run** command, its value is used. For details, see the parameter description in [4.6.2.4 create](#create.md#EN-US_TOPIC_0184808242) and [4.6.2.16 run](#container-management-40.md#EN-US_TOPIC_0184808238). @@ -145,7 +145,7 @@ The following uses **-w /var/lib/docker -k docker** as an example to describe [root@localhost signal]# auditctl -l | grep docker -w /var/lib/docker/ -p rwxa -k docker ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >**-p \[r|w|x|a\]** and **-w** are used together to monitor the read, write, execution, and attribute changes \(such as timestamp changes\) of the directory. In this case, any file or directory operation in the **/var/lib/docker** directory will be recorded in the **audit.log** file. As a result, too many logs will be recorded in the **audit.log** file, which severely affects the memory or CPU usage of the auditd, and further affects the OS. For example, logs similar to the following will be recorded in the **/var/log/audit/audit.log** file each time the **ls /var/lib/docker/containers** command is executed: ``` @@ -447,7 +447,7 @@ When a system is unexpectedly powered off or system panic occurs, Docker daemon - Cache construction: The cache construction information will be deleted after the node is restarted. - Metadata stored in containerd: Metadata stored in containerd will be recreated when a container is started. Therefore, the metadata stored in containerd will be deleted when the node is restarted. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >If you want to manually clear data and restore the environment, you can set the environment variable **DISABLE\_CRASH\_FILES\_DELETE** to **true** to disable the function of clearing DB files when the daemon process is restarted due to power-off. diff --git a/content/en/docs/Container/installation-configuration.md b/docs/en/docs/Container/installation-configuration.md similarity index 97% rename from content/en/docs/Container/installation-configuration.md rename to docs/en/docs/Container/installation-configuration.md index 0ac4a800c3f0d9de03fdd6e22ce1f9db5919c743..f9a6b145ce99a18764dbe0e85475b2ae8b246363 100644 --- a/content/en/docs/Container/installation-configuration.md +++ b/docs/en/docs/Container/installation-configuration.md @@ -1,7 +1,7 @@ # Installation and Configuration -- [Installation and Configuration](installation-configuration) +- [Installation and Configuration](./installation-configuration) - [Installation Methods](#installation-methods) - [Deployment Configuration](#deployment-configuration) - [Configuration Mode](#configuration-mode) @@ -39,7 +39,7 @@ This section describes two installation methods. The iSulad server daemon **isulad** can be configured with a configuration file or by running the **isulad --xxx** command. The priority in descending order is as follows: CLI \> configuration file \> default configuration in code. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >If systemd is used to manage the iSulad process, modify the **OPTIONS** field in the **/etc/sysconfig/iSulad** file, which functions the same as using the CLI. - **CLI** @@ -66,7 +66,6 @@ The iSulad server daemon **isulad** can be configured with a configuration fil --hook-spec Default hook spec file applied to all containers -H, --host The socket name used to create gRPC server --image-layer-check Check layer intergrity when needed - --image-opt-timeout Max timeout(default 5m) for image operation --insecure-registry Disable TLS verification for the given registry --insecure-skip-verify-enforce Force to skip the insecure verify(default false) --log-driver Set daemon log driver, such as: file @@ -260,15 +259,6 @@ The iSulad server daemon **isulad** can be configured with a configuration fil overlay2.basesize=${size} #It is equivalent to overlay2.size. -

--image-opt-timeout

- -

"image-opt-timeout": "5m"

- -

Image operation timeout interval, which is 5m by default.

- -

The value -1 indicates that the timeout interval is not limited.

- -

--registry-mirrors

"registry-mirrors": [ "docker.io" ]

@@ -474,7 +464,6 @@ The iSulad server daemon **isulad** can be configured with a configuration fil "rnd-dockerhub.huawei.com" ], "pod-sandbox-image": "", - "image-opt-timeout": "5m", "native.umask": "secure", "network-plugin": "", "cni-bin-dir": "", @@ -485,7 +474,7 @@ The iSulad server daemon **isulad** can be configured with a configuration fil } ``` - >![](public_sys-resources/icon-notice.gif) **NOTICE:** + >![](./public_sys-resources/icon-notice.gif) **NOTICE:** >The default configuration file **/etc/isulad/daemon.json** is for reference only. Configure it based on site requirements. @@ -500,14 +489,14 @@ The iSulad server daemon **isulad** can be configured with a configuration fil -

*

+

\*

/etc/default/isulad/

Stores the OCI configuration file and hook template file of iSulad. The file configuration permission is set to 0640, and the sysmonitor check permission is set to 0550.

-

*

+

\*

/etc/isulad/

@@ -528,35 +517,35 @@ The iSulad server daemon **isulad** can be configured with a configuration fil

File for storing the iSulad PIDs. It is also a file lock to prevent multiple iSulad instances from being started.

-

*

+

\*

/run/lxc/

Lock file, which is created during iSulad running.

-

*

+

\*

/var/run/isulad/

Real-time communication cache file, which is created during iSulad running.

-

*

+

\*

/var/run/isula/

Real-time communication cache file, which is created during iSulad running.

-

*

+

\*

/var/lib/lcr/

Temporary directory of the LCR component.

-

*

+

\*

/var/lib/isulad/

@@ -588,7 +577,7 @@ The iSulad server daemon **isulad** can be configured with a configuration fil - Log file management: - >![](public_sys-resources/icon-notice.gif) **NOTICE:** + >![](./public_sys-resources/icon-notice.gif) **NOTICE:** >Log function interconnection: logs are managed by systemd as iSulad is and then transmitted to rsyslogd. By default, rsyslog restricts the log writing speed. You can add the configuration item **$imjournalRatelimitInterval 0** to the **/etc/rsyslog.conf** file and restart the rsyslogd service. - Restrictions on command line parameter parsing @@ -782,7 +771,7 @@ Mode 1 is used for the server, and mode 2 for the client if the two-way authenti Mode 2 is used for the server and the client if the unidirectional authentication mode is used for communication. ->![](public_sys-resources/icon-notice.gif) **NOTICE:** +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** >- If RPM is used for installation, the server configuration can be modified in the **/etc/isulad/daemon.json** and **/etc/sysconfig/iSulad** files. >- Two-way authentification is recommended as it is more secure than non-authentication or unidirectional authentication. >- GRPC open-source component logs are not taken over by iSulad. To view gRPC logs, set the environment variables **gRPC\_VERBOSITY** and **gRPC\_TRACE** as required. diff --git a/content/en/docs/Container/installation-guideline.md b/docs/en/docs/Container/installation-guideline.md similarity index 100% rename from content/en/docs/Container/installation-guideline.md rename to docs/en/docs/Container/installation-guideline.md diff --git a/content/en/docs/Container/installation-upgrade-Uninstallation.md b/docs/en/docs/Container/installation-upgrade-Uninstallation.md similarity index 100% rename from content/en/docs/Container/installation-upgrade-Uninstallation.md rename to docs/en/docs/Container/installation-upgrade-Uninstallation.md diff --git a/content/en/docs/Container/interconnection-with-the-cni-network.md b/docs/en/docs/Container/interconnection-with-the-cni-network.md similarity index 99% rename from content/en/docs/Container/interconnection-with-the-cni-network.md rename to docs/en/docs/Container/interconnection-with-the-cni-network.md index eea018fcb02e3f99dfaa79f1a67766156aeaaba1..ea181545190975bf2c889636a7975a51db940254 100644 --- a/content/en/docs/Container/interconnection-with-the-cni-network.md +++ b/docs/en/docs/Container/interconnection-with-the-cni-network.md @@ -114,7 +114,7 @@ If **--network-plugin=cni** is configured for iSulad and the default network p When StopPodSandbox is called, the interface for removing a pod from the CNI network list will be called to clear network resources. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >1. Before calling the RemovePodSandbox interface, you must call the StopPodSandbox interface at least once. >2. If StopPodSandbox fails to call the CNI, residual network resources may exist. diff --git a/docs/en/docs/Container/isula-build.md b/docs/en/docs/Container/isula-build.md new file mode 100644 index 0000000000000000000000000000000000000000..3bb112d09b7c976a2bc69c63a15bfa999e5e8294 --- /dev/null +++ b/docs/en/docs/Container/isula-build.md @@ -0,0 +1,833 @@ + + + +* [Installation](#installation) + * [Preparations](#preparations) + * [Installing isula-build](#installing-isula-build) +* [Configuring and Managing the isula-build Service](#configuring-and-managing-the-isula-build-service) + * [Configuring the isula-build Service](#configuring-the-isula-build-service) + * [Managing the isula-build Service](#managing-the-isula-build-service) + * [(Recommended) Using systemd for Management](#recommended-using-systemd-for-management) + * [Directly Running isula-builder](#directly-running-isula-builder) +* [Usage Guidelines](#usage-guidelines) + * [Prerequisites](#prerequisites) + * [Overview](#overview) + * [ctr-img: Container Image Management](#ctr-img-container-image-management) + * [build: Container Image Build](#build-container-image-build) + * [image: Viewing Local Persistent Build Images](#image-viewing-local-persistent-build-images) + * [import: Importing a Basic Container Image](#import-importing-a-basic-container-image) + * [load: Importing Cascade Images](#load-importing-cascade-images) + * [rm: Deleting a Local Persistent Image](#rm-deleting-a-local-persistent-image) + * [save: Exporting Cascade Images](#save-exporting-cascade-images) + * [tag: Tagging Local Persistent Images](#tag-tagging-local-persistent-images) + * [info: Viewing the Operating Environment and System Information](#info-viewing-the-operating-environment-and-system-information) + * [login: Logging In to the Remote Image Repository](#login-logging-in-to-the-remote-image-repository) + * [logout: Logging Out of the Remote Image Repository](#logout-logging-out-of-the-remote-image-repository) + * [version: Querying the isula-build Version](#version-querying-the-isula-build-version) +* [Directly Integrating a Container Engine](#directly-integrating-a-container-engine) + * [Integration with iSulad](#integration-with-isulad) + * [Integration with Docker](#integration-with-docker) +* [Appendix](#span-idappendixappendix) + * [Command Line Parameters](#command-line-parameters) + * [Communication Matrix](#communication-matrix) + * [File and Permission](#file-and-permission) + + + + + +isula-build is a container image build tool developed by the iSula container team. It allows you to quickly build container images using Dockerfiles. + +The isula-build uses the server/client mode. The isula-build functions as a client and provides a group of command line tools for image build and management. The isula-builder functions as the server, processes client management requests, and functions as the daemon process in the background. + +![isula-build architecure](./figures/isula-build_arch.png) + +Note: + +- Currently, isula-build supports only Docker images. + +# Installation + +## Preparations + +To ensure that isula-build can be successfully installed, the following software and hardware requirements must be met: + +- Supported architectures: x86_64 and AArch64 +- Supported OS: openEuler +- You have the permissions of the root user. + +### Installing isula-build + +Before using isula-build to build a container image, you need to install the following software packages: + + + +**(Recommended) Method 1: Using YUM** + +1. Configure the openEuler yum source. + +2. Log in to the target server as the root user and install isula-build. + + ``` + sudo yum install -y isula-build + ``` + + + +**Method 2: Using the RPM Package** + +1. Obtain the isula-build-*.rpm installation package from the openEuler yum source, for example, isula-build-0.9.3-1.oe1.x86_64.rpm. + +2. Upload the obtained RPM software package to any directory on the target server, for example, /home/. + +3. Log in to the target server as the root user and run the following command to install isula-build: + + ``` + sudo rpm -ivh /home/isula-build-*.rpm + ``` + +> **Note:** +After the installation is complete, you need to manually start the isula-build service. For details about how to start the service, see "Managing the isula-build Service." + +# Configuring and Managing the isula-build Service + +## Configuring the isula-build Service + +After the isula-build software package is installed, the systemd starts the isula-build service based on the default configuration contained in the isula-build software package on the isula-build server. If the default configuration file on the isula-build server cannot meet your requirements, perform the following operations to customize the configuration file: After the default configuration is modified, restart the isula-build server for the new configuration to take effect. For details, see "Managing the isula-build Service." + +Currently, the isula-build server contains the following configuration file: + +- /etc/isula-build/configuration.toml: general isula-builder configuration file, which is used to set the isula-builder log level, persistency directory, runtime directory, and OCI runtime. Parameters in the configuration file are described as follows: + +| Configuration Item | Mandatory or Optional | Description | Value | +| --------- | -------- | --------------------------------- | ----------------------------------------------- | +| debug | Optional | Indicates whether to enable the debug log function. | true: Enable the debug log function. false: Disable the debug log function. | +| loglevel | Optional | Sets the log level. | debug
info
warn
error | +| run_root | Mandatory | Sets the root directory of runtime data. | For example, /var/run/isula-build/ | +| data_root | Mandatory | Sets the local persistency directory. | For example, /var/lib/isula-build/ | +| runtime | Optional | Sets the runtime type. Currently, only runc is supported. | runc | + + +- /etc/isula-build/storage.toml: configuration file for local persistent storage, including the configuration of the storage driver in use. + +| Configuration Item | Mandatory or Optional | Description | +| ------ | -------- | ------------------------------ | +| driver | Optional | Storage driver type. Currently, overlay2 is supported. | + + For more settings, see [containers-storage.conf.5.md](https://github.com/containers/storage/blob/master/docs/containers-storage.conf.5.md). + + +- /etc/isula-build/registries.toml: configuration file for each image repository. + +| Configuration Item | Mandatory or Optional | Description | +| ------------------- | -------- | ------------------------------------------------------------ | +| registries.search | Optional | Search domain of the image repository. Only listed image repositories can be found. | +| registries.insecure | Optional | Accessible insecure image repositories. Listed image repositories cannot pass the authentication and are not recommended. | + + For more settings, see [containers-registries.conf.5.md](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md). + +- /etc/isula-build/policy.json: image pull/push policy file. Note: Currently, this parameter cannot be configured. + +>![](public_sys-resources/icon-note.gif) **Note:** +> +> - isula-build supports the preceding configuration file with the maximum size of 1 MiB. +> - The persistent working directory dataroot cannot be configured on the memory disk, for example, tmpfs. +> - Currently, only overlay2 can be used as the underlying graphdriver. + + + +## Managing the isula-build Service + +Currently, openEuler uses systemd to manage the isula-build service. The isula-build software package contains the systemd service file. After installing the isula-build software package, you can use the systemd tool to start or stop the isula-build service. You can also manually start the isula-builder software. Note that only one isula-builder process can be started on a node at a time. + +>![](public_sys-resources/icon-note.gif) **Note:** +> Only one isula-builder process can be started on a node at a time. + +### (Recommended) Using systemd for Management + +You can run the following systemd commands to start, stop, and restart the isula-build service: + +- Run the following command to start the isula-build service: + + ```sh + sudo systemctl start isula-build.service + ``` + +- Run the following command to stop the isula-build service: + + ```sh + sudo systemctl stop isula-build.service + ``` + +- Run the following command to restart the isula-builder service: + + ```sh + sudo systemctl restart isula-build.service + ``` + +The systemd service file of the isula-build software installation package is stored in the `/usr/lib/systemd/system/isula-build.service` directory. If you need to modify the systemd configuration of the isula-build service, modify the file and run the following command to make the modification take effect. Then restart the isula-build service based on the systemd management command. + +```sh +sudo systemctl daemon-reload +``` + +### Directly Running isula-builder + +You can also run the isula-builder command on the server to start the service. The isula-builder command can contain flags for service startup. The following flags are supported: + +- -D, --debug: whether to enable the debugging mode. +- --log-level: log level. The options are debug, info, warn, and error. The default value is info. +- --dataroot: local persistency directory. The default value is /var/lib/isula-build/. +- --runroot: runtime directory. The default value is /var/run/isula-build/. +- --storage-driver: underlying storage driver type. +- --storage-opt: underlying storage driver configuration. + +>![](public_sys-resources/icon-note.gif) **Note:** +> If the command line startup parameters contain the same configuration options as those in the configuration file, the command line parameters are preferentially used for startup. + +Start the isula-build service. For example, to specify the local persistency directory /var/lib/isula-build and disable debugging, run the following command: + +```sh +sudo isula-builder --dataroot "/var/lib/isula-build" --debug=false +``` + +# Usage Guidelines + +## Prerequisites + +isula-build depends on the executable file runc to build the RUN command in the Dockerfile. Therefore, the runc must be pre-installed in the running environment of isula-build. The installation method depends on the application scenario. If you do not need to use the complete docker-engine tool chain, you can install only the docker-runc RPM package. + +```sh +sudo yum install -y docker-runc +``` + +If you need to use a complete docker-engine tool chain, install the docker-engine RPM package, which contains the executable file runc by default. + +```sh +sudo yum install -y docker-engine +``` + +>![](public_sys-resources/icon-note.gif) **Note:** +>Users must ensure the security of OCI runtime (runc) executable files to prevent malicious replacement. + + + +## Overview + +The isula-build client provides a series of commands for building and managing container images. Currently, the isula-build client provides the following command lines: + +- ctr-img: manages container images. The ctr-img command contains the following subcommands: + - build: builds a container image based on the specified Dockerfile. + - images: lists local container images. + - import: imports a basic container image. + - load: imports a cascade image. + - rm: deletes a local container image. + - save: exports a cascade image to a local disk. + - tag: adds a tag to a local container image. +- info: displays the running environment and system information of isula-build. +- login: logs in to the remote container image repository. +- logout: logs out of the remote container image repository. +- version: displays the versions of isula-build and isula-builder. + +>![](public_sys-resources/icon-note.gif) **Note:** +The isula-build completion and isula-builder completion commands are used to generate the bash command completion script. This command is implicitly provided by the command line framework and is not displayed in the help information. + + + +The following describes how to use these commands in detail. + + + + +## ctr-img: Container Image Management + +The isula-build command groups all container image management commands into the `ctr-img` command. The command is as follows: + +``` +isula-build ctr-img [command] +``` + +### build: Container Image Build + +The subcommand build of the ctr-img command is used to build container images. The command is as follows: + +``` +isula-build ctr-img build [flags] +``` + +The build command contains the following flags: + +- --build-arg: string list, which contains variables required during the build process. +- --build-static: key value, which is used to build binary equivalence. Currently, the following key values are included: + - build-time: string, which indicates that a fixed timestamp is used to build a container image. The timestamp format is YYYY-MM-DD HH-MM-SS. +- -f, --filename: string, which indicates the path of the Dockerfiles. If this parameter is not specified, the current path is used. +- --iidfile: string, which indicates the ID of the image output to a local file. +- -o, --output: string, which indicates the image export mode and path. +- --proxy: Boolean, which inherits the proxy environment variable on the host. The default value is true. +- --tag: string, which indicates the tag value of the image that is successfully built. +- --cap-add: string list, which contains permissions required by the RUN command during the build process. + +** The following describes the flags in detail. ** + +**\--build-arg** + +Parameters in the Dockerfile are inherited from the command lines. The usage is as follows: + +```sh +$ echo "This is bar file" > bar.txt +$ cat Dockerfile_arg +FROM busybox +ARG foo +ADD ${foo}.txt . +RUN cat ${foo}.txt +$ sudo isula-build ctr-img build --build-arg foo=bar -f Dockerfile_arg +STEP 1: FROM busybox +Getting image source signatures +Copying blob sha256:8f52abd3da461b2c0c11fda7a1b53413f1a92320eb96525ddf92c0b5cde781ad +Copying config sha256:e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b +Writing manifest to image destinationStoring signatures +STEP 2: ARG foo +STEP 3: ADD ${foo}.txt . +STEP 4: RUN cat ${foo}.txt +This is bar file +Getting image source signatures +Copying blob sha256:6194458b07fcf01f1483d96cd6c34302ffff7f382bb151a6d023c4e80ba3050a +Copying blob sha256:6bb56e4a46f563b20542171b998cb4556af4745efc9516820eabee7a08b7b869 +Copying config sha256:39b62a3342eed40b41a1bcd9cd455d77466550dfa0f0109af7a708c3e895f9a2 +Writing manifest to image destination +Storing signatures +Build success with image id: 39b62a3342eed40b41a1bcd9cd455d77466550dfa0f0109af7a708c3e895f9a2 +``` + +**\--build-static** + +Specifies a static build. That is, when isula-build is used to build a container image, differences between all timestamps and other build factors (such as the container ID and hostname) are eliminated. Finally, a container image that meets the static requirements is built. + +When isula-build is used to build a container image, assume that a fixed timestamp is given to the build subcommand and the following conditions are met: + +- The build environment is consistent before and after the upgrade. +- The Dockerfile is consistent before and after the build. +- The intermediate data generated before and after the build is consistent. +- The build commands are the same. +- The versions of the third-party libraries are the same. + +For container image build, isula-build supports the same Dockerfile. If the build environments are the same, the image content and image ID generated in multiple builds are the same. + +–build-static supports the key-value pair option in the k=v format. Currently, the following options are supported: + +- build-time: string, which indicates the fixed timestamp for creating a static image. The value is in the format of YYYY-MM-DD HH-MM-SS. The timestamp affects the attribute of the file for creating and modifying the time at the diff layer. + + Example: + + ```sh + $ sudo isula-build ctr-img build -f Dockerfile --build-static='build-time=2020-05-23 10:55:33' . + ``` + + In this way, the container images and image IDs built in the same environment for multiple times are the same. + +**\--iidfile** + +Run the following command to output the ID of the built image to a file: + +``` +isula-build ctr-img build --iidfile filename +``` + +For example, to export the container image ID to the testfile file, run the following command: + + ```sh +$ sudo isula-build ctr-img build -f Dockerfile_arg --iidfile testfile + ``` + + Check the container image ID in the testfile file. + + ```sh +$ cat testfile +76cbeed38a8e716e22b68988a76410eaf83327963c3b29ff648296d5cd15ce7b + ``` + + + +**\-o, --output** + +Currently, -o and –output support the following formats: + +- `isulad:image:tag`: directly pushes the image that is successfully built to iSulad, for example, `-o isulad:busybox:latest`. Pay attention to the following restrictions: + + - isula-build and iSulad must be on the same node. + - The tag must be configured. + - On the isula-build client, you need to temporarily save the successfully built image as `/var/tmp/isula-build-tmp-%v.tar` and then import it to iSulad. Ensure that the `/var/tmp/` directory has sufficient disk space. + +- `docker-daemon:image:tag`: directly pushes the successfully built image to Docker daemon, for example, `-o docker-daemon:busybox:latest`. Pay attention to the following restrictions: +- isula-build and Docker must be on the same node. + - The tag must be configured. + +- `docker://registry.example.com/repository:tag`: directly pushes the successfully built image to the remote image repository, for example, `-o docker://localhost:5000/library/busybox:latest`. + +- `docker-archive:/:image:tag`: saves the successfully built image to the local host in Docker image format, for example, `-o docker-archive:/root/image.tar:busybox:latest`. + +In addition to flags, the build subcommand also supports an argument whose type is string and meaning is context, that is, the context of the Dockerfile build environment. The default value of this parameter is the current path where isula-build is executed. This path affects the path retrieved by the ADD and COPY commands of .dockerignore and Dockerfile. + +**\--proxy** + +Specifies whether the container started by the RUN command inherits the proxy-related environment variables http_proxy, https_proxy, ftp_proxy, no_proxy, HTTP_PROXY, HTTPS_PROXY, and FTP_PROXY. The default value of NO_PROXY is true. + +When a user configures proxy-related ARG or ENV in the Dockerfile, the inherited environment variables will be overwritten. + +Note: If the client and daemon are not running on the same terminal, the environment variables that can be inherited are the environment variables of the terminal where the daemon is located. + +**\--tag** + +Specifies the tag of the image stored on the local disk after the image is successfully built. + +**\--cap-add** + +Run the following command to add the permission required by the RUN command during the build process: + +``` +isula-build ctr-img build --cap-add ${CAP} +``` + +Example: + +```sh +$ sudo isula-build ctr-img build --cap-add CAP_SYS_ADMIN --cap-add CAP_SYS_PTRACE -f Dockerfile +``` + +> **Note:** +> +> - A maximum of 100 container images can be concurrently built. +> - isula-build supports Dockerfiles with a maximum size of 1 MiB. +> - isula-build supports the .dockerignore file with a maximum size of 1 MiB. +> - Ensure that only the current user has the read and write permissions on the Dockerfiles to prevent other users from tampering with the files. +> - During the build, the RUN command starts the container to build in the container. Currently, isula-build supports the host network only. +> - isula-build only supports the tar.gz compression format. +> - isula-build commits once after each image build stage is complete, instead of each time a Dockerfile line is executed. +> - isula-build does not support cache build. +> - isula-build starts the build container only when the RUN command is built. +> - Currently, the history function of Docker images is not supported. +> - The stage name can start with a digit. +> - The stage name can contain a maximum of 64 characters. +> - isula-build does not support resource restriction on a single Dockerfile build. If resource restriction is required, you can configure a resource limit on the isula-builder. +> - Currently, isula-build does not support a remote URL as the data source of the ADD command in the Dockerfile. + + + +### image: Viewing Local Persistent Build Images + +You can run the images command to view the images in the local persistent storage. + +```sh +$ sudo isula-build ctr-img images +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +localhost:5000/library/alpine latest a24bb4013296 2020-20-19 19:59:197 5.85 MB + 39b62a3342ee 2020-20-38 38:66:387 1.45 MB +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +``` + +**Note**: The image size displayed by running the `isula-build ctr-img images` command may be different from that displayed by running the `docker images` command. When calculating the image size, isula-build directly calculates the total size of .tar packages at each layer, while Docker calculates the total size of files by decompressing the .tar package and traversing the diff directory. Therefore, the statistics are different. + + + +### import: Importing a Basic Container Image + +openEuler releases a basic container image, for example, openEuler-docker.x86_64.tar.xz, with the version. You can run the `ctr-img import` command to import the image to isula-build. + +The command is as follows: + +``` +isula-build ctr-img import [flags] +``` + +Example: + +```sh +$ sudo isula-build ctr-img import ./openEuler-docker.x86_64.tar.xz openeuler:20.03 +Import success with image id: 7317851cd2ab33263eb293f68efee9d724780251e4e92c0fb76bf5d3c5585e37 +$ sudo isula-build ctr-img images +---------------------------------------------- -------------------- ----------------- ------------------------ ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +---------------------------------------------- -------------------- ----------------- ------------------------ ------------ +openeuler 20.03 7317851cd2ab 2020-08-01 06:25:34 500 MB +---------------------------------------------- -------------------- ----------------- ------------------------ ------------ +``` + +>![](public_sys-resources/icon-note.gif) **Note** +>isula-build supports the import of container basic images with a maximum size of 1 GiB. + + + +### load: Importing Cascade Images + +Cascade images are images that are saved to the local computer by running the docker save or isula-build ctr-img save command. The compressed image package contains a layer-by-layer image package named layer.tar. You can run the ctr-img load command to import the image to isula-build. + +The command is as follows: + +``` +isula-build ctr-img load [flags] +``` + +Currently, the following flags are supported: + +- -i, --input: path of the local .tar package. + +Example: + +```sh +$ sudo isula-build ctr-img load -i ubuntu.tarGetting image source signatures +Copying blob sha256:cf612f747e0fbcc1674f88712b7bc1cd8b91cf0be8f9e9771235169f139d507c +Copying blob sha256:f934e33a54a60630267df295a5c232ceb15b2938ebb0476364192b1537449093 +Copying blob sha256:943edb549a8300092a714190dfe633341c0ffb483784c4fdfe884b9019f6a0b4 +Copying blob sha256:e7ebc6e16708285bee3917ae12bf8d172ee0d7684a7830751ab9a1c070e7a125 +Copying blob sha256:bf6751561805be7d07d66f6acb2a33e99cf0cc0a20f5fd5d94a3c7f8ae55c2a1 +Copying blob sha256:c1bd37d01c89de343d68867518b1155cb297d8e03942066ecb44ae8f46b608a3 +Copying blob sha256:a84e57b779297b72428fc7308e63d13b4df99140f78565be92fc9dbe03fc6e69 +Copying blob sha256:14dd68f4c7e23d6a2363c2320747ab88986dfd43ba0489d139eeac3ac75323b2 +Copying blob sha256:a2092d776649ea2301f60265f378a02405539a2a68093b2612792cc65d00d161 +Copying blob sha256:879119e879f682c04d0784c9ae7bc6f421e206b95d20b32ce1cb8a49bfdef202 +Copying blob sha256:e615448af51b848ecec00caeaffd1e30e8bf5cffd464747d159f80e346b7a150 +Copying blob sha256:f610bd1e9ac6aa9326d61713d552eeefef47d2bd49fc16140aa9bf3db38c30a4 +Copying blob sha256:bfe0a1336d031bf5ff3ce381e354be7b2bf310574cc0cd1949ad94dda020cd27 +Copying blob sha256:f0f15db85788c1260c6aa8ad225823f45c89700781c4c793361ac5fa58d204c7 +Copying config sha256:c07ddb44daa97e9e8d2d68316b296cc9343ab5f3d2babc5e6e03b80cd580478e +Writing manifest to image destination +Storing signatures +Loaded image as c07ddb44daa97e9e8d2d68316b296cc9343ab5f3d2babc5e6e03b80cd580478e +``` + +>![](public_sys-resources/icon-note.gif) **Note:** +> +>The - isula-build load command can only be used to import a compressed image file that contains a single cascade image. +> +>- isula-build allows you to import a container image with a maximum size of 50 GB. + + + +### rm: Deleting a Local Persistent Image + +You can run the rm command to delete an image from the local persistent storage. The command is as follows: + +``` +isula-build ctr-img rm IMAGE [IMAGE...] [FLAGS] +``` + +Currently, the following flags are supported: + +- -a, –all: deletes all images stored locally. +- -p, –prune: deletes all images that are stored locally and do not have tags. + +Example: + +```sh +$ sudo isula-build ctr-img rm -p +Deleted: sha256:78731c1dde25361f539555edaf8f0b24132085b7cab6ecb90de63d72fa00c01d +Deleted: sha256:eeba1bfe9fca569a894d525ed291bdaef389d28a88c288914c1a9db7261ad12c +``` + + + +### save: Exporting Cascade Images + +You can run the save command to export the cascade images to the local disk. The command is as follows: + +``` +isula-build ctr-img save [REPOSITORY:TAG]|imageID -o xx.tar +``` + +The following example shows how to export an image in `image/tag` format: + +```sh +$ sudo isula-build ctr-img save busybox:latest -o busybox.tar +Getting image source signatures +Copying blob sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a +Copying blob sha256:824082a6864774d5527bda0d3c7ebd5ddc349daadf2aa8f5f305b7a2e439806f +Copying blob sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef +Copying config sha256:21c3e96ac411242a0e876af269c0cbe9d071626bdfb7cc79bfa2ddb9f7a82db6 +Writing manifest to image destination +Storing signatures +Save success with image: busybox:latest +``` + +The following example shows how to export an image in `ImageID` format: + +```sh +$ sudo isula-build ctr-img save 21c3e96ac411 -o busybox.tar +Getting image source signatures +Copying blob sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a +Copying blob sha256:824082a6864774d5527bda0d3c7ebd5ddc349daadf2aa8f5f305b7a2e439806f +Copying blob sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef +Copying config sha256:21c3e96ac411242a0e876af269c0cbe9d071626bdfb7cc79bfa2ddb9f7a82db6 +Writing manifest to image destination +Storing signatures +Save success with image: 21c3e96ac411 +``` + + + +### tag: Tagging Local Persistent Images + +You can run the tag command to add a tag to a local persistent container image. The command is as follows: + +``` +isula-build ctr-img tag / busybox:latest +``` + +Example: + +```sh +$ sudo isula-build ctr-img images +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +$ sudo isula-build ctr-img tag a24bb4013296 alpine:v1 +$ sudo isula-build ctr-img images +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB +alpine v1 a24bb4013296 2020-05-29 21:19:46 5.85 MB +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +``` + + + +## info: Viewing the Operating Environment and System Information + +You can run the isula-build info command to view the running environment and system information of isula-build. The command is as follows: + +``` + isula-build info [flags] +``` + +The following flags are supported: + +- -H, –human-readable: Boolean. The memory information is printed in the common memory format. The value is 1000 power. + +Example: + +```sh +$ sudo isula-build info -H + General: + MemTotal: 7.63 GB + MemFree: 757 MB + SwapTotal: 8.3 GB + SwapFree: 8.25 GB + OCI Runtime: runc + DataRoot: /var/lib/isula-build/ + RunRoot: /var/run/isula-build/ + Builders: 0 + Goroutines: 12 + Store: + Storage Driver: overlay + Backing Filesystem: extfs + Registry: + Search Registries: + oepkgs.net + Insecure Registries: + localhost:5000 + oepkgs.net +``` + +## login: Logging In to the Remote Image Repository + +You can run the login command to log in to the remote image repository. The command is as follows: + +``` + isula-build login SERVER [FLAGS] +``` + +Currently, the following flags are supported: + +``` + Flags: + -p, --password-stdin Read password from stdin + -u, --username string Username to access registry +``` + +Enter the password through stdin. In the following example, the password in creds.txt is transferred to the stdin of isula-build through a pipe for input. + +```sh + $ cat creds.txt | sudo isula-build login -u cooper -p mydockerhub.io + Login Succeeded +``` + +Enter the password in interactive mode. + +```sh + $ sudo isula-build login mydockerhub.io -u cooper + Password: + Login Succeeded +``` + +## logout: Logging Out of the Remote Image Repository + +You can run the logout command to log out of the remote image repository. The command is as follows: + +``` + isula-build logout [SERVER] [FLAGS] +``` + +Currently, the following flags are supported: + +``` + Flags: + -a, --all Logout all registries +``` + +Example: + +```sh + $ sudo isula-build logout -a + Removed authentications +``` + +## version: Querying the isula-build Version + +You can run the version command to view the current version information. + +```sh + $ sudo isula-build version + Client: + Version: 0.9.2 + Go Version: go1.13.3 + Git Commit: ccb2a13 + Built: Sat Aug 22 08:06:47 2020 + OS/Arch: linux/amd64 + + Server: + Version: 0.9.2 + Go Version: go1.13.3 + Git Commit: ccb2a13 + Built: Sat Aug 22 08:06:47 2020 + OS/Arch: linux/amd64 +``` + + +# Directly Integrating a Container Engine + +isula-build can be integrated with iSulad or Docker to import the built container image to the local storage of the container engine. + +## Integration with iSulad + +Images that are successfully built can be directly exported to the iSulad. + +Example: + +```sh +$ sudo isula-build ctr-img build -f Dockerfile -o isulad:busybox:2.0 +``` + +Specify iSulad in the -o parameter to export the built container image to iSulad. You can query the image using isula images. + +```sh +$ sudo isula images +isula images +REPOSITORY TAG IMAGE ID CREATED SIZE +busybox 2.0 2d414a5cad6d 2020-08-01 06:41:36 5.577 MB +``` + +>![](public_sys-resources/icon-note.gif) **Note:** +> - It is required that isula-build and iSulad be on the same node. +> - When an image is directly exported to the iSulad, the isula-build client needs to temporarily store the successfully built image as `/var/tmp/isula-build-tmp-%v.tar` and then import it to the iSulad. Ensure that the /var/tmp/ directory has sufficient disk space. If the isula-build client process is killed or Ctrl+C is pressed during the export, you need to manually clear the `/var/tmp/isula-build-tmp-%v.tar` file. + +## Integration with Docker + +Images that are successfully built can be directly exported to the Docker daemon. + +Example: + +```sh +$ sudo isula-build ctr-img build -f Dockerfile -o docker-daemon:busybox:2.0 +``` + +Specify docker-daemon in the -o parameter to export the built container image to Docker. You can run the docker images command to query the image. + +```sh +$ sudo docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +busybox 2.0 2d414a5cad6d 2 months ago 5.22MB +``` + +>![](public_sys-resources/icon-note.gif) **Note:** +> +> - The isula-build and Docker must be on the same node. + +# Appendix + + +## Command Line Parameters + +**Table 1** Parameters in the ctr-img build command + +| **Command** | **Parameter** | **Description** | +| ------------- | -------------- | ------------------------------------------------------------ | +| ctr-img build | --build-arg | String list, which contains variables required during the build. | +| | --build-static | Key value, which is used to build binary equivalence. Currently, the following key values are included: - build-time: string, which indicates that a fixed timestamp is used to build a container image. The timestamp format is YYYY-MM-DD HH-MM-SS. | +| | -f, --filename | String, which indicates the path of the Dockerfiles. If this parameter is not specified, the current path is used. | +| | --iidfile | String, which indicates the ID of the image output to a local file. | +| | -o, --output | String, which indicates the image export mode and path.| +| | --proxy | Boolean, which inherits the proxy environment variable on the host. The default value is true. | +| | --tag | String, which indicates the tag value of the image that is successfully built. | +| | --cap-add | String list, which contains permissions required by the RUN command during the build process.| + +**Table 2** Parameters in the ctr-img load command + +| **Command** | **Parameter** | **Description** | +| ------------ | ----------- | --------------------------------- | +| ctr-img load | -i, --input | String, Path of the local .tar package to be imported| + +**Table 3** Parameters in the ctr-img rm command + +| **Command** | **Parameter** | **Description** | +| ---------- | ----------- | --------------------------------------------- | +| ctr-img rm | -a, --all | Boolean, which is used to delete all local persistent images. | +| | -p, --prune | Boolean, which is used to delete all images that are stored persistently on the local host and do not have tags. | + +**Table 4** Parameters in the ctr-img save command + +| **Command** | **Parameter** | **Description** | +| ------------ | ------------ | ---------------------------------- | +| ctr-img save | -o, --output | String, which indicates the local path for storing the exported images.| + +**Table 5** Parameters in the login command + +| **Command** | **Parameter** | **Description** | +| -------- | -------------------- | ------------------------------------------------------- | +| login | -p, --password-stdin | Boolean, which indicates whether to read the password through stdin. or enter the password in interactive mode. | +| | -u, --username | String, which indicates the username for logging in to the image repository.| + +**Table 6** Parameters in the logout command + +| **Command** | **Parameter** | **Description** | +| -------- | --------- | ------------------------------------ | +| logout | -a, --all | Boolean, which indicates whether to log out of all logged-in image repositories. | + +## Communication Matrix + +The isula-build component processes communicate with each other through the Unix socket file. No port is used for communication. + +## File and Permission + +- All isula-build operations must be performed by the root user. + +- The following table lists the file permissions involved in the running of isula-build. + +| **File Path** | **File/Folder Permission** | **Description** | +| ------------------------------------------- | ------------------- | ------------------------------------------------------------ | +| /usr/bin/isula-build | 550 | Binary file of the command line tool. | +| /usr/bin/isula-builder | 550 | Binary file of the isula-builder process on the server. | +| /usr/lib/systemd/system/isula-build.service | 640 | systemd configuration file, which is used to manage the isula-build service. | +| /etc/isula-build/configuration.toml | 600 | General isula-builder configuration file, which sets the isula-builder log level, persistency directory, runtime directory, and OCI runtime. | +| /etc/isula-build/policy.json | 600 | Syntax file of the signature verification policy file. | +| /etc/isula-build/registries.toml | 600 | Configuration file of each image repository, including the available image repository list and image repository blacklist. | +| /etc/isula-build/storage.toml | 600 | Configuration file for local persistent storage, including the configuration of the used storage driver. | +| /var/run/isula_build.sock | 600 | Local socket of isula-builder. | +| /var/lib/isula-build | 700 | Local persistency directory. | +| /var/run/isula-build | 700 | Local runtime directory. | +| /var/tmp/isula-build-tmp-*.tar | 600 | Local directory for temporarily storing the images when they are exported to the iSulad. | + + diff --git a/content/en/docs/Container/isulad-container-engine.md b/docs/en/docs/Container/isulad-container-engine.md similarity index 93% rename from content/en/docs/Container/isulad-container-engine.md rename to docs/en/docs/Container/isulad-container-engine.md index 5e5299c966d38474dfd602f0b4f100388a2609ba..54cd5ca2112776a9d584b4eb2e5132607a5dd743 100644 --- a/content/en/docs/Container/isulad-container-engine.md +++ b/docs/en/docs/Container/isulad-container-engine.md @@ -8,5 +8,5 @@ Compared with Docker, iSulad is a new container solution with a unified architec **Figure 1** Unified container architecture -![](figures/en-us_image_0183048952.png) +![](./figures/en-us_image_0183048952.png) diff --git a/content/en/docs/Container/managing-the-lifecycle-of-a-secure-container.md b/docs/en/docs/Container/managing-the-lifecycle-of-a-secure-container.md similarity index 97% rename from content/en/docs/Container/managing-the-lifecycle-of-a-secure-container.md rename to docs/en/docs/Container/managing-the-lifecycle-of-a-secure-container.md index d6a2cb3265d314e699a7a3cb198f033657724011..c16a2ee9a8a087af3d2b3643aba0a162d85f8b2a 100644 --- a/content/en/docs/Container/managing-the-lifecycle-of-a-secure-container.md +++ b/docs/en/docs/Container/managing-the-lifecycle-of-a-secure-container.md @@ -36,7 +36,7 @@ To start a secure container, perform the following steps: isula run -tid --runtime kata-runtime --network none busybox ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The secure container supports the CNI network only and does not support the CNM network. The **-p** and **--expose** options cannot be used to expose container ports. When using a secure container, you need to specify the **--net=none** option. 4. Start a pod. @@ -101,7 +101,7 @@ The pause container functions only as a placeholder container. Therefore, if you docker exec -ti ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >1. If the preceding command has no response because another host runs the **docker restart** or **docker stop** command to access the same container, you can press **Ctrl**+**P**+**Q** to exit the operation. >2. If the **-d** option is used, the command is executed in the background and no error information is displayed. The exit code cannot be used to determine whether the command is executed correctly. diff --git a/content/en/docs/Container/maximum-number-of-handles.md b/docs/en/docs/Container/maximum-number-of-handles.md similarity index 100% rename from content/en/docs/Container/maximum-number-of-handles.md rename to docs/en/docs/Container/maximum-number-of-handles.md diff --git a/content/en/docs/Container/monitoring-secure-containers.md b/docs/en/docs/Container/monitoring-secure-containers.md similarity index 100% rename from content/en/docs/Container/monitoring-secure-containers.md rename to docs/en/docs/Container/monitoring-secure-containers.md diff --git a/content/en/docs/Container/privileged-container.md b/docs/en/docs/Container/privileged-container.md similarity index 100% rename from content/en/docs/Container/privileged-container.md rename to docs/en/docs/Container/privileged-container.md diff --git a/content/en/docs/Container/public_sys-resources/icon-caution.gif b/docs/en/docs/Container/public_sys-resources/icon-caution.gif similarity index 100% rename from content/en/docs/Container/public_sys-resources/icon-caution.gif rename to docs/en/docs/Container/public_sys-resources/icon-caution.gif diff --git a/content/en/docs/Container/public_sys-resources/icon-danger.gif b/docs/en/docs/Container/public_sys-resources/icon-danger.gif similarity index 100% rename from content/en/docs/Container/public_sys-resources/icon-danger.gif rename to docs/en/docs/Container/public_sys-resources/icon-danger.gif diff --git a/content/en/docs/Container/public_sys-resources/icon-note.gif b/docs/en/docs/Container/public_sys-resources/icon-note.gif similarity index 100% rename from content/en/docs/Container/public_sys-resources/icon-note.gif rename to docs/en/docs/Container/public_sys-resources/icon-note.gif diff --git a/content/en/docs/Container/public_sys-resources/icon-notice.gif b/docs/en/docs/Container/public_sys-resources/icon-notice.gif similarity index 100% rename from content/en/docs/Container/public_sys-resources/icon-notice.gif rename to docs/en/docs/Container/public_sys-resources/icon-notice.gif diff --git a/content/en/docs/Container/public_sys-resources/icon-tip.gif b/docs/en/docs/Container/public_sys-resources/icon-tip.gif similarity index 100% rename from content/en/docs/Container/public_sys-resources/icon-tip.gif rename to docs/en/docs/Container/public_sys-resources/icon-tip.gif diff --git a/content/en/docs/Container/public_sys-resources/icon-warning.gif b/docs/en/docs/Container/public_sys-resources/icon-warning.gif similarity index 100% rename from content/en/docs/Container/public_sys-resources/icon-warning.gif rename to docs/en/docs/Container/public_sys-resources/icon-warning.gif diff --git a/content/en/docs/Container/querying-information.md b/docs/en/docs/Container/querying-information.md similarity index 100% rename from content/en/docs/Container/querying-information.md rename to docs/en/docs/Container/querying-information.md diff --git a/content/en/docs/Container/reboot-or-shutdown-in-a-container.md b/docs/en/docs/Container/reboot-or-shutdown-in-a-container.md similarity index 100% rename from content/en/docs/Container/reboot-or-shutdown-in-a-container.md rename to docs/en/docs/Container/reboot-or-shutdown-in-a-container.md diff --git a/content/en/docs/Container/secure-container.md b/docs/en/docs/Container/secure-container.md similarity index 90% rename from content/en/docs/Container/secure-container.md rename to docs/en/docs/Container/secure-container.md index 5f5e7b51446f18fc11dd1fc025e6cef8d8467c36..0be359e1b7e5c03ad5503c059141f3131c203050 100644 --- a/content/en/docs/Container/secure-container.md +++ b/docs/en/docs/Container/secure-container.md @@ -12,7 +12,7 @@ Secure containers are isolated by the virtualization layers. Containers on the s **Figure 1** Secure container architecture -![](figures/安全容器框架1.png) +![](./figures/sec-container.png) Secure containers are closely related to the concept of pod in Kubernetes. Kubernetes is the open-source ecosystem standard for the container scheduling management platform. It defines a group of container runtime interfaces \(CRIs\). @@ -25,5 +25,5 @@ In a secure container, you can start a single container or start a pod. [Figure 2](#fig17734185518269) shows the relationship between the secure container and peripheral components. **Figure 2** Relationship between the secure container and peripheral components -![](figures/relationship-between-the-secure-container-and-peripheral-components.png "relationship-between-the-secure-container-and-peripheral-components") +![](./figures/relationship-between-the-secure-container-and-peripheral-components.png "relationship-between-the-secure-container-and-peripheral-components") diff --git a/content/en/docs/Container/security-and-isolation.md b/docs/en/docs/Container/security-and-isolation.md similarity index 99% rename from content/en/docs/Container/security-and-isolation.md rename to docs/en/docs/Container/security-and-isolation.md index ad8608788471782846e03fca5bc8336732c8caf1..ada1aada90a1c37d05acf92751d5ed5c0f461eb8 100644 --- a/content/en/docs/Container/security-and-isolation.md +++ b/docs/en/docs/Container/security-and-isolation.md @@ -49,7 +49,7 @@ In system containers, you can configure the **--user-remap** API parameter to ### Usage Guide ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Before specifying the **--user-remap** parameter, configure an offset value for UIDs and GIDs of all directories and files in rootfs. The offset value should be equal to that for _uid_ and _gid_ in **--user-remap**. >For example, run the following command to offset UIDs and GIDs of all files in the **dev** directory with 100000: >chown 100000:100000 dev @@ -187,7 +187,7 @@ You can configure the startup parameters of the iSulad container engine to speci - Alice can perform any container operations: **\{"name":"policy\_5","users":\["alice"\],"actions":\["container"\]\}** - Alice can perform any container operations, but the request type can only be **get**: **\{"name":"policy\_5","users":\["alice"\],"actions":\["container"\], "readonly":true\}** - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >- **action** indicates that regular expressions are supported. >- **users** indicates that regular expressions are not supported. >- Users configured in **users** must be unique. That is, a user cannot match multiple rules. diff --git a/content/en/docs/Container/security-features.md b/docs/en/docs/Container/security-features.md similarity index 98% rename from content/en/docs/Container/security-features.md rename to docs/en/docs/Container/security-features.md index 09eab1a3e499c34b36687f3d232d9a9ad0833839..667f89a14a263b34ef6ce9ca001524cd907fe09b 100644 --- a/content/en/docs/Container/security-features.md +++ b/docs/en/docs/Container/security-features.md @@ -47,7 +47,7 @@ Use **--security-opt** to transfer the configuration file to the container whe isula run -itd --security-opt seccomp=/path/to/seccomp/profile.json rnd-dockerhub.huawei.com/official/busybox ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >1. When the configuration file is transferred to the container by using **--security-opt** during container creation, the default configuration file \(**/etc/isulad/seccomp\_default.json**\) is used. >2. When **--security-opt** is set to **unconfined** during container creation, system calls are not filtered for the container. >3. **/path/to/seccomp/profile.json** must be an absolute path. @@ -133,7 +133,7 @@ The configuration file template is as follows: } ``` ->![](public_sys-resources/icon-notice.gif) **NOTICE:** +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** >- **defaultAction** and **syscalls**: The types of their corresponding actions are the same, but their values must be different. The purpose is to ensure that each syscall has a default action. Clear definitions in the syscall array shall prevail. As long as the values of **defaultAction** and **action** are different, no action conflicts will occur. The following actions are supported: > **SCMP\_ACT\_ERRNO**: forbids calling syscalls and displays error information. > **SCMP\_ACT\_ALLOW**: allows calling syscalls. @@ -217,7 +217,7 @@ Security-Enhanced Linux \(SELinux\) is a Linux kernel security module that provi - The introduction of SELinux affects the performance. Therefore, evaluate the scenario before setting SELinux. Enable the SELinux function for the daemon and set the SELinux configuration in the container only when necessary. - When you configure labels for a mounted volume, the source directory cannot be a subdirectory of **/**, **/usr**, **/etc**, **/tmp**, **/home**, **/run**, **/var**, **/root**, or **/usr**. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- iSulad does not support labeling the container file system. To ensure that the container file system and configuration directory are labeled with the container access permission, run the **chcon** command to label them. >- If SELinux access control is enabled for iSulad, you are advised to add a label to the **/var/lib/isulad** directory before starting daemon. Files and folders generated in the directory during container creation inherit the label by default. For example: > ``` diff --git a/content/en/docs/Container/shared-memory-channels.md b/docs/en/docs/Container/shared-memory-channels.md similarity index 99% rename from content/en/docs/Container/shared-memory-channels.md rename to docs/en/docs/Container/shared-memory-channels.md index b82de5bda7d032e6e7545a7ea4f9391ca77be228..f00335a8fe96cb4b9e08c181566800601a15d63a 100644 --- a/content/en/docs/Container/shared-memory-channels.md +++ b/docs/en/docs/Container/shared-memory-channels.md @@ -52,7 +52,7 @@ dd: error writing '/testdir/test.file': No space left on device 33554432 bytes (34 MB, 32 MiB) copied, 0.0766899 s, 438 MB/s ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- If **--host-channel** is used for size limit, the file size is constrained by the memory limit in the container. \(The OOM error may occur when the memory usage reaches the upper limit.\) >- If a user creates a shared file on the host, the file size is not constrained by the memory limit in the container. >- If you need to create a shared file in the container and the service is memory-intensive, you can add the value of **--host-channel** to the original value of the container memory limit, eliminating the impact. diff --git a/content/en/docs/Container/specifying-rootfs-to-create-a-container.md b/docs/en/docs/Container/specifying-rootfs-to-create-a-container.md similarity index 98% rename from content/en/docs/Container/specifying-rootfs-to-create-a-container.md rename to docs/en/docs/Container/specifying-rootfs-to-create-a-container.md index ada346f99c309b483c72ccc808132126159ca8e8..8b0763f4d276fbf56c952c00acc251abbf1160ac 100644 --- a/content/en/docs/Container/specifying-rootfs-to-create-a-container.md +++ b/docs/en/docs/Container/specifying-rootfs-to-create-a-container.md @@ -44,6 +44,6 @@ If the local rootfs path is **/root/myrootfs**, run the following command to st # isula run -tid --system-container --external-rootfs /root/myrootfs none init ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Rootfs is a user-defined file system. Prepare it by yourself. For example, a rootfs is generated after the TAR package of container images is decompressed. diff --git a/content/en/docs/Container/statistics.md b/docs/en/docs/Container/statistics.md similarity index 100% rename from content/en/docs/Container/statistics.md rename to docs/en/docs/Container/statistics.md diff --git a/content/en/docs/Container/supporting-oci-hooks.md b/docs/en/docs/Container/supporting-oci-hooks.md similarity index 100% rename from content/en/docs/Container/supporting-oci-hooks.md rename to docs/en/docs/Container/supporting-oci-hooks.md diff --git a/content/en/docs/Container/system-container.md b/docs/en/docs/Container/system-container.md similarity index 100% rename from content/en/docs/Container/system-container.md rename to docs/en/docs/Container/system-container.md diff --git a/content/en/docs/Container/uninstallation.md b/docs/en/docs/Container/uninstallation.md similarity index 100% rename from content/en/docs/Container/uninstallation.md rename to docs/en/docs/Container/uninstallation.md diff --git a/content/en/docs/Container/upgrade-methods.md b/docs/en/docs/Container/upgrade-methods.md similarity index 95% rename from content/en/docs/Container/upgrade-methods.md rename to docs/en/docs/Container/upgrade-methods.md index 31e8df2eeb06351021eb2036e056d338fe9f4cf4..5294263ed82402538f59fb9cfe43f950e9b367e8 100644 --- a/content/en/docs/Container/upgrade-methods.md +++ b/docs/en/docs/Container/upgrade-methods.md @@ -8,7 +8,7 @@ - For an upgrade between major versions, for example, upgrading 1.x.x to 2.x.x, save the current configuration file **/etc/isulad/daemon.json**, uninstall the existing iSulad software package, install the iSulad software package to be upgraded, and restore the configuration file. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- You can run the **sudo rpm -qa |grep iSulad** or **isula version** command to check the iSulad version. >- If you want to manually perform upgrade between patch versions of a major version, run the following command to download the RPM packages of iSulad and all its dependent libraries: > ``` diff --git a/content/en/docs/Container/usage-guide.md b/docs/en/docs/Container/usage-guide.md similarity index 100% rename from content/en/docs/Container/usage-guide.md rename to docs/en/docs/Container/usage-guide.md diff --git a/content/en/docs/Container/using-systemd-to-start-a-container.md b/docs/en/docs/Container/using-systemd-to-start-a-container.md similarity index 100% rename from content/en/docs/Container/using-systemd-to-start-a-container.md rename to docs/en/docs/Container/using-systemd-to-start-a-container.md diff --git a/content/en/docs/Container/writable-namespace-kernel-parameters.md b/docs/en/docs/Container/writable-namespace-kernel-parameters.md similarity index 100% rename from content/en/docs/Container/writable-namespace-kernel-parameters.md rename to docs/en/docs/Container/writable-namespace-kernel-parameters.md diff --git a/docs/en/docs/Installation/FAQ1.md b/docs/en/docs/Installation/FAQ1.md new file mode 100644 index 0000000000000000000000000000000000000000..9f065f6c2b1f9e7d18c90b3f8f76f04fa50a2ee4 --- /dev/null +++ b/docs/en/docs/Installation/FAQ1.md @@ -0,0 +1,26 @@ +# FAQ + + +- [FAQ](#faq) + - [Failing to Start the Raspberry Pi](#树莓派启动失败) + - [Symptom](#问题现象) + - [Cause Analysis](#原因分析) + - [Solution](#解决方法) + + +## Failing to Start the Raspberry Pi + +### Symptom + +After the Raspberry Pi image released by the openEuler is written to the SD card, the Raspberry Pi fails to be started. + +### Cause Analysis + +The possible causes are as follows: + +1. The downloaded image file is incomplete. To avoid this problem, ensure that the image passes the integrity verification. +2. An error occurs when the image is written to the SD card. In most cases, the error occurs when the image is written to the SD card in the Windows environment using the application software. + +### Solution + +Re-write the complete image to the SD card. \ No newline at end of file diff --git a/docs/en/docs/Installation/Installation-Guide1.md b/docs/en/docs/Installation/Installation-Guide1.md new file mode 100644 index 0000000000000000000000000000000000000000..fb04710969679e2d92578dfcfbf9ce32373c4226 --- /dev/null +++ b/docs/en/docs/Installation/Installation-Guide1.md @@ -0,0 +1,188 @@ +# Installation Guide + +This section describes how to enable the Raspberry Pi function after [Writing Raspberry Pi Images into the SD card](./安装方式介绍-1.html). + + +- [Installation Guide](#安装指导) + - [Starting the System](#启动系统) + - [Logging in to the System](#启动系统) + - [Configuring the System](#启动系统) + - [Expanding the Root Directory Partition](#扩展根目录分区) + - [Connecting to the Wi-Fi Network](#连接-wifi) + + +## Starting the System + +After an image is written into the SD card, insert the SD card into the Raspberry Pi and power on the SD card. + +For details about the Raspberry Pi hardware, visit the [Raspberry Pi official website](https://www.raspberrypi.org/). + +## Logging in to the System + +You can log in to the Raspberry Pi in either of the following ways: + +1. Local login + + Connect the Raspberry Pi to the monitor (the Raspberry Pi video output interface is Micro HDMI), keyboard, and mouse, and start the Raspberry Pi. The Raspberry Pi startup log is displayed on the monitor. After Raspberry Pi is started, enter the user name **root** and password **openeuler** to log in. + +2. SSH remote login + + By default, the Raspberry Pi uses the DHCP mode to automatically obtain the IP address. If the Raspberry Pi is connected to a known router, you can log in to the router to check the IP address. The new IP address is the Raspberry Pi IP address. + + **Figure 1** Obtain the IP address + ![](./figures/Obtain the IP address) + + According to the preceding figure, the IP address of the Raspberry Pi is **192.168.31.109**. You can run the `ssh root@192.168.1.109` command and enter the password `openeuler` to remotely log in to the Raspberry Pi. + +## Configuring the System + +### Expanding the Root Directory Partition + +The space of the default root directory partition is small. Therefore, you need to expand the partition capacity before using it. + +To expand the root directory partition capacity, perform the following procedure: + +1. Run the `fdisk -l` command as the root user to check the drive partition information. The command output is as follows: + + ``` + # fdisk -l + Disk /dev/mmcblk0: 14.86 GiB, 15931539456 bytes, 31116288 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0xf2dc3842 + + Device Boot Start End Sectors Size Id Type + /dev/mmcblk0p1 * 8192 593919 585728 286M c W95 FAT32 (LBA) + /dev/mmcblk0p2 593920 1593343 999424 488M 82 Linux swap / Solaris + /dev/mmcblk0p3 1593344 5044223 3450880 1.7G 83 Linux + ``` + + The drive letter of the SD card is **/dev/mmcblk0**, which contains three partitions: + + - **/dev/mmcblk0p1**: boot partition + - **/dev/mmcblk0p2**: swap partition + - **/dev/mmcblk0p3**: root directory partition + + Here, we need to expand the capacity of `/dev/mmcblk0p3`. + +2. Run the `fdisk /dev/mmcblk0` command as the root user and the interactive command line interface (CLI) is displayed. To expand the partition capacity, perform the following procedure as shown in [Figure 2](#zh-cn_topic_0151920806_f6ff7658b349942ea87f4521c0256c315). + + 1. Enter `p` to check the partition information. + + Record the start sector number of `/dev/mmcblk0p3`. That is, the value in the `Start` column of the `/dev/mmcblk0p3` information. In the example, the start sector number is `1593344`. + + 2. Enter `d` to delete the partition. + + 3. Enter `3` or press `Enter` to delete the partition whose number is `3`. That is, the `/dev/mmcblk0p3`. + + 4. Enter `n` to create a partition. + + 5. Enter `p` or press `Enter` to create a partition of the `Primary` type. + + 6. Enter `3` or press `Enter` to create a partition whose number is `3`. That is, the `/dev/mmcblk0p3`. + + 7. Enter the start sector number of the new partition. That is, the start sector number recorded in Step `1`. In the example, the start sector number is `1593344`. + + > ![](./public_sys-resources/icon-notice.gif) **NOTE:** +Do not press **Enter** or use the default parameters. + + 8. Press `Enter` to use the last sector number by default as the end sector number of the new partition. + + 9. Enter `N` without changing the sector ID. + + 10. Enter `w` to save the partition settings and exit the interactive CLI. + + **Figure 2** Expand the partition capacity +![](./figures/Expand the partition capacity) + +3. Run the `fdisk -l` command as the root user to check the drive partition information and ensure that the drive partition is correct. The command output is as follows: + + ``` + # fdisk -l + Disk /dev/mmcblk0: 14.86 GiB, 15931539456 bytes, 31116288 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0xf2dc3842 + + Device Boot Start End Sectors Size Id Type + /dev/mmcblk0p1 * 8192 593919 585728 286M c W95 FAT32 (LBA) + /dev/mmcblk0p2 593920 1593343 999424 488M 82 Linux swap / Solaris + /dev/mmcblk0p3 1593344 31116287 29522944 14.1G 83 Linux + ``` + +4. Run the `resize2fs /dev/mmcblk0p3` command as the root user to increase the size of the unloaded file system. + +5. Run the `df -lh` command to check the drive space information and ensure that the root directory partition has been expanded. + + > ![](./public_sys-resources/icon-notice.gif) **NOTE:** +If the root directory partition is not expanded, run the `reboot` command to restart the Raspberry Pi and then run the `resize2fs /dev/mmcblk0p3` command as the root user. + +### Connecting to the Wi-Fi Network + +To connect to the Wi-Fi network, perform the following procedure: + +1. Check the IP address and network adapter information. + + `ip a` + + Obtain information about the wireless network adapter **wlan0**: + + ``` + 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever + 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 + link/ether dc:a6:32:50:de:57 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.109/24 brd 192.168.31.255 scope global dynamic noprefixroute eth0 + valid_lft 41570sec preferred_lft 41570sec + inet6 fe80::cd39:a969:e647:3043/64 scope link noprefixroute + valid_lft forever preferred_lft forever + 3: wlan0: mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 + link/ether e2:e6:99:89:47:0c brd ff:ff:ff:ff:ff:ff + ``` + +2. Scan information about available Wi-Fi networks. + + `nmcli dev wifi` + +3. Connect to the Wi-Fi network. + + Run the `nmcli dev wifi connect SSID password PWD` command as the root user to connect to the Wi-Fi network. + + In the command, `SSID` indicates the SSID of the available Wi-Fi network scanned in the preceding step, and `PWD` indicates the password of the Wi-Fi network. For example, if the `SSID` is `openEuler-wifi`and the password is `12345678`, the command for connecting to the Wi-Fi network is `nmcli dev wifi connect openEuler-wifi password 12345678`. The connection is successful. + + ``` + Device 'wlan0' successfully activated with '26becaab-4adc-4c8e-9bf0-1d63cf5fa3f1'. + ``` + +4. Check the IP address and wireless network adapter information. + + `ip a` + + ``` + 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 + inet 127.0.0.1/8 scope host lo + valid_lft forever preferred_lft forever + inet6 ::1/128 scope host + valid_lft forever preferred_lft forever + 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 + link/ether dc:a6:32:50:de:57 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.109/24 brd 192.168.31.255 scope global dynamic noprefixroute eth0 + valid_lft 41386sec preferred_lft 41386sec + inet6 fe80::cd39:a969:e647:3043/64 scope link noprefixroute + valid_lft forever preferred_lft forever + 3: wlan0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether dc:a6:32:50:de:58 brd ff:ff:ff:ff:ff:ff + inet 192.168.31.110/24 brd 192.168.31.255 scope global dynamic noprefixroute wlan0 + valid_lft 43094sec preferred_lft 43094sec + inet6 fe80::394:d086:27fa:deba/64 scope link noprefixroute + valid_lft forever preferred_lft forever + ``` \ No newline at end of file diff --git a/docs/en/docs/Installation/Installation-Modes1.md b/docs/en/docs/Installation/Installation-Modes1.md new file mode 100644 index 0000000000000000000000000000000000000000..9135ea650a4fe3a8e1e153efa6f507f1825355c6 --- /dev/null +++ b/docs/en/docs/Installation/Installation-Modes1.md @@ -0,0 +1,121 @@ +# Installation Modes + +> ![](./public_sys-resources/icon-notice.gif) **NOTE:** +> +> - The hardware supports only Raspberry Pi 3B/3B+/4B. +> - The installation is performed by writing images to the SD card. This section describes how to write images using Windows, Linux, and Mac. +> - The image used in this section is the Raspberry Pi image of openEuler. For details about how to obtain the image, see [Installation Preparations](./安装准备-1.html). + + + +- [Installation Modes](./Installation Modes) + - [Writing Images Using Windows](./Writing Images Using Windows) + - [Formatting the SD Card](./Formatting the SD Card) + - [Writing Images to the SD Card](./Writing Images to the SD Card) + - [Writing Images Using Linux](./Writing Images Using Linux) + - [Checking Drive Partition Information](./Checking Drive Partition Information) + - [Unmouting the SD Card](./Unmouting the SD Card) + - [Writing Images to the SD Card](./Writing Images to the SD Card) + - [Writing Images Using the Mac OS](./Writing Images Using the Mac OS) + - [Checking Drive Partition Information](./Checking Drive Partition Information) + - [Unmouting the SD Card](./Unmouting the SD Card) + - [Writing Images to the SD Card](./Writing Images to the SD Card) + + +## Writing Images Using Windows + +This section uses Windows 10 as an example to describe how to write images to the SD card using Windows. + +### Formatting the SD Card + +To format the SD card, perform the following procedure: + +1. Download and install the tool for SD card formatting. The following operations use the SD Card Formatter as an example. + +2. Start the SD Card Formatter. In **Select card**, select the drive letter of the SD card to be formatted. + + If no image has been installed in the SD card, only one drive letter exists. In **Select card**, select the drive letter of the SD card to be formatted. + + If an image has been installed in the SD card, one or more drive letters exist. In **Select card**, select the drive letter E of the boot partition corresponding to the SD card to be formatted. The SD card corresponds to three drive letters: E, G, and H, as shown in the following figure: + + Figure 1 Drive letter +![](./figures/Drive letter) + +3. In **Formatting options**, select a formatting mode. The default mode is **Quick format**. + +4. Click **Format** to start formatting. A progress bar is displayed to show the formatting progress. + +5. After the formatting is completed, a dialog box is displayed, indicating that formatting is successfully completed. Click **OK**. + +### Writing Images to the SD Card + +> ![](./public_sys-resources/icon-notice.gif) **NOTE:** +If the compressed image file **openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz** is obtained, decompress the file to obtain the **openEuler-20.03-LTS-SP1-raspi-aarch64.img** image file. + +To write the **openEuler-20.03-LTS-SP1-raspi-aarch64.img** image file to the SD card, perform the following procedure: + +1. Download and install the tool for writing images. The following operations use the Win32 Disk Imager as an example. +2. Start the Win32 Disk Imager and right-click **Run as administrator**. +3. Select the path of the image file in IMG format from the **Image File** drop-down list box. +4. In **Device**, select the drive letter of the SD card to which data is written. +5. Click **Write**. A progress bar is displayed to show the progress of writing data to the SD card. +6. After the write operation is completed, a dialog box is displayed, indicating that the write operation is successfully completed. Click **OK**. + +## Writing Images Using Linux + +This section describes how to write images to the SD card in the Linux environment. + +### Checking Drive Partition Information + +Run the `fdisk -l` command as the root user to obtain the information of the SD card and drive partitions. For example, the drive partition corresponding to the SD card can be /dev/sdb. + +### Unmouting the SD Card + +1. Run the `df -lh` command to check the mounted volumes. + +2. If the partitions corresponding to the SD card are not mounted, skip this step. If the partitions corresponding to the SD card are mounted, for example, /dev/sdb1 and /dev/sdb3, run the following commands as the root user to unmount the partitions: + + `umount /dev/sdb1` + + `umount /dev/sdb3` + +### Writing Images to the SD Card + +1. If the image obtained is compressed, run the `xz -d openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz` command to decompress the compressed file to obtain the **openEuler-20.03-LTS-SP1-raspi-aarch64.img** image file. Otherwise, skip this step. + +2. Run the following command as the root user to write the `openEuler-20.03-LTS-SP1-raspi-aarch64.img` image to the SD card: + + `dd bs=4M if=openEuler-20.03-LTS-SP1-raspi-aarch64.img of=/dev/sdb` + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** Generally, the block size is set to 4 MB. If the write operation fails or the written image cannot be used, you can set the block size to 1 MB and try again. However, the write operation is time-consuming when the block size is set to 1 MB. + +## Writing Images Using the Mac OS + +This section describes how to flash images to the SD card in the Mac environment. + +### Checking Drive Partition Information + +Run the `diskutil list` command as user root to obtain the information of SD cards and drive partitions. For example, the drive partition corresponding to the SD card can be /dev/disk3. + +### Unmouting the SD Card + +1. Run the `df -lh` command to check the mounted volumes. + +2. If the partitions corresponding to the SD card are not mounted, skip this step. If the partitions corresponding to the SD card are mounted, for example, dev/disk3s1 and /dev/disk3s3, run the following commands as the root user to unmount the partitions: + + `diskutil umount /dev/disk3s1` + + `diskutil umount /dev/disk3s3` + +### Writing Images to the SD Card + +1. If the image obtained is compressed, run the `xz -d openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz` command to decompress the compressed file to obtain the **openEuler-20.03-LTS-SP1-raspi-aarch64.img** image file. Otherwise, skip this step. + +2. Run the following command as the root user to write the image `openEuler-20.03-LTS-SP1-raspi-aarch64.img` to the SD card: + + `dd bs=4m if=openEuler-20.03-LTS-SP1-raspi-aarch64.img of=/dev/sdb` + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > Generally, the block size is set to 4 MB. If the write operation fails or the written image cannot be used, you can set the block size to 1 MB and try again. However, the write operation is time-consuming when the block size is set to 1 MB. + diff --git a/docs/en/docs/Installation/Installation-Preparations1.md b/docs/en/docs/Installation/Installation-Preparations1.md new file mode 100644 index 0000000000000000000000000000000000000000..eaacdeac8021c7a6b8bc120d2caa8f1351c5985f --- /dev/null +++ b/docs/en/docs/Installation/Installation-Preparations1.md @@ -0,0 +1,125 @@ +# Installation Preparations + +This section describes the compatibility of the hardware and software and the related configurations and preparations required for the installation. + + +- [Installation Preparations](#安装准备) + - [Obtaining the Installation Source](#获取安装源) + - [Verifying the Image Integrity](#镜像完整性校验) + - [Overview](#简介) + - [Prerequisites](#前提条件) + - [Procedure](#操作指导) + - [Installation Requirements](#安装要求) + - [Hardware Compatibility](#硬件兼容支持) + - [Minimum Hardware Specifications](#最小硬件要求) + + +## Obtaining the Installation Source + +Before installation, obtain the openEuler Raspberry Pi image and its verification file. + +1. Log in to the [openEuler Community](https://openeuler.org) website. + +2. Click **Download**. + +3. Click the **Link** provided after **Download ISO**. The download list is displayed. + +4. Click **openEuler-20.03-LTS-SP1**. The openEuler 20.03 LTS SP1 version download list is displayed. + +5. Click **Raspberry Pi**. The Raspberry Pi image download list is displayed. + + - **aarch64**: image of the AArch64 architecture + +6. Click **aarch64** to download the Raspberry Pi AArch64 image download list. + +7. Click **openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz** to download the openEuler Raspberry Pi image to the local PC. + +8. Click **openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum** to download the verification file of the openEuler Raspberry Pi image to the local PC. + +## Verifying the Image Integrity + +### Overview + +During package transmission, to prevent software packages from being incompletely downloaded due to network or storage device problems, you need to verify the integrity of the software packages after obtaining them. Only the software packages that pass the verification can be deployed. + +Compare the verification value recorded in the verification file with the verification value that is manually calculated to determine whether the software package is complete. If the two values are the same, the downloaded file is complete. Otherwise, the downloaded file is incomplete and you need to obtain the software package again. + +### Prerequisites + +Before verifying the integrity of the image file, ensure that the following files are available: + +Image file: **openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz** + +Verification file: **openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum** + +### Procedure + +To verify the file integrity, perform the following procedure: + +1. Obtain the verification value from the verification file. Run the following command: + + ``` + $ cat openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum + ``` + +2. Calculate the SHA256 verification value of the file. Run the following command: + + ``` + $ sha256sum openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz + ``` + + After the command is executed, the verification value is displayed. + +3. Check whether the verification value calculated in step 1 is consistent with that calculated in step 2. + + If the verification values are consistent, the downloaded file is not damaged. Otherwise, the downloaded file is incomplete and you need to obtain the file again. + +## Installation Requirements + +If the openEuler operating system is installed in the Raspberry Pi environment, the Raspberry Pi environment must meet the hardware compatibility and minimum hardware specifications as follows. + +### Hardware Compatibility + +Currently, the openEuler Raspberry Pi image supports the 3B, 3B+, and 4B versions. + +### Minimum Hardware Specifications + +[Table 1](#tff48b99c9bf24b84bb602c53229e2542) lists the minimum hardware specifications for the openEuler Raspberry Pi image. + +**Table 1** Minimum hardware specifications + + + + + + + + + + + + + + + + + + + + + + +

Component Name

+

Minimum Hardware Specifications

+

Description

+

Raspberry Pi version

+
  • Raspberry Pi 3B
  • Raspberry Pi 3B+
  • Raspberry Pi 4B
+

-

+

Memory

+

≥ 2 GB (4 GB or higher recommended for better user experience)

+

-

+

Drive

+

8 GB or higher recommended for better user experience

+

-

+
+ diff --git a/content/en/docs/Installation/Installation.md b/docs/en/docs/Installation/Installation.md similarity index 100% rename from content/en/docs/Installation/Installation.md rename to docs/en/docs/Installation/Installation.md diff --git a/docs/en/docs/Installation/More-Resources.md b/docs/en/docs/Installation/More-Resources.md new file mode 100644 index 0000000000000000000000000000000000000000..b8dd200267a33c4ec6d56d7c473095202df6bd68 --- /dev/null +++ b/docs/en/docs/Installation/More-Resources.md @@ -0,0 +1,4 @@ +# Reference + +- [How to Create a Raspberry Pi Image File](https://gitee.com/openeuler/raspberrypi/blob/master/documents/openEuler镜像的构建.md) +- [How to Use Raspberry Pi](https://gitee.com/openeuler/raspberrypi/blob/master/documents/树莓派使用.md) \ No newline at end of file diff --git a/content/en/docs/Installation/faqs.md b/docs/en/docs/Installation/faqs.md similarity index 88% rename from content/en/docs/Installation/faqs.md rename to docs/en/docs/Installation/faqs.md index b6124125082eb59ce3098cdc78e8aa12f7dde748..2b10b92c8283e1cc526c71ef7c93a60b02e6194d 100644 --- a/content/en/docs/Installation/faqs.md +++ b/docs/en/docs/Installation/faqs.md @@ -3,7 +3,6 @@ - [FAQs](#faqs) - [Why Does openEuler Fail to Start After I Install It to the Second Disk?](#why-does-openeuler-fail-to-start-after-i-install-it-to-the-second-disk) - - [What Are the Constraints on Network Configurations?](#what-are-the-constraints-on-network-configurations) - [Why Does openEuler Enter Emergency Mode After It Is Powered On?](#why-does-openeuler-enter-emergency-mode-after-it-is-powered-on) - [Failed to Reinstall openEuler When a Logical Volume Group That Cannot Be Activated Has Existed in openEuler](#failed-to-reinstall-openeuler-when-a-logical-volume-group-that-cannot-be-activated-has-existed-in-openeuler) - [An Exception Occurs During the Selection of the Installation Source](#an-exception-occurs-during-the-selection-of-the-installation-source) @@ -35,30 +34,6 @@ This problem can be solved using either of the following two methods: - During the installation of openEuler, select the first disk or both disks, and install the boot loader on the first disk **sda**. - After installing openEuler, restart it by modifying the boot option on the BIOS window. -## What Are the Constraints on Network Configurations? - -The NetworkManager and network services are network service management tools. Some functions of the two services overlap. - -- If the NetworkManager service is used, run the **nmcli** command or modify the configuration file to configure the network \(such as the IP address and route\). Do not run the **ip**, **ifconfig**, or **route** command to configure the network. - - >![](public_sys-resources/icon-note.gif) **NOTE:** - >When the NetworkManager service is enabled and you run commands such as **ip**, **ifconfig**, and **route** to configure the network, the configurations will be overwritten by NetworkManager. - - To check whether NetworkManager is enabled, run the following command: - - ``` - systemctl status NetworkManager - ``` - - >![](public_sys-resources/icon-note.gif) **NOTE:** - >For details about the use of the **nmcli** command, see the execution result of the **nmcli --help** or **man nmcli** command. - -- If you want to run commands such as **ip**, **ifconfig**, and **route** commands to manage network information, run the following command to disable the NetworkManager service: - - ``` - systemctl stop NetworkManager - ``` - ## Why Does openEuler Enter Emergency Mode After It Is Powered On? @@ -66,7 +41,7 @@ The NetworkManager and network services are network service management tools. So openEuler enters emergency mode after it is powered on. -![](figures/en-us_image_0229291264.jpg) +![](./figures/en-us_image_0229291264.jpg) ### Possible Causes @@ -79,7 +54,7 @@ An unexpected system power-off, and low I/O performance of disks may also cause 1. Enter the password of the **root** account to log in to openEuler. 2. Check and restore files by using the file system check \(fsck\) tool, and restart openEuler. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The fsck tool checks and maintains inconsistent file systems. If the system is powered off or a disk is faulty, run the **fsck** command to check file systems. Run the **fsck.ext3 -h** and **fsck.ext4 -h** commands to view the usage method of the fsck tool. @@ -167,7 +142,7 @@ Check whether the installation source is abnormal. Use the new installation sour Run the **systemctl status kdump** command. The following information is displayed, indicating that no memory is reserved. -![](figures/en-us_image_0229291280.png) +![](./figures/en-us_image_0229291280.png) ### Possible Cause @@ -187,7 +162,7 @@ For the scenario where the OS has been installed If the following information is displayed, the kdump status is **active**, indicating that the kdump service is enabled. No further action is required. - ![](figures/en-us_image_0229291272.png) + ![](./figures/en-us_image_0229291272.png) ### Parameter Description @@ -254,7 +229,7 @@ The following table describes the parameters of the memory reserved for the kdum If openEuler was installed on a logical volume consisting of multiple disks, an error message will be displayed as shown in [Figure 1](#fig115949762617) when you attempt to select one of the disks for reinstallation. **Figure 1** Error message -![](figures/error-message.png "error-message") +![](./figures/error-message.png "error-message") ### Possible Cause @@ -270,7 +245,7 @@ The logical volume formed by multiple disks is equivalent to a volume group. The vgs ``` - ![](figures/en-us_image_0231657950.png) + ![](./figures/en-us_image_0231657950.png) 2. Run the following command to delete the volume group: @@ -284,7 +259,7 @@ The logical volume formed by multiple disks is equivalent to a volume group. The systemctl restart anaconda ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >You can also press **Ctrl**+**Alt**+**F6** to return to the GUI and click **Refresh** in the lower right corner to refresh the storage configuration. @@ -295,7 +270,7 @@ The logical volume formed by multiple disks is equivalent to a volume group. The During the installation of openEuler on an x86 PM in UEFI mode, the system stays at the "No bootable device" page and the installation cannot continue because **secure boot** is set to **enabled** \(by default, it is set to **disabled**\), as shown in [Figure 2](#fig115949762617). **Figure 2** Dialog box showing "No bootable device" -![](figures/dialog-box-showing-no-bootable-device.png "dialog-box-showing-no-bootable-device") +![](./figures/dialog-box-showing-no-bootable-device.png "dialog-box-showing-no-bootable-device") ### Possible Cause @@ -307,16 +282,16 @@ Access the BIOS, set **secure boot** to **disabled**, and reinstall the openE 1. During the system startup, press **F11** and enter the password **Admin@9000** to access the BIOS. - ![](figures/bios.png) + ![](./figures/bios.png) 2. Choose **Administer Secure Boot**. - ![](figures/security.png) + ![](./figures/security.png) 3. Set **Enforce Secure Boot** to **Disabled**. - ![](figures/enforce-secure-boot.png) + ![](./figures/enforce-secure-boot.png) - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >After **Enforce Secure Boot** is set to **Disabled**, save the settings, and exit. Then, reinstall the system. diff --git "a/content/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md" b/docs/en/docs/Installation/figures/.keep similarity index 100% rename from "content/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md" rename to docs/en/docs/Installation/figures/.keep diff --git a/docs/en/docs/Installation/figures/Installation_wizard.png b/docs/en/docs/Installation/figures/Installation_wizard.png new file mode 100644 index 0000000000000000000000000000000000000000..8e64b70503f21ac80034e8825f9cb0cd60965d32 Binary files /dev/null and b/docs/en/docs/Installation/figures/Installation_wizard.png differ diff --git a/docs/en/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png b/docs/en/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png new file mode 100644 index 0000000000000000000000000000000000000000..dc92fedd71a5331af870e449f843ecd0eefc9278 Binary files /dev/null and b/docs/en/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png differ diff --git a/docs/en/docs/Installation/figures/advanced-user-configuration.png b/docs/en/docs/Installation/figures/advanced-user-configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27f8b5371323cf27dae8dd7e8549ff1e1f8c4b Binary files /dev/null and b/docs/en/docs/Installation/figures/advanced-user-configuration.png differ diff --git a/content/en/docs/Installation/figures/bios.png b/docs/en/docs/Installation/figures/bios.png similarity index 100% rename from content/en/docs/Installation/figures/bios.png rename to docs/en/docs/Installation/figures/bios.png diff --git a/content/en/docs/Installation/figures/completing-the-automatic-installation.png b/docs/en/docs/Installation/figures/completing-the-automatic-installation.png similarity index 100% rename from content/en/docs/Installation/figures/completing-the-automatic-installation.png rename to docs/en/docs/Installation/figures/completing-the-automatic-installation.png diff --git a/docs/en/docs/Installation/figures/completing-the-configuration.png b/docs/en/docs/Installation/figures/completing-the-configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..f37cb873d920e8969d507cc5bce85d265e9321e8 Binary files /dev/null and b/docs/en/docs/Installation/figures/completing-the-configuration.png differ diff --git a/docs/en/docs/Installation/figures/completing-the-installation.png b/docs/en/docs/Installation/figures/completing-the-installation.png new file mode 100644 index 0000000000000000000000000000000000000000..f873b124308d7166b4621a8306824034fcc92609 Binary files /dev/null and b/docs/en/docs/Installation/figures/completing-the-installation.png differ diff --git a/docs/en/docs/Installation/figures/creating-a-user.png b/docs/en/docs/Installation/figures/creating-a-user.png new file mode 100644 index 0000000000000000000000000000000000000000..6145007e1ad60afea892bc820a29b9d8ee8c89c9 Binary files /dev/null and b/docs/en/docs/Installation/figures/creating-a-user.png differ diff --git a/content/en/docs/Installation/figures/dialog-box-showing-no-bootable-device.png b/docs/en/docs/Installation/figures/dialog-box-showing-no-bootable-device.png similarity index 100% rename from content/en/docs/Installation/figures/dialog-box-showing-no-bootable-device.png rename to docs/en/docs/Installation/figures/dialog-box-showing-no-bootable-device.png diff --git a/content/en/docs/Installation/figures/drive-icon.png b/docs/en/docs/Installation/figures/drive-icon.png similarity index 100% rename from content/en/docs/Installation/figures/drive-icon.png rename to docs/en/docs/Installation/figures/drive-icon.png diff --git a/content/en/docs/Installation/figures/en-us_image_0229291229.png b/docs/en/docs/Installation/figures/en-us_image_0229291229.png similarity index 100% rename from content/en/docs/Installation/figures/en-us_image_0229291229.png rename to docs/en/docs/Installation/figures/en-us_image_0229291229.png diff --git a/content/en/docs/Installation/figures/en-us_image_0229291236.png b/docs/en/docs/Installation/figures/en-us_image_0229291236.png similarity index 100% rename from content/en/docs/Installation/figures/en-us_image_0229291236.png rename to docs/en/docs/Installation/figures/en-us_image_0229291236.png diff --git a/content/en/docs/Installation/figures/en-us_image_0229291243.png b/docs/en/docs/Installation/figures/en-us_image_0229291243.png similarity index 100% rename from content/en/docs/Installation/figures/en-us_image_0229291243.png rename to docs/en/docs/Installation/figures/en-us_image_0229291243.png diff --git a/content/en/docs/Installation/figures/en-us_image_0229291247.png b/docs/en/docs/Installation/figures/en-us_image_0229291247.png similarity index 100% rename from content/en/docs/Installation/figures/en-us_image_0229291247.png rename to docs/en/docs/Installation/figures/en-us_image_0229291247.png diff --git a/content/en/docs/Installation/figures/en-us_image_0229291264.jpg b/docs/en/docs/Installation/figures/en-us_image_0229291264.jpg similarity index 100% rename from content/en/docs/Installation/figures/en-us_image_0229291264.jpg rename to docs/en/docs/Installation/figures/en-us_image_0229291264.jpg diff --git a/content/en/docs/Installation/figures/en-us_image_0229291270.png b/docs/en/docs/Installation/figures/en-us_image_0229291270.png similarity index 100% rename from content/en/docs/Installation/figures/en-us_image_0229291270.png rename to docs/en/docs/Installation/figures/en-us_image_0229291270.png diff --git a/content/en/docs/Installation/figures/en-us_image_0229291272.png b/docs/en/docs/Installation/figures/en-us_image_0229291272.png similarity index 100% rename from content/en/docs/Installation/figures/en-us_image_0229291272.png rename to docs/en/docs/Installation/figures/en-us_image_0229291272.png diff --git a/content/en/docs/Installation/figures/en-us_image_0229291280.png b/docs/en/docs/Installation/figures/en-us_image_0229291280.png similarity index 100% rename from content/en/docs/Installation/figures/en-us_image_0229291280.png rename to docs/en/docs/Installation/figures/en-us_image_0229291280.png diff --git a/content/en/docs/Installation/figures/en-us_image_0229291286.png b/docs/en/docs/Installation/figures/en-us_image_0229291286.png similarity index 100% rename from content/en/docs/Installation/figures/en-us_image_0229291286.png rename to docs/en/docs/Installation/figures/en-us_image_0229291286.png diff --git a/content/en/docs/Installation/figures/en-us_image_0229420473.png b/docs/en/docs/Installation/figures/en-us_image_0229420473.png similarity index 100% rename from content/en/docs/Installation/figures/en-us_image_0229420473.png rename to docs/en/docs/Installation/figures/en-us_image_0229420473.png diff --git a/content/en/docs/Installation/figures/en-us_image_0231657950.png b/docs/en/docs/Installation/figures/en-us_image_0231657950.png similarity index 100% rename from content/en/docs/Installation/figures/en-us_image_0231657950.png rename to docs/en/docs/Installation/figures/en-us_image_0231657950.png diff --git a/content/en/docs/Installation/figures/enforce-secure-boot.png b/docs/en/docs/Installation/figures/enforce-secure-boot.png similarity index 100% rename from content/en/docs/Installation/figures/enforce-secure-boot.png rename to docs/en/docs/Installation/figures/enforce-secure-boot.png diff --git a/docs/en/docs/Installation/figures/error-message.png b/docs/en/docs/Installation/figures/error-message.png new file mode 100644 index 0000000000000000000000000000000000000000..c5802a2b7a750eed8429ec06c7e4919a3d161a9e Binary files /dev/null and b/docs/en/docs/Installation/figures/error-message.png differ diff --git a/content/en/docs/Installation/figures/image-dialog-box.png b/docs/en/docs/Installation/figures/image-dialog-box.png similarity index 100% rename from content/en/docs/Installation/figures/image-dialog-box.png rename to docs/en/docs/Installation/figures/image-dialog-box.png diff --git a/docs/en/docs/Installation/figures/installation-process.png b/docs/en/docs/Installation/figures/installation-process.png new file mode 100644 index 0000000000000000000000000000000000000000..f873b124308d7166b4621a8306824034fcc92609 Binary files /dev/null and b/docs/en/docs/Installation/figures/installation-process.png differ diff --git a/docs/en/docs/Installation/figures/installation-summary.png b/docs/en/docs/Installation/figures/installation-summary.png new file mode 100644 index 0000000000000000000000000000000000000000..185e1f2ca191f3e9c51ba8976e099fc8d0d904c7 Binary files /dev/null and b/docs/en/docs/Installation/figures/installation-summary.png differ diff --git a/docs/en/docs/Installation/figures/installsourceen.png b/docs/en/docs/Installation/figures/installsourceen.png new file mode 100644 index 0000000000000000000000000000000000000000..c1bb5e1d8ab98c6d6640f99f87685c77b9f94179 Binary files /dev/null and b/docs/en/docs/Installation/figures/installsourceen.png differ diff --git a/docs/en/docs/Installation/figures/manual-partitioning-page.png b/docs/en/docs/Installation/figures/manual-partitioning-page.png new file mode 100644 index 0000000000000000000000000000000000000000..489719df1cffa43b8d2ee8a510d10f5e97802688 Binary files /dev/null and b/docs/en/docs/Installation/figures/manual-partitioning-page.png differ diff --git a/docs/en/docs/Installation/figures/password-of-the-root-account.png b/docs/en/docs/Installation/figures/password-of-the-root-account.png new file mode 100644 index 0000000000000000000000000000000000000000..b4252296ee1cafef1a4c97d89a42d6482f09761a Binary files /dev/null and b/docs/en/docs/Installation/figures/password-of-the-root-account.png differ diff --git a/content/en/docs/Installation/figures/restart-icon.png b/docs/en/docs/Installation/figures/restart-icon.png similarity index 100% rename from content/en/docs/Installation/figures/restart-icon.png rename to docs/en/docs/Installation/figures/restart-icon.png diff --git a/content/en/docs/Installation/figures/security.png b/docs/en/docs/Installation/figures/security.png similarity index 100% rename from content/en/docs/Installation/figures/security.png rename to docs/en/docs/Installation/figures/security.png diff --git a/docs/en/docs/Installation/figures/selecting-a-language.png b/docs/en/docs/Installation/figures/selecting-a-language.png new file mode 100644 index 0000000000000000000000000000000000000000..0ffe4c54db03615b541efdfd7f4b3d6ad816750b Binary files /dev/null and b/docs/en/docs/Installation/figures/selecting-a-language.png differ diff --git a/docs/en/docs/Installation/figures/selecting-installation-software.png b/docs/en/docs/Installation/figures/selecting-installation-software.png new file mode 100644 index 0000000000000000000000000000000000000000..5ba064e33ea4aef29122b7cc07df82d40eacda3d Binary files /dev/null and b/docs/en/docs/Installation/figures/selecting-installation-software.png differ diff --git a/docs/en/docs/Installation/figures/semi-automatic-installation.png b/docs/en/docs/Installation/figures/semi-automatic-installation.png new file mode 100644 index 0000000000000000000000000000000000000000..82218558de7ffacb4835087c90c0206b52f89198 Binary files /dev/null and b/docs/en/docs/Installation/figures/semi-automatic-installation.png differ diff --git a/docs/en/docs/Installation/figures/setting-a-system-language.png b/docs/en/docs/Installation/figures/setting-a-system-language.png new file mode 100644 index 0000000000000000000000000000000000000000..c2a16d42b2a23cb711c005ea7455b46727e9b290 Binary files /dev/null and b/docs/en/docs/Installation/figures/setting-a-system-language.png differ diff --git a/docs/en/docs/Installation/figures/setting-date-and-time.png b/docs/en/docs/Installation/figures/setting-date-and-time.png new file mode 100644 index 0000000000000000000000000000000000000000..c3ae78f7d63e111b65fdf7722d2cbff0a863ed76 Binary files /dev/null and b/docs/en/docs/Installation/figures/setting-date-and-time.png differ diff --git a/docs/en/docs/Installation/figures/setting-the-installation-destination.png b/docs/en/docs/Installation/figures/setting-the-installation-destination.png new file mode 100644 index 0000000000000000000000000000000000000000..ee858420e75084a0301fecbf6768f67246f14f14 Binary files /dev/null and b/docs/en/docs/Installation/figures/setting-the-installation-destination.png differ diff --git a/docs/en/docs/Installation/figures/setting-the-installation-source.png b/docs/en/docs/Installation/figures/setting-the-installation-source.png new file mode 100644 index 0000000000000000000000000000000000000000..6cc3b2b98b13642f47e8afba8b2bdd000b63b9e4 Binary files /dev/null and b/docs/en/docs/Installation/figures/setting-the-installation-source.png differ diff --git a/docs/en/docs/Installation/figures/setting-the-keyboard-layout.png b/docs/en/docs/Installation/figures/setting-the-keyboard-layout.png new file mode 100644 index 0000000000000000000000000000000000000000..3da90135aea9ba39fc5208525e51a090c9c613c8 Binary files /dev/null and b/docs/en/docs/Installation/figures/setting-the-keyboard-layout.png differ diff --git a/docs/en/docs/Installation/figures/setting-the-network-and-host-name.png b/docs/en/docs/Installation/figures/setting-the-network-and-host-name.png new file mode 100644 index 0000000000000000000000000000000000000000..0f2cc10e5c094a4597a7e0fdc9b2fd53a33a698b Binary files /dev/null and b/docs/en/docs/Installation/figures/setting-the-network-and-host-name.png differ diff --git a/docs/en/docs/Installation/figures/sourceftp.png b/docs/en/docs/Installation/figures/sourceftp.png new file mode 100644 index 0000000000000000000000000000000000000000..1fc0d37d9040ce81a8babe5661a3c09cf5b69830 Binary files /dev/null and b/docs/en/docs/Installation/figures/sourceftp.png differ diff --git a/docs/en/docs/Installation/figures/sourcenfs.png b/docs/en/docs/Installation/figures/sourcenfs.png new file mode 100644 index 0000000000000000000000000000000000000000..3e9ab96e8616d1c1e59ae8d6b43ebab03dcc3281 Binary files /dev/null and b/docs/en/docs/Installation/figures/sourcenfs.png differ diff --git a/docs/en/docs/Installation/figures/starting-installation.png b/docs/en/docs/Installation/figures/starting-installation.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd779430c0dd891099dffbd7b65298eae0dea58 Binary files /dev/null and b/docs/en/docs/Installation/figures/starting-installation.png differ diff --git a/docs/en/docs/Installation/figures/startparam.png b/docs/en/docs/Installation/figures/startparam.png new file mode 100644 index 0000000000000000000000000000000000000000..c40c02239a84d19b1520c7454d5c4f26dd38b1dd Binary files /dev/null and b/docs/en/docs/Installation/figures/startparam.png differ diff --git a/docs/en/docs/Installation/install-DDE.md b/docs/en/docs/Installation/install-DDE.md new file mode 100644 index 0000000000000000000000000000000000000000..82388f86224263a18981c07fbae2d3fa290a4c8f --- /dev/null +++ b/docs/en/docs/Installation/install-DDE.md @@ -0,0 +1,31 @@ +# DDE installation +#### Introduction + +DDE is a powerful desktop environment developed by UnionTech Team. Contains dozens of powerful desktop applications, which are truly self-developed desktop products. + +#### installation method + +1. [download](https://openeuler.org/zh/download/) openEuler ISO and install the OS. +2. update the software source +```bash +sudo dnf update +``` +3. install DDE +```bash +sudo dnf install dde +``` +4. set to start with a graphical interface +```bash +sudo systemctl set-default graphical.target +``` +5. reboot +```bash +sudo reboot +``` +6. After the restart is complete, use the user created during the installation process or the openeuler user to log in to the desktop. + + > dde cannot log in with root account + > dde has built-in openeuler user, the password of this user is openeuler + +Now you can use dde. + diff --git a/docs/en/docs/Installation/install-UKUI.md b/docs/en/docs/Installation/install-UKUI.md new file mode 100644 index 0000000000000000000000000000000000000000..b55d3351565207c954ab2f9aae01b547c6730014 --- /dev/null +++ b/docs/en/docs/Installation/install-UKUI.md @@ -0,0 +1,21 @@ +# UKUI installation +UKUI is a Linux desktop built by the KylinSoft software team over the years, primarily based on GTK and QT. Compared to other UI interfaces, UKUI is easy to use. The components of UKUI are small and low coupling, can run alone without relying on other suites. It can provide user a friendly and efficient experience. + +UKUI supports both x86_64 and aarch64 architectures. + +We recommend you create a new administrator user before install UKUI. + +1.download openEuler-20.03-LTS SP1 and update the software source. +``` +sudo dnf update +``` +2.install UKUI. +``` +sudo dnf install ukui +``` +3.If you want to start with graphical interface after confirming the installation, please run this code and reboot(`reboot`). +``` +systemctl set-default graphical.target +``` +At present, UKUI version is still constantly updated. Please check the latest installation method : +[https://gitee.com/openkylin/ukui-issues](https://gitee.com/openkylin/ukui-issues) diff --git a/themes/project/layouts/partials/docs/inject/body.html b/docs/en/docs/Installation/install-pi.md similarity index 100% rename from themes/project/layouts/partials/docs/inject/body.html rename to docs/en/docs/Installation/install-pi.md diff --git a/themes/project/layouts/partials/docs/inject/footer.html b/docs/en/docs/Installation/install-server.md similarity index 100% rename from themes/project/layouts/partials/docs/inject/footer.html rename to docs/en/docs/Installation/install-server.md diff --git a/content/en/docs/Installation/installation-guideline.md b/docs/en/docs/Installation/installation-guideline.md similarity index 44% rename from content/en/docs/Installation/installation-guideline.md rename to docs/en/docs/Installation/installation-guideline.md index ba60382a03ef42ae52b1d368b26d8f9d0e23fd9c..6dbb0aa5867333792a4b7caeb2353e6b36a570ad 100644 --- a/content/en/docs/Installation/installation-guideline.md +++ b/docs/en/docs/Installation/installation-guideline.md @@ -1,93 +1,97 @@ # Installation Guideline This section describes how to install openEuler using a CD-ROM. The installation process is the same for other installation modes except the boot option. + - [Installation Guideline](#installation-guideline) - - [Starting the Installation](#starting-the-installation) - - [Booting from the CD/DVD-ROM Drive](#booting-from-the-cddvd-rom-drive) - - [Installation Wizard](#installation-wizard) - - [Installation in GUI Mode](#installation-in-gui-mode) - - [Configuring an Installation Program Language](#configuring-an-installation-program-language) - - [Entering the Installation Page](#entering-the-installation-page) - - [Setting the Keyboard Layout](#setting-the-keyboard-layout) - - [Setting a System Language](#setting-a-system-language) - - [Setting Date and Time](#setting-date-and-time) - - [Setting the Installation Source](#setting-the-installation-source) - - [Selecting Installation Software](#selecting-installation-software) - - [Setting the Installation Destination](#setting-the-installation-destination) - - [Storage Configuration](#storage-configuration) - - [Setting the Network and Host Name](#setting-the-network-and-host-name) - - [Starting Installation](#starting-installation) - - [Configurations During Installation](#configurations-during-installation) - - [Password Complexity](#password-complexity) - - [Setting the Root User Password](#setting-the-root-user-password) - - [Creating a User](#creating-a-user) - - [Completing the Installation](#completing-the-installation) + - [Starting the Installation](#starting-the-installation) + - [Booting from the CD/DVD-ROM Drive](#booting-from-the-cddvd-rom-drive) + - [Installation Wizard](#installation-wizard) + - [Installation in GUI Mode](#installation-in-gui-mode) + - [Configuring an Installation Program Language](#configuring-an-installation-program-language) + - [Entering the Installation Page](#entering-the-installation-page) + - [Setting the Keyboard Layout](#setting-the-keyboard-layout) + - [Setting a System Language](#setting-a-system-language) + - [Setting Date and Time](#setting-date-and-time) + - [Setting the Installation Source](#setting-the-installation-source) + - [Selecting Installation Software](#selecting-installation-software) + - [Setting the Installation Destination](#setting-the-installation-destination) + - [Storage Configuration](#storage-configuration) + - [Setting the Network and Host Name](#setting-the-network-and-host-name) + - [Setting the Root Password](#设置根密码) + - [Password Complexity](#密码复杂度) + - [Creating a User](#创建用户) + - [Starting the Installation](#开始安装) + - [Installation Procedure](#安装过程) + - [Completing the Installation](#安装完成) - ## Starting the Installation ### Booting from the CD/DVD-ROM Drive Load the ISO image of openEuler from the CD/DVD-ROM drive of the server and restart the server. The procedure is as follows: ->![](public_sys-resources/icon-note.gif) **NOTE:** ->Before the installation, ensure that the server boots from the CD/DVD-ROM drive preferentially. The following steps describe how to install the openEuler using the virtual CD/DVD-ROM drive on the baseboard management controller \(BMC\). Installing the openEuler from a physical drive is simple. After the installation starts, the procedure for the physical drive is the same as that of the virtual drive. +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> Before the installation, ensure that the server boots from the CD/DVD-ROM drive preferentially. The following steps describe how to install the openEuler using the virtual CD/DVD-ROM drive on the baseboard management controller (BMC). Installing the openEuler from a physical drive is simple. After the installation starts, the procedure for the physical drive is the same as that of the virtual drive. 1. On the toolbar, click the icon shown in the following figure. **Figure 1** Drive icon - ![](figures/drive-icon.png "drive-icon") + ![](./figures/drive-icon.png "drive-icon") An image dialog box is displayed, as shown in the following figure. **Figure 2** Image dialog box - ![](figures/image-dialog-box.png "image-dialog-box") + ![](./figures/image-dialog-box.png "image-dialog-box") 2. Select **Image File** and then click **Browse**. The **Open** dialog box is displayed. + 3. Select the image file and click **Open**. In the image dialog box, click **Connect**. If **Connect** changes to **Disconnect**, the virtual CD/DVD-ROM drive is connected to the server. + 4. On the toolbar, click the restart icon shown in the following figure to restart the device. **Figure 3** Restart icon - ![](figures/restart-icon.png "restart-icon") + ![](./figures/restart-icon.png "restart-icon") ### Installation Wizard -A boot menu is displayed after the system is booted using the boot medium. In addition to options for starting the installation program, some other options are available on the boot menu. During system installation, the **Test this media & install openEuler 20.03 LTS** mode is used by default. Press the arrow keys on the keyboard to change the selection, and press **Enter** when the desired option is highlighted. +A boot menu is displayed after the system is booted using the boot medium. In addition to options for starting the installation program, some other options are available on the boot menu. During system installation, the **Test this media \& install openEuler 20.03-LTS-SP1** mode is used by default. Press the arrow keys on the keyboard to change the selection, and press **Enter** when the desired option is highlighted. ->![](public_sys-resources/icon-note.gif) **NOTE:** ->- If you do not perform any operations within 1 minute, the system automatically selects the default option **Test this media & install openEuler 20.03 LTS** and enters the installation page. ->- During PM installation, if you cannot use the arrow keys to select boot options and the system does not respond after you press **Enter**, click ![](figures/en-us_image_0229420473.png) on the BMC page and configure **Key & Mouse Reset**. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- If you do not perform any operations within 1 minute, the system automatically selects the default option **Test this media \& install openEuler 20.03-LTS-SP1** and enters the installation page. +>- During PM installation, if you cannot use the arrow keys to select boot options and the system does not respond after you press **Enter**, click ![](./figures/en-us_image_0229420473.png) on the BMC page and configure **Key & Mouse Reset**. **Figure 4** Installation Wizard -![](figures/installation-wizard.png "installation-wizard") +![](./figures/Installation_wizard.png "installation-wizard") Installation wizard options are described as follows: -- **Install openEuler 20.03 LTS**: Install openEuler on your server in GUI mode. +- **Install openEuler 20.03-LTS-SP1**: Install openEuler on your server in GUI mode. -- **Test this media & install openEuler 20.03 LTS**: Default option. Install openEuler on your server in GUI mode. The integrity of the installation medium is checked before the installation program is started. +- **Test this media & install openEuler 20.03-LTS-SP1**: Default option. Install openEuler on your server in GUI mode. The integrity of the installation medium is checked before the installation program is started. - **Troubleshooting**: Troubleshooting mode, which is used when the system cannot be installed properly. In troubleshooting mode, the following options are available: - - **Install openEuler 20.03-LTS in basic graphics mode**: Basic graphics installation mode. In this mode, the video driver is not started before the system starts and runs. + + - **Install openEuler 20.03-LTS-SP1 in basic graphics mode**: Basic graphics installation mode. In this mode, the video driver is not started before the system starts and runs. - **Rescue the openEuler system**: Rescue mode, which is used to restore the system. In rescue mode, the installation process is printed in the VNC or BMC, and the serial port is unavailable. -On the installation wizard screen, press **e** to go to the parameter editing screen of the selected option, and press **c** to go to the command-line interface \(CLI\). +On the installation wizard screen, press **e** to go to the parameter editing screen of the selected option, and press **c** to go to the command-line interface (CLI). ### Installation in GUI Mode -On the installation wizard page, select **Test this media & install openEuler 20.03 LTS** to enter the GUI installation mode. +On the installation wizard page, select **Test this media \& install openEuler 20.09** to enter the GUI installation mode. Perform graphical installation operations using a keyboard. -- Press **Tab** or **Shift**+**Tab** to move between GUI controls \(such as buttons, area boxes, and check boxes\). +- Press **Tab** or **Shift**+**Tab** to move between GUI controls (such as buttons, area boxes, and check boxes). - Press the up or down arrow key to move a target in the list. - Press the left or right arrow key to move between the horizontal toolbar and watch bar. - Press the spacebar or **Enter** to select or delete highlighted options, expand or collapse a drop-down list. -- Press **Alt**+a shortcut key \(the shortcut key varies for different pages\) to select the control where the shortcut key is located. The shortcut key can be highlighted \(underlined\) by holding down Alt. +- Press **Alt**+a shortcut key (the shortcut key varies for different pages) to select the control where the shortcut key is located. The shortcut key can be highlighted (underlined) by holding down Alt. ## Configuring an Installation Program Language @@ -95,7 +99,7 @@ Perform graphical installation operations using a keyboard. After the installation starts, the system will prompt the language that is used during the configuration installation process. English is configured by default, as shown in [Figure 5](#en-us_topic_0186390093_en-us_topic_0122145864_fig144630179151). Configure another language as required. **Figure 5** Selecting a language -![](figures/selecting-a-language.png "selecting-a-language") +![](./figures/selecting-a-language.png "selecting-a-language") After configurations, click **Continue**. The main installation configuration page is displayed. @@ -110,17 +114,17 @@ Some configuration items are matched with safety symbols. A safety symbol will d If you want to exit the installation, click **Exit**. The message "Are you sure you want to exit the installation program?" is displayed. Click **Yes** in the dialog box to go back to the installation wizard page. **Figure 6** Installation summary -![](figures/installation-summary.png "installation-summary") +![](./figures/installation-summary.png "installation-summary") ## Setting the Keyboard Layout On the **INSTALLATION SUMMARY** page, click **KEYBOARD**. You can add or delete multiple keyboard layouts in the system. -- On the left white box, click to select the keyboard layout and click the keyboard under the box. -- To test the keyboard layout: On the left white box, click to select the keyboard layout, click the inside of the right text box, and enter the text to ensure that the keyboard layout can work properly. +- On the left white box, click to select the keyboard layout and click the keyboard under the box. +- To test the keyboard layout: On the left white box, click to select the keyboard layout, click the inside of the right text box, and enter the text to ensure that the keyboard layout can work properly. **Figure 7** Setting the keyboard layout -![](figures/setting-the-keyboard-layout.png "setting-the-keyboard-layout") +![](./figures/setting-the-keyboard-layout.png "setting-the-keyboard-layout") After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. @@ -128,63 +132,68 @@ After the setting is complete, click **Done** in the upper left corner to go b On the **INSTALLATION SUMMARY** page, click **LANGUAGE SUPPORT** to set the system language, as shown in [Figure 8](#en-us_topic_0186390098_en-us_topic_0122145772_fig187301927172619). Set another language as required, such as Chinese. ->![](public_sys-resources/icon-note.gif) **NOTE:** ->- If you select Chinese, the system does not display Chinese characters after you log in to the system using VNC, because VNC does not support Chinese characters. If you log in to the system in SSH mode, Chinese characters will be displayed. ->- If you select English, there will be no impact. +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> - If you select **Chinese**, the system does not support the display of Chinese characters when you log in to the system using VNC, but supports the display of Chinese characters when you log in to the system using a serial port. When you log in to the system using SSH, whether the system supports the display of Chinese characters depends on the SSH client. If you select **English**, the display is not affected. **Figure 8** Setting a system language -![](figures/setting-a-system-language.png "setting-a-system-language") +![](./figures/setting-a-system-language.png "setting-a-system-language") After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. ## Setting Date and Time -On the **INSTALLATION SUMMARY** page, click **TIME & DATE**. On the **TIME & DATE** page, set the system time zone, date, and time. +On the **INSTALLATION SUMMARY** page, click **TIME \& DATE**. On the **TIME \& DATE** page, set the system time zone, date, and time. When setting the time zone, you can click a specific city on the map with the mouse, or select a region from the drop-down list of **Region** or a city from the drop-down list of **City** at the top of the page, as shown in [Figure 9](#en-us_topic_0186390096_en-us_topic_0122145900_fig1260162652312). If your city is not displayed on the map or in the drop-down list, select the nearest city in the same time zone. ->![](public_sys-resources/icon-note.gif) **NOTE:** ->- Before manually setting the time zone, disable the network time synchronization function in the upper right corner. ->- If you want to use the network time, ensure that the network can connect to the remote NTP server. For details about how to set the network, see [Setting the Network and Host Name](#setting-the-network-and-host-name). +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- Before manually setting the time zone, disable the network time synchronization function in the upper right corner. +>- If you want to use the network time, ensure that the network can connect to the remote NTP server. For details about how to set the network, see [Setting the Network and Host Name](#setting-the-network-and-host-name). **Figure 9** Setting date and time -![](figures/setting-date-and-time.png "setting-date-and-time") +![](./figures/setting-date-and-time.png "setting-date-and-time") After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. ## Setting the Installation Source -On the **INSTALLATION SUMMARY** page, click **INSTALLATION SOURCE** to locate the installation source. +On the **INSTALLATION SUMMARY** page, click **INSTALLATION SOURCE** to locate the installation source. + +* When you use the complete CD-ROM for installation, the installation program automatically detects and displays the installation source information. You can use the default settings, as shown in [Figure 10](#en-us_topic_0186390100_en-us_topic_0144427079_fig93633295132): + + **Figure 10** Installation source + ![](./figures/Installation_source.png) -If you use a CD/DVD-ROM for installation, the installation program automatically detects and displays the installation source information. You can use the default settings. [Figure 10](#en-us_topic_0186390100_en-us_topic_0144427079_fig93633295132) shows an example. +* When the network source is used for installation, you need to set the IP address of the server, as shown in [Figure 11](#3837222): -**Figure 10** Setting the installation source -![](figures/setting-the-installation-source.png "setting-the-installation-source") + If the HTTPS server uses a private certificate, press **e** on the installation wizard page to go to the parameter editing page of the selected option and add the **inst.noverifyssl** parameter. -When you use the network for installation, if the HTTPS server uses a private certificate, press **e** on the installation wizard page to go to the parameter editing page and add the **inst.noverifyssl** parameter, as shown in [Figure 11](#fig113517811415). + **Figure 11** Installation source + ![](./figures/installsourceen.png) -**Figure 11** Adding the **inst.noverifyssl** parameter -![](figures/adding-the-inst-noverifyssl-parameter.png "adding-the-inst-noverifyssl-parameter") +When you use the network for installation, if the HTTPS server uses a private certificate, press **e** on the installation wizard page to go to the parameter editing page and add the **inst.noverifyssl** parameter. After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. ->![](public_sys-resources/icon-note.gif) **NOTE:** ->During the installation, if you have any questions about configuring the installation source, see [An Exception Occurs During the Selection of the Installation Source](faqs.html#an-exception-occurs-during-the-selection-of-the-installation-source). +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> During the installation, if you have any questions about configuring the installation source, see [An Exception Occurs During the Selection of the Installation Source](./faqs.html#an-exception-occurs-during-the-selection-of-the-installation-source). ## Selecting Installation Software On the **INSTALLATION SUMMARY** page, click **SOFTWARE SELECTION** to specify the software package to be installed. -Based on the actual requirements, select **Minimal Install** on the left box and select an add-on in the **Add-Ons for Selected Environment** area on the right, as shown in [Figure 12](#en-us_topic_0186390261_en-us_topic_0122145865_fig03031519101414). +Based on the actual requirements, select **Minimal Install** on the left box and select an add-on in the **Add-Ons for Selected Environment** area on the right, as shown in [Figure 11](#en-us_topic_0186390261_en-us_topic_0122145865_fig03031519101414). -**Figure 12** Selecting installation software -![](figures/selecting-installation-software.png "selecting-installation-software") +**Figure 11** Selecting installation software +![](./figures/selecting-installation-software.png "selecting-installation-software") ->![](public_sys-resources/icon-note.gif) **NOTE:** ->- In **Minimal Install** mode, not all packages in the installation source will be installed. If the required package is not installed, you can mount the installation source to the local PC and configure a repo source, and use DNF to install the package. ->- If you select **Virtual Host**, the virtualization components QEMU, libvirt, and edk2 are installed by default. You can select whether to install the OVS component in the add-on area. +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +>- In **Minimal Install** mode, not all packages in the installation source will be installed. If the required package is not installed, you can mount the installation source to the local PC and configure a repo source, and use DNF to install the package. +>- If you select **Virtual Host**, the virtualization components QEMU, libvirt, and edk2 are installed by default. You can select whether to install the OVS component in the add-on area. After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. @@ -192,120 +201,121 @@ After the setting is complete, click **Done** in the upper left corner to go b On the **INSTALLATION SUMMARY** page, click **INSTALLATION DESTINATION** to select the OS installation disk and partition. -You can view available local storage devices in [Figure 13](#fig1195417125015). +You can view available local storage devices in [Figure 12](#fig1195417125015). ->![](public_sys-resources/icon-notice.gif) **NOTICE:** ->When selecting the device to be installed, you are advised not to use the NVMe SSD storage medium as the OS installation disk. +> ![](./public_sys-resources/icon-notice.gif) **NOTICE:** +When selecting the device to be installed, you are advised not to use the NVMe SSD storage medium as the OS installation disk. -**Figure 13** Setting the installation destination -![](figures/setting-the-installation-destination.png "setting-the-installation-destination") +**Figure 12** Setting the installation destination +![](./figures/setting-the-installation-destination.png "setting-the-installation-destination") ### Storage Configuration On the **INSTALLATION DESTINATION** page, configure storage for system partition. You can either manually configure partitions or select **Automatic** to automatically configure partitioning. ->![](public_sys-resources/icon-note.gif) **NOTE:** ->- During partitioning, to ensure system security and performance, you are advised to divide the device into the following partitions: **/boot**, **/var**, **/var/log**, **/var/log/audit**, **/home**, and **/tmp**. ->- If the system is configured with the swap partition, the swap partition is used when the physical memory of the system is insufficient. Although the swap partition can be used to expand the physical memory, if the swap partition is used due to insufficient memory, the system response slows and the system performance deteriorates. Therefore, you are not advised to configure the swap partition in the system with sufficient physical memory or the performance sensitive system. ->- If you need to split a logical volume group, select **Custom** to manually partition the logical volume group. On the **MANUAL PARTITIONING** page, click **Modify** in the **Volume Group** area to reconfigure the logical volume group. +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> - During partitioning, to ensure system security and performance, you are advised to divide the device into the following partitions: **/boot**, **/var**, **/var/log**, **/var/log/audit**, **/home**, and **/tmp**. +> - If the system is configured with the swap partition, the swap partition is used when the physical memory of the system is insufficient. Although the swap partition can be used to expand the physical memory, if the swap partition is used due to insufficient memory, the system response slows and the system performance deteriorates. Therefore, you are not advised to configure the swap partition in the system with sufficient physical memory or the performance sensitive system. +> - If you need to split a logical volume group, select **Custom** to manually partition the logical volume group. On the **MANUAL PARTITIONING** page, click **Modify** in the **Volume Group** area to reconfigure the logical volume group. **Automatic** -Select **Automatic** if the software is installed in a new storage device or the data in the storage device is not required. +Select **Automatic** if the software is installed in a new storage device or the data in the storage device is not required. After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. **Customize** If you need to manually partition the disk, click **Customize** and click **Done** in the upper left corner. The following page is displayed. -**Figure 14** MANUAL PARTITIONING page -![](figures/manual-partitioning-page.png "manual-partitioning-page") +On the **MANUAL PARTITIONING** page, you can partition the disk in either of the following ways. After the partitioning is completed, the window shown in [Figure 14](#fig1277151815248) is displayed. -On the **MANUAL PARTITIONING** page, you can partition the disk in either of the following ways: +- Automatic creation: Click **Click here to create them automatically**. The system automatically assigns four mount points according to the available storage space: **/boot**, **/**, **/boot/efi**, and **swap**. +- Manual creation: Click ![](./figures/en-us_image_0229291243.png) to add a mount point. It is recommended that the expected capacity of each mount point not exceed the available space. -- Automatic creation: Click **Click here to create them automatically**. The system automatically assigns four mount points according to the available storage space: **/boot**, **/**, **/boot/efi**, and **swap**. -- Manual creation: Click ![](figures/en-us_image_0229291243.png) to add a mount point. It is recommended that the expected capacity of each mount point not exceed the available space. + >![](./public_sys-resources/icon-note.gif) **NOTE:** +If the expected capacity of the mount point exceeds the available space, the system allocates the remaining available space to the mount point. - >![](public_sys-resources/icon-note.gif) **NOTE:** - >If the expected capacity of the mount point exceeds the available space, the system allocates the remaining available space to the mount point. +**Figure 13** MANUAL PARTITIONING page +![](./figures/manual-partitioning-page.png "manual-partitioning-page") - -After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. +After the setting is complete, click **Done** in the upper left corner to go back to the **SUMMARY OF CHANGES** page. +click **Accept Changes** to go back to the **INSTALLATION SUMMARY** page. ## Setting the Network and Host Name -On the **INSTALLATION SUMMARY** page, select **NETWORK & HOST NAME** to configure the system network functions. - -The installation program automatically detects a local access interface. The detected interface is listed in the left box, and the interface details are displayed in the right-hand area, as shown in [Figure 15](#en-us_topic_0186390264_en-us_topic_0122145831_fig123700157297). In the upper right corner, click the switchover button to enable or disable the network interface. You can also click **Configure** to configure the selected interface. +On the **INSTALLATION SUMMARY** page, select **NETWORK \& HOST NAME** to configure the system network functions. -In the lower left box, enter the host name. The host name can be the fully quantified domain name \(FQDN\) in the format of hostname.domainname or the brief host name in the format of hostname. +The installation program automatically detects a local access interface. The detected interface is listed in the left box, and the interface details are displayed in the right-hand area, as shown in [Figure 14](#en-us_topic_0186390264_en-us_topic_0122145831_fig123700157297). In the upper right corner, click the switchover button to enable or disable the network interface. You can also click **Configure** to configure the selected interface. -**Figure 15** Setting the network and host name -![](figures/setting-the-network-and-host-name.png "setting-the-network-and-host-name") +In the lower left box, enter the host name. The host name can be the fully quantified domain name (FQDN) in the format of hostname.domainname or the brief host name in the format of hostname. -After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. +**Figure 14** Setting the network and host name +![](./figures/setting-the-network-and-host-name.png "setting-the-network-and-host-name") -## Starting Installation +After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. -On the installation page, after all the mandatory items are configured, the safety symbols will disappear. Then, you can click **Begin Installation** to install the system. +## Setting the Root Password -**Figure 16** Starting installation -![](figures/starting-installation.png "starting-installation") +Select **Root Password** on the **INSTALLATION SUMMARY** page. The **Root Password** page is displayed, as shown in [Figure 15](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018). Enter a password based on [Password Complexity](#密码复杂度) requirements and confirm the password. -## Configurations During Installation +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +> +> - The root account is used to perform key system management tasks. You are not advised to use the root account for daily work or system access. +> +> - If you select **Lock root account** on the **Root Password** page, the root account will be disabled. -After the installation starts, the overall installation progress and the progress of writing the software package to the system are displayed. - -**Figure 17** Installation process -![](figures/installation-process.png "installation-process") - -During the process of installing software packages, you need to configure the root password and create users. +**Figure 15** Root password +![](./figures/password-of-the-root-account.png "Root password") ### Password Complexity The password of the **root** user or the password of the new user must meet the password complexity requirements. Otherwise, the password configuration or user creation will fail. The password complexity requirements are as follows: 1. A password must contain at least eight characters. + 2. A password must contain at least three of the following types: uppercase letters, lowercase letters, digits, and special characters. + 3. A password must be different from the account name. + 4. A password cannot contain words in the dictionary. - >![](public_sys-resources/icon-note.gif) **NOTE:** - > In the installed openEuler environment, you can run the `cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt` command to export the dictionary library file **dictionary.txt**, and then check whether the password is in the dictionary. + >![](./public_sys-resources/icon-note.gif) **NOTE:** +In the installed openEuler environment, you can run the `cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt` command to export the dictionary library file **dictionary.txt**, and then check whether the password is in the dictionary. -### Setting the Root User Password +After the settings are completed, click **Done** in the upper left corner to return to the **INSTALLATION SUMMARY** page. -Click **Root Password**. In the displayed dialog box, as shown in [Figure 18](#en-us_topic_0186390266_en-us_topic_0122145909_fig1323165793018), enter a password and re-enter to confirm. +## Creating a User ->![](public_sys-resources/icon-note.gif) **NOTE:** ->The root password is required to be configured at the same time of installing software packages. Otherwise, the installation will fail. A **root** account is used for performing critical system administration tasks. It is not recommended to use this account for daily work or system access. +Click **User Creation**. [Figure 16](#en-us_topic_0186390266_en-us_topic_0122145909_fig1237715313319) shows the page for creating a user. Enter a username and set a password. By clicking **Advanced**, you can also configure a home directory and a user group, as shown in [Figure 17](#en-us_topic_0186390266_en-us_topic_0122145909_fig128716531312). -**Figure 18** Password of the **root** account -![](figures/password-of-the-root-account.png "password-of-the-root-account") +**Figure 16** Creating a user +![](./figures/creating-a-user.png "creating-a-user") -After configuration, click **Done** in the left-upper corner to switch back to the installation process page. +**Figure 17** Advanced user configuration +![](./figures/advanced-user-configuration.png "advanced-user-configuration") -### Creating a User +After configuration, click **Done** in the left-upper corner to switch back to the installation process page. -Click **User Creation**. [Figure 19](#en-us_topic_0186390266_en-us_topic_0122145909_fig1237715313319) shows the page for creating a user. Enter a username and set a password. By clicking **Advanced**, you can also configure a home directory and a user group, as shown in [Figure 20](#en-us_topic_0186390266_en-us_topic_0122145909_fig128716531312). +## Starting Installation -**Figure 19** Creating a user -![](figures/creating-a-user.png "creating-a-user") +On the installation page, after all the mandatory items are configured, the safety symbols will disappear. Then, you can click **Begin Installation** to install the system. -**Figure 20** Advanced user configuration -![](figures/advanced-user-configuration.png "advanced-user-configuration") +## Installation Procedure -After configuration, click **Done** in the left-upper corner to switch back to the installation process page. +After the installation starts, the overall installation progress and the progress of writing the software package to the system are displayed. -Click **Finish**. The configuration of openEuler is complete. + >![](./public_sys-resources/icon-note.gif) **NOTE:** +If you click **Exit** or reset or power off the server during the installation, the installation is interrupted and the system is unavailable. In this case, you need to reinstall the system. -![](figures/completing-the-configuration.png) +**Figure 18** Installation process +![](./figures/installation-process.png "installation-process") ## Completing the Installation -openEuler has been installed, as shown in [Figure 21](#en-us_topic_0186390267_en-us_topic_0122145917_fig1429512116338). Click **Reboot** to restart the system. +openEuler has been installed, Click **Reboot** to restart the system. + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> - If the physical DVD-ROM is used to install the OS and the DVD-ROM drive is not automatically ejected during the restart, manually remove the DVD-ROM. Then, the openEuler CLI login page is displayed. +> - If the virtual DVD-ROM drive is used to install the OS, change the server boot option to **Hard Disk** and restart the server. Then, the openEuler CLI login page is displayed. -**Figure 21** Completing the installation -![](figures/completing-the-installation.png "completing-the-installation") -- If the physical DVD-ROM is used to install the OS and the DVD-ROM drive is not automatically ejected during the restart, manually remove the DVD-ROM. Then, the openEuler CLI login page is displayed. -- If the virtual DVD-ROM drive is used to install the OS, change the server boot option to **Hard Disk** and restart the server. Then, the openEuler CLI login page is displayed. diff --git a/content/en/docs/Installation/installation-mode.md b/docs/en/docs/Installation/installation-mode.md similarity index 86% rename from content/en/docs/Installation/installation-mode.md rename to docs/en/docs/Installation/installation-mode.md index b0920a914013fed75d526eabc37a3158bc9d5451..029cfc56b4f6f33d6ffce5e87b8f516995bfbd2a 100644 --- a/content/en/docs/Installation/installation-mode.md +++ b/docs/en/docs/Installation/installation-mode.md @@ -1,7 +1,7 @@ # Installation Mode ->![](public_sys-resources/icon-notice.gif) **NOTICE:** ->- Only TaiShan 200 and FusionServer Pro servers are supported. For details about the supported server models, see [Hardware Compatibility](installation-preparations.html#hardware-compatibility). Only a virtualization platform created by the virtualization components \(openEuler as the host OS and QEMU and KVM provided in the release package\) of openEuler and the x86 virtualization platform of Huawei public cloud are supported. +>![](./public_sys-resources/icon-notice.gif) **NOTICE:** +>- Only TaiShan 200 and FusionServer Pro servers are supported. For details about the supported server models, see [Hardware Compatibility](./installation-preparations.html#hardware-compatibility). Only a virtualization platform created by the virtualization components \(openEuler as the host OS and QEMU and KVM provided in the release package\) of openEuler and the x86 virtualization platform of Huawei public cloud are supported. >- Currently, only installation modes such as CD-ROM, USB flash drive, network, QCOW2 image, and private image are supported. In addition, only the x86 virtualization platform of Huawei public cloud supports the private image installation mode. @@ -35,7 +35,7 @@ If you have obtained a CD/DVD-ROM, install the OS using the CD/DVD-ROM. If you h Perform the following operations to start the installation: ->![](C:/Users/Administrator/Downloads/openDocs/docs/content/en/docs/Installation/public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Set the system to preferentially boot from the CD/DVD-ROM drive. Take the BIOS as an example. You need to move the **CD/DVD-ROM Drive** option under **Boot Type Order** to the top. 1. Disconnect all drives that are not required, such as USB drives. @@ -59,7 +59,7 @@ Pay attention to the capacity of the USB flash drive. The USB flash drive must h [ 170.171135] sd 5:0:0:0: [sdb] Attached SCSI removable disk ``` - >![](C:/Users/Administrator/Downloads/openDocs/docs/content/en/docs/Installation/public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Take the **sdb** USB flash drive as an example. 2. Switch to user **root**. When running the **su** command, you need to enter the password. @@ -98,10 +98,10 @@ Pay attention to the capacity of the USB flash drive. The USB flash drive must h Replace **/path/to/image.iso** with the complete path of the downloaded ISO image file, replace **device** with the device name provided by the **dmesg** command, and set a proper block size \(for example, 512 KB\) to replace **blocksize** to accelerate the write progress. - For example, if the ISO image file name is **/home/testuser/Downloads/openEuler-20.03-LTS-aarch64-dvd.iso** and the detected device name is **sdb**, run the following command: + For example, if the ISO image file name is **/home/testuser/Downloads/openEuler-20.03-LTS-SP1-aarch64-dvd.iso** and the detected device name is **sdb**, run the following command: ``` - # dd if=/home/testuser/Downloads/openEuler-20.03-LTS-aarch64-dvd.iso of=/dev/sdb bs=512k + # dd if=/home/testuser/Downloads/openEuler-20.03-LTS-SP1-aarch64-dvd.iso of=/dev/sdb bs=512k ``` 5. After the image is written, remove the USB flash drive. @@ -113,7 +113,7 @@ Pay attention to the capacity of the USB flash drive. The USB flash drive must h Perform the following operations to start the installation: ->![](C:/Users/Administrator/Downloads/openDocs/docs/content/en/docs/Installation/public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Set the system to preferentially boot from the USB flash drive. Take the BIOS as an example. You need to move the **USB** option under **Boot Type Order** to the top. 1. Disconnect all drives that are not required. @@ -131,8 +131,8 @@ If the target hardware is installed with a PXE-enabled NIC, we can configure it For installation through the network using PXE, the client uses a PXE-enabled NIC to send a broadcast request for DHCP information and IP address to the network. The DHCP server provides the client with an IP address and other network information, such as the IP address or host name of the DNS and FTP server \(which provides the files required for starting the installation program\), and the location of the files on the server. ->![](C:/Users/Administrator/Downloads/openDocs/docs/content/en/docs/Installation/public_sys-resources/icon-note.gif) **NOTE:** ->The TFTP, DHCP, and HTTP server configurations are not described here. For details, see [Full-automatic Installation Guide](using-kickstart-for-automatic-installation.html#full-automatic-installation-guide). +>![](./public_sys-resources/icon-note.gif) **NOTE:** +>The TFTP, DHCP, and HTTP server configurations are not described here. For details, see [Full-automatic Installation Guide](./using-kickstart-for-automatic-installation.html#full-automatic-installation-guide). ## Installation Through a QCOW2 Image @@ -178,7 +178,7 @@ Perform the following operations to start the installation: 5. Create a VM. 6. Start the VM. -For details, see the [*openEuler 20.03 LTS Virtualization User Guide*](../Virtualization/virtualization.html). +For details, see the [*openEuler 20.03 LTS SP1 Virtualization User Guide*](./../Virtualization/virtualization.html). ## Installation Through a Private Image diff --git a/content/en/docs/Installation/installation-preparations.md b/docs/en/docs/Installation/installation-preparations.md similarity index 89% rename from content/en/docs/Installation/installation-preparations.md rename to docs/en/docs/Installation/installation-preparations.md index d2c7c150e474250a861a0d9f47c4869ecb53600d..58025ef7d163548e439245e35ea37a60cbf4e70c 100644 --- a/content/en/docs/Installation/installation-preparations.md +++ b/docs/en/docs/Installation/installation-preparations.md @@ -28,26 +28,29 @@ Perform the following operations to obtain the openEuler release package: 1. Log in to the [openEuler Community](https://openeuler.org) website. 2. Click **Download**. 3. Click the link provided after **Download ISO**. The download list is displayed. -4. Click **openEuler-20.03-LTS**. The openEuler 20.03 LTS version download list is displayed. +4. Click **openEuler-20.03-LTS-SP1**. The openEuler 20.03 LTS SP1 version download list is displayed. 5. Click **ISO**. The ISO download list is displayed. - **aarch64**: ISO image file of the AArch64 architecture - **x86\_64**: ISO image file of the x86\_64 architecture - **source**: ISO image file of the openEuler source code -6. Select the openEuler release package and verification file to be downloaded based on the architecture of the environment to be installed. - - If the AArch64 architecture is used: - 1. Click **aarch64**. - 2. Click **openEuler-20.03-LTS-aarch64-dvd.iso** to download the openEuler release package to the local host. - 3. Click **openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. +6. Select the openEuler release package and verification file to be downloaded that adapt to the architecture of the environment to be installed. + - AArch64 architecture: + 1. Click **aarch64**. + 2. If you install the environment on the local host, download the release package **openEuler-20.03-LTS-SP1-aarch64-dvd.iso** and the verification file **openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum** to the local host. + 3. If you install the environment on the network, download the release package **openEuler-20.03-LTS-SP1-netinst-aarch64-dvd.iso** and the verification file **openEuler-20.03-LTS-SP1-netinst-aarch64-dvd.iso.sha256sum** to the local host. - - If the x86\_64 architecture is used: - 1. Click **x86\_64**. - 2. Click **openEuler-20.03-LTS-x86\_64-dvd.iso** to download the openEuler release package to the local host. - 3. Click **openEuler-20.03-LTS-x86\_64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. + - x86_64 architecture: + 1. Click **x86_64**. + 2. If you install the environment on the local host, download the release package **openEuler-20.03-LTS-SP1-x86_64-dvd.iso** and the verification file **openEuler-20.03-LTS-SP1-x86_64-dvd.iso.sha256sum** to the local host. + 3. If you install the environment on the network, download the release package **openEuler-20.03-LTS-SP1-netinst-x86_64-dvd.iso** and the verification file **openEuler-20.03-LTS-SP1-netinst-x86_64-dvd.iso.sha256sum** to the local host. + +>![](./public_sys-resources/icon-note.gif) **Note** +> When the network is available, install the environment on the network because the ISO release package is small. ## Release Package Integrity Check ->![](C:/Users/Administrator/Downloads/openDocs/docs/content/en/docs/Installation/public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >This section describes how to verify the integrity of the release package in the AArch64 architecture. The procedure for verifying the integrity of the release package in the x86\_64 architecture is the same. ### Introduction @@ -60,9 +63,9 @@ Compare the verification value recorded in the verification file with the .iso f Before verifying the integrity of the release package, you need to prepare the following files: -ISO file: **openEuler-20.03-LTS-aarch64-dvd.iso** +ISO file: **openEuler-20.03-LTS-SP1-aarch64-dvd.iso** -Verification file: **openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum** +Verification file: **openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum** ### Procedure @@ -71,13 +74,13 @@ To verify the file integrity, perform the following operations: 1. Obtain the verification value in the verification file. Run the following command: ``` - #cat openEuler-20.03-LTS-aarch64-dvd.iso.sha256sum + $ cat openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum ``` 2. Calculate the SHA256 verification value of the file. Run the following command: ``` - #sha256sum openEuler-20.03-LTS-aarch64-dvd.iso + $ sha256sum openEuler-20.03-LTS-SP1-aarch64-dvd.iso ``` After the command is run, the verification value is displayed. @@ -94,7 +97,7 @@ To install the openEuler OS on a PM, the PM must meet the following hardware com You need to take hardware compatibility into account during openEuler installation. [Table 1](#table14948632047) describes the types of supported servers. ->![](C:/Users/Administrator/Downloads/openDocs/docs/content/en/docs/Installation/public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** > >- TaiShan 200 servers are backed by Huawei Kunpeng 920 processors. >- Currently, only Huawei TaiShan and FusionServer Pro servers are supported. More servers from other vendors will be supported in the future. diff --git a/content/en/docs/Installation/public_sys-resources/icon-caution.gif b/docs/en/docs/Installation/public_sys-resources/icon-caution.gif similarity index 100% rename from content/en/docs/Installation/public_sys-resources/icon-caution.gif rename to docs/en/docs/Installation/public_sys-resources/icon-caution.gif diff --git a/content/en/docs/Installation/public_sys-resources/icon-danger.gif b/docs/en/docs/Installation/public_sys-resources/icon-danger.gif similarity index 100% rename from content/en/docs/Installation/public_sys-resources/icon-danger.gif rename to docs/en/docs/Installation/public_sys-resources/icon-danger.gif diff --git a/content/en/docs/Installation/public_sys-resources/icon-note.gif b/docs/en/docs/Installation/public_sys-resources/icon-note.gif similarity index 100% rename from content/en/docs/Installation/public_sys-resources/icon-note.gif rename to docs/en/docs/Installation/public_sys-resources/icon-note.gif diff --git a/content/en/docs/Installation/public_sys-resources/icon-notice.gif b/docs/en/docs/Installation/public_sys-resources/icon-notice.gif similarity index 100% rename from content/en/docs/Installation/public_sys-resources/icon-notice.gif rename to docs/en/docs/Installation/public_sys-resources/icon-notice.gif diff --git a/content/en/docs/Installation/public_sys-resources/icon-tip.gif b/docs/en/docs/Installation/public_sys-resources/icon-tip.gif similarity index 100% rename from content/en/docs/Installation/public_sys-resources/icon-tip.gif rename to docs/en/docs/Installation/public_sys-resources/icon-tip.gif diff --git a/content/en/docs/Installation/public_sys-resources/icon-warning.gif b/docs/en/docs/Installation/public_sys-resources/icon-warning.gif similarity index 100% rename from content/en/docs/Installation/public_sys-resources/icon-warning.gif rename to docs/en/docs/Installation/public_sys-resources/icon-warning.gif diff --git a/content/en/docs/Installation/using-kickstart-for-automatic-installation.md b/docs/en/docs/Installation/using-kickstart-for-automatic-installation.md similarity index 91% rename from content/en/docs/Installation/using-kickstart-for-automatic-installation.md rename to docs/en/docs/Installation/using-kickstart-for-automatic-installation.md index e461976b19b6b557ac6d2d3af4d082a70e1d3aff..a433eb3f02144d42da1cdd27dca6c77afdb5e9d2 100644 --- a/content/en/docs/Installation/using-kickstart-for-automatic-installation.md +++ b/docs/en/docs/Installation/using-kickstart-for-automatic-installation.md @@ -80,7 +80,7 @@ The environment requirements for semi-automatic installation of openEuler using - PM/VM \(for details about how to create VMs, see the documents from corresponding vendors\): includes the computer where kickstart is used for automatic installation and the computer where the kickstart tool is installed. - Httpd: stores the kickstart file. -- ISO: openEuler-20.03-LTS-aarch64-dvd.iso +- ISO: openEuler-20.03-LTS-SP1-aarch64-dvd.iso ### Procedure @@ -88,7 +88,7 @@ To use kickstart to perform semi-automatic installation of openEuler, perform th **Environment Preparation** ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Before the installation, ensure that the firewall of the HTTP server is disabled. Run the following command to disable the firewall: >``` >iptables -F @@ -106,7 +106,7 @@ To use kickstart to perform semi-automatic installation of openEuler, perform th ``` # mkdir /var/www/html/ks - #vim /var/www/html/ks/openEuler-ks.cfg ===>The file can be obtained by modifying the anaconda-ks.cfg file automatically generated from openEuler. + #vim /var/www/html/ks/openEuler-ks.cfg ===>The file can be obtained by modifying the anaconda-ks.cfg file automatically generated from openEuler, or can be created using the system-config-kickstart tool. ==================================== ***Modify the following information as required.*** #version=DEVEL @@ -156,7 +156,7 @@ To use kickstart to perform semi-automatic installation of openEuler, perform th ===================================== ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >The method of generating the password ciphertext is as follows: >\# python3 >Python 3.7.0 \(default, Apr 1 2019, 00:00:00\) @@ -175,18 +175,18 @@ To use kickstart to perform semi-automatic installation of openEuler, perform th **Installing the System** 1. The installation selection dialog box is displayed. - 1. On the installation wizard page in [Starting the Installation](installation-guideline.html#starting-the-installation), select **Install openEuler 20.03 LTS** and press **e**. + 1. On the installation wizard page in [Starting the Installation](./installation-guideline.html#starting-the-installation), select **Install openEuler 20.03 LTS SP1** and press **e**. 2. Add **inst.ks=http://server ip/ks/openEuler-ks.cfg** to the startup parameters. - ![](figures/semi-automatic-installation.png) + ![](./figures/startparam.png) 3. Press **Ctrl**+**x** to start the automatic installation. 2. Verify that the installation is complete. - After the installation is complete, the system automatically restarts. Then, the installation page is displayed again. Shut down the computer and change startup option to start from the hard disk preferentially. + After the installation is complete, the system automatically boots. If the first boot option of the system is set to the CD_ROM, the installation page is displayed again. Shut down the computer and change startup option to start from the hard disk preferentially. - ![](figures/completing-the-automatic-installation.png) + ![](./figures/completing-the-automatic-installation.png) ## Full-automatic Installation Guide @@ -199,7 +199,7 @@ The environment requirements for full-automatic installation of openEuler using - Httpd: stores the kickstart file. - TFTP: provides vmlinuz and initrd files. - DHCPD/PXE: provides the DHCP service. -- ISO: openEuler-20.03-LTS-aarch64-dvd.iso +- ISO: openEuler-20.03-LTS-SP1-aarch64-dvd.iso ### Procedure @@ -207,7 +207,7 @@ To use kickstart to perform full-automatic installation of openEuler, perform th **Environment Preparation** ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Before the installation, ensure that the firewall of the HTTP server is disabled. Run the following command to disable the firewall: >``` >iptables -F @@ -249,7 +249,7 @@ To use kickstart to perform full-automatic installation of openEuler, perform th 3. Run the following commands to prepare the installation source: ``` - # mount openEuler-20.03-LTS-aarch64-dvd.iso /mnt + # mount openEuler-20.03-LTS-SP1-aarch64-dvd.iso /mnt # cp -r /mnt/* /var/www/html/openEuler/ ``` @@ -271,7 +271,7 @@ To use kickstart to perform full-automatic installation of openEuler, perform th # System language lang zh_CN.UTF-8 #Use http installation source - url --url=http://192.168.122.1/openEuler/ + url --url=//192.168.122.1/openEuler/ %post #enable kdump sed -i "s/ ro / ro crashkernel=1024M,high /" /boot/efi/EFI/openEuler/grub.cfg @@ -314,8 +314,8 @@ To use kickstart to perform full-automatic installation of openEuler, perform th ### BEGIN /etc/grub.d/10_linux ### - menuentry 'Install openEuler 20.03 LTS' --class red --class gnu-linux --class gnu --class os { - set root=(tftp,192.168.122.1) + menuentry 'Install openEuler 20.03 LTS SP1' --class red --class gnu-linux --class gnu --class os { + set root=(tftp,192.168.1.1) linux /vmlinuz ro inst.geoloc=0 console=ttyAMA0 console=tty0 rd.iscsi.waitnet=0 inst.ks=http://192.168.122.1/ks/openEuler-ks.cfg initrd /initrd.img } @@ -336,7 +336,7 @@ To use kickstart to perform full-automatic installation of openEuler, perform th filename "grubaa64.efi"; # pxelinux location of the startup file; next-server 192.168.122.1; # (IMPORTANT) TFTP server IP address; subnet 192.168.122.0 netmask 255.255.255.0 { - option routers 192.168.122.1; # Gateway address + option routers 192.168.111.1; # Gateway address option subnet-mask 255.255.255.0; # Subnet mask range dynamic-bootp 192.168.122.50 192.168.122.200; # Dynamic IP address range default-lease-time 21600; @@ -351,14 +351,14 @@ To use kickstart to perform full-automatic installation of openEuler, perform th 1. On the **Start boot option** screen, press **F2** to boot from the PXE and start automatic installation. - ![](figures/en-us_image_0229291270.png) + ![](./figures/en-us_image_0229291270.png) - ![](figures/en-us_image_0229291286.png) + ![](./figures/en-us_image_0229291286.png) - ![](figures/en-us_image_0229291247.png) + ![](./figures/en-us_image_0229291247.png) 2. The automatic installation window is displayed. 3. Verify that the installation is complete. - ![](figures/completing-the-automatic-installation.png) + ![](./figures/completing-the-automatic-installation.png) diff --git a/themes/project/layouts/partials/docs/inject/head.html b/docs/en/docs/Quickstart/figures/.keep similarity index 100% rename from themes/project/layouts/partials/docs/inject/head.html rename to docs/en/docs/Quickstart/figures/.keep diff --git a/docs/en/docs/Quickstart/figures/Installation_wizard.png b/docs/en/docs/Quickstart/figures/Installation_wizard.png new file mode 100644 index 0000000000000000000000000000000000000000..8e64b70503f21ac80034e8825f9cb0cd60965d32 Binary files /dev/null and b/docs/en/docs/Quickstart/figures/Installation_wizard.png differ diff --git a/docs/en/docs/Quickstart/figures/advanced-user-configuration.png b/docs/en/docs/Quickstart/figures/advanced-user-configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27f8b5371323cf27dae8dd7e8549ff1e1f8c4b Binary files /dev/null and b/docs/en/docs/Quickstart/figures/advanced-user-configuration.png differ diff --git a/docs/en/docs/Quickstart/figures/completing-the-installation.png b/docs/en/docs/Quickstart/figures/completing-the-installation.png new file mode 100644 index 0000000000000000000000000000000000000000..4f339374e1f2ce5d912625f2fc6c59c24a4a9dcc Binary files /dev/null and b/docs/en/docs/Quickstart/figures/completing-the-installation.png differ diff --git a/docs/en/docs/Quickstart/figures/creating-a-user.png b/docs/en/docs/Quickstart/figures/creating-a-user.png new file mode 100644 index 0000000000000000000000000000000000000000..6145007e1ad60afea892bc820a29b9d8ee8c89c9 Binary files /dev/null and b/docs/en/docs/Quickstart/figures/creating-a-user.png differ diff --git a/content/en/docs/Quickstart/figures/drive-icon.png b/docs/en/docs/Quickstart/figures/drive-icon.png similarity index 100% rename from content/en/docs/Quickstart/figures/drive-icon.png rename to docs/en/docs/Quickstart/figures/drive-icon.png diff --git a/content/en/docs/Quickstart/figures/en-us_image_0229420473.png b/docs/en/docs/Quickstart/figures/en-us_image_0229420473.png similarity index 100% rename from content/en/docs/Quickstart/figures/en-us_image_0229420473.png rename to docs/en/docs/Quickstart/figures/en-us_image_0229420473.png diff --git a/content/en/docs/Quickstart/figures/image-dialog-box.png b/docs/en/docs/Quickstart/figures/image-dialog-box.png similarity index 100% rename from content/en/docs/Quickstart/figures/image-dialog-box.png rename to docs/en/docs/Quickstart/figures/image-dialog-box.png diff --git a/docs/en/docs/Quickstart/figures/installation-process.png b/docs/en/docs/Quickstart/figures/installation-process.png new file mode 100644 index 0000000000000000000000000000000000000000..f873b124308d7166b4621a8306824034fcc92609 Binary files /dev/null and b/docs/en/docs/Quickstart/figures/installation-process.png differ diff --git a/docs/en/docs/Quickstart/figures/installation-summary.png b/docs/en/docs/Quickstart/figures/installation-summary.png new file mode 100644 index 0000000000000000000000000000000000000000..185e1f2ca191f3e9c51ba8976e099fc8d0d904c7 Binary files /dev/null and b/docs/en/docs/Quickstart/figures/installation-summary.png differ diff --git a/docs/en/docs/Quickstart/figures/password-of-the-root-account.png b/docs/en/docs/Quickstart/figures/password-of-the-root-account.png new file mode 100644 index 0000000000000000000000000000000000000000..b4252296ee1cafef1a4c97d89a42d6482f09761a Binary files /dev/null and b/docs/en/docs/Quickstart/figures/password-of-the-root-account.png differ diff --git a/content/en/docs/Quickstart/figures/restart-icon.png b/docs/en/docs/Quickstart/figures/restart-icon.png similarity index 100% rename from content/en/docs/Quickstart/figures/restart-icon.png rename to docs/en/docs/Quickstart/figures/restart-icon.png diff --git a/docs/en/docs/Quickstart/figures/selecting-a-language.png b/docs/en/docs/Quickstart/figures/selecting-a-language.png new file mode 100644 index 0000000000000000000000000000000000000000..0ffe4c54db03615b541efdfd7f4b3d6ad816750b Binary files /dev/null and b/docs/en/docs/Quickstart/figures/selecting-a-language.png differ diff --git a/docs/en/docs/Quickstart/figures/selecting-installation-software.png b/docs/en/docs/Quickstart/figures/selecting-installation-software.png new file mode 100644 index 0000000000000000000000000000000000000000..5ba064e33ea4aef29122b7cc07df82d40eacda3d Binary files /dev/null and b/docs/en/docs/Quickstart/figures/selecting-installation-software.png differ diff --git a/content/en/docs/Quickstart/figures/setting-the-boot-device.png b/docs/en/docs/Quickstart/figures/setting-the-boot-device.png similarity index 100% rename from content/en/docs/Quickstart/figures/setting-the-boot-device.png rename to docs/en/docs/Quickstart/figures/setting-the-boot-device.png diff --git a/docs/en/docs/Quickstart/figures/setting-the-installation-destination.png b/docs/en/docs/Quickstart/figures/setting-the-installation-destination.png new file mode 100644 index 0000000000000000000000000000000000000000..ee858420e75084a0301fecbf6768f67246f14f14 Binary files /dev/null and b/docs/en/docs/Quickstart/figures/setting-the-installation-destination.png differ diff --git a/docs/en/docs/Quickstart/figures/starting-installation.png b/docs/en/docs/Quickstart/figures/starting-installation.png new file mode 100644 index 0000000000000000000000000000000000000000..4bd779430c0dd891099dffbd7b65298eae0dea58 Binary files /dev/null and b/docs/en/docs/Quickstart/figures/starting-installation.png differ diff --git a/content/en/docs/Quickstart/public_sys-resources/icon-caution.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-caution.gif similarity index 100% rename from content/en/docs/Quickstart/public_sys-resources/icon-caution.gif rename to docs/en/docs/Quickstart/public_sys-resources/icon-caution.gif diff --git a/content/en/docs/Quickstart/public_sys-resources/icon-danger.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-danger.gif similarity index 100% rename from content/en/docs/Quickstart/public_sys-resources/icon-danger.gif rename to docs/en/docs/Quickstart/public_sys-resources/icon-danger.gif diff --git a/content/en/docs/Quickstart/public_sys-resources/icon-note.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-note.gif similarity index 100% rename from content/en/docs/Quickstart/public_sys-resources/icon-note.gif rename to docs/en/docs/Quickstart/public_sys-resources/icon-note.gif diff --git a/content/en/docs/Quickstart/public_sys-resources/icon-notice.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-notice.gif similarity index 100% rename from content/en/docs/Quickstart/public_sys-resources/icon-notice.gif rename to docs/en/docs/Quickstart/public_sys-resources/icon-notice.gif diff --git a/content/en/docs/Quickstart/public_sys-resources/icon-tip.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-tip.gif similarity index 100% rename from content/en/docs/Quickstart/public_sys-resources/icon-tip.gif rename to docs/en/docs/Quickstart/public_sys-resources/icon-tip.gif diff --git a/content/en/docs/Quickstart/public_sys-resources/icon-warning.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-warning.gif similarity index 100% rename from content/en/docs/Quickstart/public_sys-resources/icon-warning.gif rename to docs/en/docs/Quickstart/public_sys-resources/icon-warning.gif diff --git a/docs/en/docs/Quickstart/quick-start.md b/docs/en/docs/Quickstart/quick-start.md new file mode 100644 index 0000000000000000000000000000000000000000..034c858f90464a50a1ef355a6132f74c48d1a5b9 --- /dev/null +++ b/docs/en/docs/Quickstart/quick-start.md @@ -0,0 +1,355 @@ +# Quick Start + +This document uses openEuler 20.03-LTS-SP1 installed on the TaiShan 200 server as an example to describe how to quickly install and use openEuler OS. For details about the installation requirements and methods, see [ Installation Guide](./../Installation/Installation.html). + + + +- [Quick Start](#quick-start) + - [Installation Preparations](#installation-preparations) + - [Obtaining the Installation Source](#obtaining-the-installation-source) + - [Release Package Integrity Check](#release-package-integrity-check) + - [Starting the Installation](#starting-the-installation) + - [Installation](#installation) + - [Viewing System Information](#viewing-system-information) + + +## Installation Preparations + +- Hardware Compatibility + + [Table 1](#table14948632047) describes the types of supported servers. + + **Table 1** Supported servers + + + + + + + + + + + + + + + + + +

Server Type

+

Server Name

+

Server Model

+

Rack server

+

TaiShan 200

+

2280 balanced model

+

Rack server

+

FusionServer Pro

+

FusionServer Pro 2288H V5

+
NOTE:

The server must be configured with the Avago SAS3508 RAID controller card and the LOM-X722 NIC.

+
+
+ +- Minimum Hardware Specifications + + [Table 2](#tff48b99c9bf24b84bb602c53229e2541) lists the minimum hardware specifications supported by openEuler. + + **Table 2** Minimum hardware specifications + + + + + + + + + + + + + + + + + + + + + + + + + +

Component

+

Minimum Hardware Specifications

+

Description

+

Architecture

+
  • AArch64
  • x86_64
+
  • 64-bit Arm architecture
  • 64-bit Intel x86 architecture
+

CPU

+
  • Huawei Kunpeng 920 series
  • Intel ® Xeon® processor
+

-

+

Memory

+

≥ 4 GB (8 GB or higher recommended for better user experience)

+

-

+

Hard disk

+

≥ 120 GB (for better user experience)

+

The hard disk supports IDE, SATA, SAS interfaces.

+
+ + +## Obtaining the Installation Source + +Perform the following operations to obtain the openEuler release package: + +> ![](./public_sys-resources/icon-note.gif) **NOTE:** +The release packages of the AArch64 architecture support the UEFI mode, and the release packages of the x86\_64 architecture support the UEFI and Legacy modes. + +1. Log in to the [openEuler Community](https://openeuler.org) website. + +2. Click **Download**. + +3. Click the link provided after **Download ISO**. The download list is displayed. + +4. Click **openEuler-20.03-LTS-SP1**. The openEuler 20.03-LTS-SP1 version download list is displayed. + +5. Click **ISO**. The ISO download list is displayed. + + - **aarch64**: ISO image file of the AArch64 architecture + - **x86\_64**: ISO image file of the x86\_64 architecture + - **source**: ISO image file of the openEuler source code + +6. Select the openEuler release package and verification file to be downloaded based on the architecture of the environment to be installed. + + - If the AArch64 architecture is used: + + 1. Click **aarch64**. + 2. Click **openEuler-20.03-LTS-SP1-aarch64-dvd.iso** to download the openEuler release package to the local host. + 3. Click **openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. + + - If the x86\_64 architecture is used: + + 1. Click **x86\_64**. + 2. Click **openEuler-20.03-LTS-SP1-x86\_64-dvd.iso** to download the openEuler release package to the local host. + 3. Click **openEuler-20.03-LTS-SP1-x86\_64-dvd.iso.sha256sum** to download the openEuler verification file to the local host. + +## Release Package Integrity Check + +To prevent incomplete download of the software package due to network or storage device problems during the transmission, you can perform the following steps to check the integrity of the obtained openEuler software package: + +1. Obtain the verification value in the verification file. Run the following command: + + ``` + $cat openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum + ``` + +2. Calculate the SHA256 verification value of the file. Run the following command: + + ``` + $sha256sum openEuler-20.03-LTS-SP1-aarch64-dvd.iso + ``` + + After the command is run, the verification value is displayed. + +3. Check whether the values calculated in step 1 and step 2 are consistent. + + If the verification values are consistent, the .iso file is not damaged. If they are inconsistent, you can confirm that the file is damaged and you need to obtain the file again. + +## Starting the Installation + +1. Log in to the iBMC WebUI. + + For details, see [TaiShan 200 Server User Guide (Model 2280)](https://support.huawei.com/enterprise/en/doc/EDOC1100093459). + +2. Choose **Configuration** from the main menu, and select **Boot Device** from the navigation tree. The **Boot Device** page is displayed. + + Set **Effective** and **Boot Medium** to **One-time** and **DVD-ROM**, respectively, and click **Save**, as shown in [Figure 1](#fig1011938131018). + + **Figure 1** Setting the boot device +![](./figures/setting-the-boot-device.png "setting-the-boot-device") + +3. Choose **Remote Console** from the main menu. The **Remote Console** page is displayed. + + Select an integrated remote console as required to access the remote virtual console, for example, **Java Integrated Remote Console (Shared)**. + +4. On the toolbar, click the icon shown in the following figure. + + **Figure 2** Drive icon +![](./figures/drive-icon.png "drive-icon") + + An image dialog box is displayed, as shown in the following figure. + + **Figure 3** Image dialog box +![](./figures/image-dialog-box.png "image-dialog-box") + +5. Select **Image File** and then click **Browse**. The **Open** dialog box is displayed. + +6. Select the image file and click **Open**. In the image dialog box, click **Connect**. If **Connect** changes to **Disconnect**, the virtual CD/DVD-ROM drive is connected to the server. + +7. On the toolbar, click the restart icon shown in the following figure to restart the device. + + **Figure 4** Restart icon +![](./figures/restart-icon.png "restart-icon") + +8. A boot menu is displayed after the system restarts, as shown in [Figure 5](#fig1648754873314). + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > - If you do not perform any operations within 1 minute, the system automatically selects the default option **Test this media \& install openEuler 20.09** and enters the installation page. + > - During PM installation, if you cannot use the arrow keys to select boot options and the system does not respond after you press **Enter**, click ![](./figures/en-us_image_0229420473.png) on the BMC page and configure **Key \& Mouse Reset**. + + **Figure 5** Installation Wizard + ![](./figures/Installation_wizard.png "Installation_wizard") + +9. On the installation wizard page, press **Enter** to select the default option **Test this media \& install openEuler 20.09** to enter the GUI installation page. + +## Installation + +After entering the GUI installation page, perform the following operations to install the system: + +1. Set an installation language. The default language is English. You can change the language based on the site requirements, as shown in [Figure 6](#fig874344811484). + + **Figure 6** Selecting a language + ![](./figures/selecting-a-language.png "selecting-a-language") + +2. On the **INSTALLATION SUMMARY** page, set configuration items based on the site requirements. + + - A configuration item with an alarm symbol must be configured. When the alarm symbol disappears, you can perform the next operation. + - A configuration item without an alarm symbol is configured by default. + - You can click **Begin Installation** to install the system only when all alarms are cleared. + + **Figure 7** Installation summary + ![](./figures/installation-summary.png "installation-summary") + + 1. Select **Software Selection** to set configuration items. + + Based on the site requirements, select **Minimal Install** on the left box and select an add-on in the **Add-Ons for Selected Environment** area on the right, as shown in [Figure 8](#fig1133717611109). + + **Figure 8** Selecting installation software + ![](./figures/selecting-installation-software.png "selecting-installation-software") + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > - In **Minimal Install** mode, not all packages in the installation source will be installed. If the required package is not installed, you can mount the installation source to the local PC and configure a repo source, and use DNF to install the package. + > - If you select **Virtual Host**, the virtualization components QEMU, libvirt, and edk2 are installed by default. You can select whether to install the OVS component in the add-on area. + + After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + + 2. Select **Installation Destination** to set configuration items. + + On the **INSTALLATION DESTINATION** page, select a local storage device. + + > ![](./public_sys-resources/icon-notice.gif) **NOTICE:** + > When selecting the device to be installed, you are advised not to use the NVMe SSD storage medium as the OS installation disk. + + You also need to configure the storage to partition the system. You can either manually configure partitions or select **Automatic** to automatically configure partitioning. Select **Automatic** if the software is installed in a new storage device or the data in the storage device is not required, as shown in [Figure 9](#fig153381468101). + + **Figure 9** Setting the installation destination + ![](./figures/setting-the-installation-destination.png "setting-the-installation-destination") + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > - During partitioning, to ensure system security and performance, you are advised to divide the device into the following partitions: **/boot**, **/var**, **/var/log**, **/var/log/audit**, **/home**, and **/tmp**. + > - If the system is configured with the swap partition, the swap partition is used when the physical memory of the system is insufficient. Although the swap partition can be used to expand the physical memory, if the swap partition is used due to insufficient memory, the system response slows and the system performance deteriorates. Therefore, you are not advised to configure the swap partition in the system with sufficient physical memory or the performance sensitive system. + > - If you need to split a logical volume group, select **Custom** to manually partition the logical volume group. On the **MANUAL PARTITIONING** page, click **Modify** in the **Volume Group** area to reconfigure the logical volume group. + + After the setting is complete, click **Done** in the upper left corner to go back to the **INSTALLATION SUMMARY** page. + + 3. Select **Root Password** and set the root password. + + On the **ROOT PASSWORD** page, enter a password that meets the [Password Complexity](#密码复杂度) requirements and confirm the password, as shown in [Figure 10](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018). + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > + > - The root account is used to perform key system management tasks. You are not advised to use the root account for daily work or system access. + > + > - If you select **Lock root account** on the **Root Password** page, the root account will be disabled. + + **Password Complexity** + + The password of user root or a new user must meet the password complexity requirements. Otherwise, the password setting or user creation will fail. The password must meet the following requirements: + + 1. Contain at least eight characters. + + 2. Contain at least three of the following: uppercase letters, lowercase letters, digits, and special characters. + + 3. Different from the user name. + + 4. Not allowed to contain words in the dictionary. + + > ![](./public_sys-resources/icon-note.gif) **NOTE:** + > In the openEuler environment, you can run the `cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt` command to export the dictionary library file **dictionary.txt**. You can check whether the password is in this dictionary. + + **Figure 10** Root password + ![](./figures/password-of-the-root-account.png "Root password") + + After the settings are completed, click **Done** in the upper left corner to return to the **INSTALLATION SUMMARY** page. + + 4. Select **Create a User** and set the parameters. + + Figure 11](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319) shows the page for creating a user. Enter the user name and set the password. The password complexity must be the same as that of the root password. In addition, you can set the home directory and user group by clicking **Advanced**, as shown in [Figure 12](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319). + + **Figure 11** Creating a user + ![](./figures/creating-a-user.png "creating-a-user") + + **Figure 12** Advanced user configuration + ![](./figures/advanced-user-configuration.png "Advanced user configuration") + After the settings are completed, click **Done** in the upper left corner to return to the **INSTALLATION SUMMARY** page. + + 5. Set other configuration items. You can use the default values for other configuration items. + +3. Click **Start the Installation** to install the system, as shown in [Figure 13](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319). + + **Figure 13** Starting the installation + ![](./figures/installation-process.png "installation-process") +4. After the installation is completed, restart the system. + + openEuler has been installed. Click **Reboot** to restart the system. + +## Viewing System Information + +After the system is installed and restarted, the system CLI login page is displayed. Enter the username and password set during the installation to log in to openEuler OS and view the following system information. For details about system management and configuration, see the [openEuler 20.03-LTS-SP1 Administrator Guide](./../Administration/administration.html). + +- Run the following command to view the system information: + + ``` + cat /etc/os-release + ``` + + For example, the command and output are as follows: + + ``` + $ cat /etc/os-release + NAME="openEuler" + VERSION="20.03 (LTS-SP1)" + ID="openEuler" + VERSION_ID="20.03" + PRETTY_NAME="openEuler 20.03 (LTS-SP1)" + ANSI_COLOR="0;31" + ``` + +- View system resource information. + + Run the following command to view the CPU information: + + ``` + lscpu + ``` + + Run the following command to view the memory information: + + ``` + free + ``` + + Run the following command to view the disk information: + + ``` + fdisk -l + ``` + +- Run the following command to view the IP address: + + ``` + ip addr + ``` \ No newline at end of file diff --git a/content/en/docs/Releasenotes/acknowledgement.md b/docs/en/docs/Releasenotes/acknowledgement.md similarity index 100% rename from content/en/docs/Releasenotes/acknowledgement.md rename to docs/en/docs/Releasenotes/acknowledgement.md diff --git a/content/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md b/docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md similarity index 47% rename from content/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md rename to docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md index eadc4c0a4ef5e520bd7666df52848975ff96247d..530ec2a5be74b3d660be58a108f87c213da06fdb 100644 --- a/content/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md +++ b/docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md @@ -1,4 +1,4 @@ # Common Vulnerabilities and Exposures \(CVE\) -For CVE involved in the version, see the [CVE list](https://cve.openeuler.org/#/CVE). +For CVE involved in the version, see the [CVE list](https://openeuler.org/en/security/cve/). diff --git a/content/en/docs/Releasenotes/contribution.md b/docs/en/docs/Releasenotes/contribution.md similarity index 62% rename from content/en/docs/Releasenotes/contribution.md rename to docs/en/docs/Releasenotes/contribution.md index cdac896b9a5b0634beec67586d09cdd93403958f..5ac221e1384a2093fdbb6effa314b17f5f896add 100644 --- a/content/en/docs/Releasenotes/contribution.md +++ b/docs/en/docs/Releasenotes/contribution.md @@ -1,22 +1,22 @@ # Contribution -As an openEuler user, you can contribute to the openEuler community in multiple ways. For details about how to contribute to the community, see [Contributions to the Community](https://openeuler.org/en/developer.html). Here, some methods are listed for reference. +As an openEuler user, you can contribute to the openEuler community in multiple ways. For details about how to contribute to the community, see [How to Contribute](https://openeuler.org/en/community/contribution/). Here, some methods are listed for reference. ## Special Interest Groups \(SIGs\) -openEuler brings together people of common interest to form different special interest groups \(SIGs\). For details about existing SIGs, see the [SIG list](https://openeuler.org/en/sig.html). +openEuler brings together people of common interest to form different special interest groups \(SIGs\). For details about existing SIGs, see the [SIG list](https://openeuler.org/en/sig/sig-list/). -You are welcome to join an existing SIG or create a SIG. For details about how to create a SIG, see the [SIG Management Procedure](https://gitee.com/openeuler/community/blob/master/zh/technical-committee/governance/README.md). +You are welcome to join an existing SIG or create a SIG. For details about how to create a SIG, see the [SIG Management Procedure](https://gitee.com/openeuler/community/blob/master/en/technical-committee/governance/README.md). ## Mail List and Tasks -You are welcome to actively help users solve problems raised in the [mail list](https://openeuler.org/en/community/mails.html) and issues \(including [code repository issues](https://gitee.com/organizations/openeuler/issues) and [software package repository issues](https://gitee.com/organizations/src-openeuler/issues)\). In addition, you can submit an issue. All these will help the openEuler community to develop better. +You are welcome to actively help users solve problems raised in the [mail list](https://openeuler.org/en/community/mailing-list/) and issues \(including [code repository issues](https://gitee.com/organizations/openeuler/issues) and [software package repository issues](https://gitee.com/organizations/src-openeuler/issues)\). In addition, you can submit an issue. All these will help the openEuler community to develop better. ## Documents -You can contribute to the community by submitting code. We also welcome your feedback on problems and difficulties, or suggestions on improving the usability and integrity of documents. For example, problems in obtaining software or documents and difficulties in using the system. Welcome to pay attention to and improve the documentation module of the [openEuler community](https://openeuler.org/zh/). +You can contribute to the community by submitting code. We also welcome your feedback on problems and difficulties, or suggestions on improving the usability and integrity of documents. For example, problems in obtaining software or documents and difficulties in using the system. Welcome to pay attention to and improve the documentation module of the [openEuler community](https://openeuler.org/en/). ## IRC -openEuler has also opened a channel in IRC as an additional channel to provide community support and interaction. For details, see [openEuler IRC](https://openeuler.org/zh/community/irc.html). +openEuler has also opened a channel in IRC as an additional channel to provide community support and interaction. For details, see [openEuler IRC](https://gitee.com/openeuler/community/blob/master/en/communication/IRCs.md). diff --git a/content/en/docs/Releasenotes/installing-the-os.md b/docs/en/docs/Releasenotes/installing-the-os.md similarity index 84% rename from content/en/docs/Releasenotes/installing-the-os.md rename to docs/en/docs/Releasenotes/installing-the-os.md index bf34200af0a9f62c2c345a42b8f31b24253346d0..66892adf5cdc2899133c06a0e4c9f7a3aa423706 100644 --- a/content/en/docs/Releasenotes/installing-the-os.md +++ b/docs/en/docs/Releasenotes/installing-the-os.md @@ -2,7 +2,7 @@ ## Release Package -The following table lists the [openEuler release files](http://repo.openeuler.org/openEuler-20.03-LTS/), including the ISO release package, container image, VM image, and repo source that is used online. +The following table lists the [openEuler release files](http://repo.openeuler.org/openEuler-20.03-LTS-SP1/), including the ISO release package, container image, VM image, and repo source that is used online. **Table 1** openEuler release files @@ -15,14 +15,14 @@ The following table lists the [openEuler release files](http://repo.openeuler.or - ISO + ISO ISO release package The directory differentiates the ISO release packages for the AArch64, x86, and source, respectively. The details are as follows:
    -
  • openEuler-20.03-LTS-aarch64-dvd.iso and openEuler-20.03-LTS-x86_64-dvd.iso are the openEuler basic installation software package ISO files for the AArch64 and x86 architectures, respectively. The ISO files contain basic components running on the openEuler OS and meet the basic requirements of developers.
    • -
  • openEuler-20.03-LTS-everything-aarch64-dvd.iso and openEuler-20.03-LTS-everything-x86_64-dvd.iso are the openEuler full software package ISO files for the AArch64 and x86 architectures, respectively. In addition to all software in the openEuler basic installation software package, the ISO files also contain the software packages that have been verified in the openEuler community, which meet the advanced requirements of developers.
    • -
  • openEuler-20.03-LTS-debuginfo-aarch64-dvd.iso and openEuler-20.03-LTS-debuginfo-x86_64-dvd.iso are the openEuler debugging software package ISO files for the AArch64 and x86 architectures, respectively. The ISO files contain the symbol table information required for debugging and are used for debugging software functions and performance.
    • -
  • openEuler-20.03-LTS-source-dvd.iso is the ISO file that contains all source code software packages of the openEuler community, which is used offline by developers.
    • +
  • openEuler-20.03-LTS-SP1-aarch64-dvd.iso and openEuler-20.03-LTS-SP1-x86_64-dvd.iso are the openEuler basic installation software package ISO files for the AArch64 and x86 architectures, respectively. The ISO files contain basic components running on the openEuler OS and meet the basic requirements of developers.
    • +
  • openEuler-20.03-LTS-SP1-everything-aarch64-dvd.iso and openEuler-20.03-LTS-SP1-everything-x86_64-dvd.iso are the openEuler full software package ISO files for the AArch64 and x86 architectures, respectively. In addition to all software in the openEuler basic installation software package, the ISO files also contain the software packages that have been verified in the openEuler community, which meet the advanced requirements of developers.
    • +
  • openEuler-20.03-LTS-SP1-debuginfo-aarch64-dvd.iso and openEuler-20.03-LTS-SP1-debuginfo-x86_64-dvd.iso are the openEuler debugging software package ISO files for the AArch64 and x86 architectures, respectively. The ISO files contain the symbol table information required for debugging and are used for debugging software functions and performance.
    • +
  • openEuler-20.03-LTS-SP1-source-dvd.iso is the ISO file that contains all source code software packages of the openEuler community, which is used offline by developers.
Note:

Each ISO release package has its own verification file, which is used to verify the integrity of the ISO release package.

@@ -30,7 +30,7 @@ The following table lists the [openEuler release files](http://repo.openeuler.or - docker_img + docker_img Container image The openEuler container image, which provides only the basic bash environment, is used as the basic container image. The directory differentiates the container images for the AArch64 and x86 architectures, respectively.
Note: @@ -39,7 +39,7 @@ The following table lists the [openEuler release files](http://repo.openeuler.or - virtual_machine_img + virtual_machine_img VM image

The openEuler VM image provides only the basic running environment to shorten the VM deployment time. The directory differentiates the VM images for the AArch64 and x86 architectures, respectively.

说明: @@ -53,32 +53,32 @@ The following table lists the [openEuler release files](http://repo.openeuler.or - EPOL + EPOL Repo source The repo sources of the openEuler third-party software package are mainly contributed by third parties and communities, and are maintained by the providers. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively. - OS + OS The repo source of the openEuler basic installation software package provides the offline version upgrade function. The content of the software package is the same as that of the basic installation software package ISO in the ISO release package. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively. - debuginfo + debuginfo The repo source of the openEuler debugging software package provides the online download function. The content of the software package is the same as that of the debugging software package ISO in the ISO release package. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively. - everything + everything The repo source of the openEuler full software package provides the online download and version upgrade functions. The content of the software package is the same as that of the full software package ISO in the ISO release package. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively. - extras + extras The repo source of the openEuler extended software package is used to release new software packages with added features. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively. - source + source The repo source of all source code software packages in the openEuler community, which is used online by developers. - update + update The repo source of the openEuler upgrade software package, which is used to fix bugs and common vulnerabilities and exposures (CVE) in released versions and to update and release software with enhancements. It provides online download and software upgrade functions. The directory differentiates the repo sources for the AArch64 and x86 architectures, respectively. @@ -87,7 +87,7 @@ The following table lists the [openEuler release files](http://repo.openeuler.or ## Minimal Hardware Specifications -[Table 5](#en-us_topic_0182825778_tff48b99c9bf24b84bb602c53229e2541) lists the minimum hardware specifications for installing openEuler 20.03 LTS. +[Table 5](#en-us_topic_0182825778_tff48b99c9bf24b84bb602c53229e2541) lists the minimum hardware specifications for installing openEuler 20.03 LTS SP1. **Table 5** Minimal hardware specifications @@ -149,7 +149,7 @@ The following table lists the [openEuler release files](http://repo.openeuler.or

Memory

-

32G*4 2933MHz

+

32G\*4 2933MHz

RAID controller card

diff --git a/content/en/docs/Releasenotes/introduction.md b/docs/en/docs/Releasenotes/introduction.md similarity index 100% rename from content/en/docs/Releasenotes/introduction.md rename to docs/en/docs/Releasenotes/introduction.md diff --git a/content/en/docs/Releasenotes/key-features.md b/docs/en/docs/Releasenotes/key-features.md similarity index 99% rename from content/en/docs/Releasenotes/key-features.md rename to docs/en/docs/Releasenotes/key-features.md index 9590ee5de7e7c3e07ea69341207b44d69c1db228..f85e47a3cc1ee274bb4c15256edc5e0e5e54db79 100644 --- a/content/en/docs/Releasenotes/key-features.md +++ b/docs/en/docs/Releasenotes/key-features.md @@ -27,3 +27,5 @@ - Memory virtualization optimization: The Kunpeng hardware feature is used to improve the memory loading speed during VM startup. - Storage virtualization optimization: NUMA affinity self-binding is optimized for the iSCSI module **kworker** to improve the I/O performance of IP SAN disks. + + diff --git a/content/en/docs/Releasenotes/known-issues.md b/docs/en/docs/Releasenotes/known-issues.md similarity index 72% rename from content/en/docs/Releasenotes/known-issues.md rename to docs/en/docs/Releasenotes/known-issues.md index aad4be328d247d0ea0bf51c9163aaf856318f4e1..a843c696ff1493060a9f4c32e603ab868e716281 100644 --- a/content/en/docs/Releasenotes/known-issues.md +++ b/docs/en/docs/Releasenotes/known-issues.md @@ -8,4 +8,13 @@ - CVE-2015-9541: When Qt attempts to parse the abnormal SVG files which are constructed to launch exponential XML entity extension attacks, the memory may be insufficient. For details about the discussion, click [https://codereview.qt-project.org/c/qt/qtbase/+/293909](https://codereview.qt-project.org/c/qt/qtbase/+/293909). - Before compiling some open-source packages, you need to install basic software such as GDB, GCC, and make. Otherwise, the compilation fails due to lack of dependency. - AArch64 and x86\_64 have different definitions of the character type. As a result, an error is reported during the self-check using Coreutils, Augeas, and Diffutils. You can add the **--fsigned-char** compilation option to solve the problem. - +- For 20.03 LTS SP1, if you run the **rpm -Uvh XXX** command (XXX indicates the version, for example, mysql-8.0.21-1.oe1.aarch64.rpm) to upgrade mysql-8.0.17-3.oe1 to the latest version, the functions are unavailable after the upgrade. You can use either of the following methods to upgrade the version. The following uses the upgrade from mysql-8.0.17-3.oe1 to mysql-8.0.21-1.oe1 as an example: + - Method 1: Run the following upgrade command: + ``` + # rpm -Uvh mysql-8.0.21-1.oe1.aarch64.rpm --noscripts + ``` + - Method 2: Run the following commands to uninstall the MySQL of the earlier version and then install the MySQL of the new version: + ``` + # rpm -e mysql-8.0.17-3.oe1 + # rpm -ivh mysql-8.0.21-1.oe1.aarch64.rpm + ``` \ No newline at end of file diff --git a/content/en/docs/Releasenotes/public_sys-resources/icon-caution.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-caution.gif similarity index 100% rename from content/en/docs/Releasenotes/public_sys-resources/icon-caution.gif rename to docs/en/docs/Releasenotes/public_sys-resources/icon-caution.gif diff --git a/content/en/docs/Releasenotes/public_sys-resources/icon-danger.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-danger.gif similarity index 100% rename from content/en/docs/Releasenotes/public_sys-resources/icon-danger.gif rename to docs/en/docs/Releasenotes/public_sys-resources/icon-danger.gif diff --git a/content/en/docs/Releasenotes/public_sys-resources/icon-note.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-note.gif similarity index 100% rename from content/en/docs/Releasenotes/public_sys-resources/icon-note.gif rename to docs/en/docs/Releasenotes/public_sys-resources/icon-note.gif diff --git a/content/en/docs/Releasenotes/public_sys-resources/icon-notice.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-notice.gif similarity index 100% rename from content/en/docs/Releasenotes/public_sys-resources/icon-notice.gif rename to docs/en/docs/Releasenotes/public_sys-resources/icon-notice.gif diff --git a/content/en/docs/Releasenotes/public_sys-resources/icon-tip.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-tip.gif similarity index 100% rename from content/en/docs/Releasenotes/public_sys-resources/icon-tip.gif rename to docs/en/docs/Releasenotes/public_sys-resources/icon-tip.gif diff --git a/content/en/docs/Releasenotes/public_sys-resources/icon-warning.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-warning.gif similarity index 100% rename from content/en/docs/Releasenotes/public_sys-resources/icon-warning.gif rename to docs/en/docs/Releasenotes/public_sys-resources/icon-warning.gif diff --git a/docs/en/docs/Releasenotes/release_notes.md b/docs/en/docs/Releasenotes/release_notes.md new file mode 100644 index 0000000000000000000000000000000000000000..2ec975d6796a236b0fbfed2c6fec81488b9f15fd --- /dev/null +++ b/docs/en/docs/Releasenotes/release_notes.md @@ -0,0 +1 @@ +This document is the release notes for the openEuler 20.03 LTS SP1 release version. \ No newline at end of file diff --git a/content/en/docs/Releasenotes/resolved-issues.md b/docs/en/docs/Releasenotes/resolved-issues.md similarity index 100% rename from content/en/docs/Releasenotes/resolved-issues.md rename to docs/en/docs/Releasenotes/resolved-issues.md diff --git a/content/en/docs/Releasenotes/source-code.md b/docs/en/docs/Releasenotes/source-code.md similarity index 84% rename from content/en/docs/Releasenotes/source-code.md rename to docs/en/docs/Releasenotes/source-code.md index c6a18531937da2a5a63e5ed41689230f3d068784..e8e41391360885baba774fecef9a255a2c6ff987 100644 --- a/content/en/docs/Releasenotes/source-code.md +++ b/docs/en/docs/Releasenotes/source-code.md @@ -5,5 +5,5 @@ openEuler contains two code repositories: - Code repository: [https://gitee.com/openeuler](https://gitee.com/openeuler) - Software package repository: [https://gitee.com/src-openeuler](https://gitee.com/src-openeuler) -The openEuler release packages also provide the source ISO files. For details, see [Installing the OS](installing-the-os.md). +The openEuler release packages also provide the source ISO files. For details, see [Installing the OS](./installing-the-os.md). diff --git a/content/en/docs/Releasenotes/terms-of-use.md b/docs/en/docs/Releasenotes/terms-of-use.md similarity index 100% rename from content/en/docs/Releasenotes/terms-of-use.md rename to docs/en/docs/Releasenotes/terms-of-use.md diff --git a/content/en/docs/Releasenotes/user-notice.md b/docs/en/docs/Releasenotes/user-notice.md similarity index 66% rename from content/en/docs/Releasenotes/user-notice.md rename to docs/en/docs/Releasenotes/user-notice.md index aba8b99475bb57ec2abe3ac65d7f22904cd0f9f6..e4174c4d8054c16643381163645f6283b5d68355 100644 --- a/content/en/docs/Releasenotes/user-notice.md +++ b/docs/en/docs/Releasenotes/user-notice.md @@ -1,5 +1,5 @@ # User Notice - The version number counting rule of openEuler is changed from openEuler _x.x_ to openEuler _year_._month_. For example, openEuler 20.03 indicates that the version is released in March 2020. -- The [Python core team](https://www.python.org/dev/peps/pep-0373/#update) has stopped maintaining Python 2 in January 2020. In 2020, openEuler 20.03 LTS fixes only the critical CVE of Python 2 and will reach the end of maintenance \(EOM\) on December 31, 2020. Please switch to Python 3 as soon as possible. +- The [Python core team](https://www.python.org/dev/peps/pep-0373/#update) has stopped maintaining Python 2 in January 2020. In 2020, openEuler 20.03 LTS SP1 fixes only the critical CVE of Python 2 and will reach the end of maintenance \(EOM\) on December 31, 2020. Please switch to Python 3 as soon as possible. diff --git a/docs/en/docs/SecHarden/account-passwords.md b/docs/en/docs/SecHarden/account-passwords.md new file mode 100644 index 0000000000000000000000000000000000000000..356a99935e0af3ca5eea30799d2109307ae2042d --- /dev/null +++ b/docs/en/docs/SecHarden/account-passwords.md @@ -0,0 +1,335 @@ +# Account Passwords + +- [Account Passwords](#account-passwords) + - [Shielding System Accounts](#shielding-system-accounts) + - [Restricting Permissions on the su Command](#restricting-permissions-on-the-su-command) + - [Setting Password Complexity](#setting-password-complexity) + - [Setting the Password Validity Period](#setting-the-password-validity-period) + - [Setting Password Encryption Algorithms](#setting-password-encryption-algorithms) + - [Locking an Account After Three Login Failures](#locking-an-account-after-three-login-failures) + - [Hardening the su Command](#hardening-the-su-command) + +## Shielding System Accounts + +### Description + +Accounts excluding user accounts are system accounts. System accounts cannot be used for logins or performing other operations. Therefore, system accounts must be shielded. + +### Implementation + +Modify the shell of a system account to **/sbin/nologin**. + +``` +usermod -L -s /sbin/nologin $systemaccount +``` + +>![](public_sys-resources/icon-note.gif) **NOTE:** +>_$systemaccount_ indicates the system account. + +## Restricting Permissions on the su Command + +### Description + +The **su** command is used to switch user accounts. To improve system security, only the user **root** and users in the wheel group can use the **su** command. + +### Implementation + +Modify the **/etc/pam.d/su** file as follows: + +``` +auth required pam_wheel.so use_uid +``` + +   + +**Table 1** Configuration item in pam\_wheel.so + + + + + + + + + + +

Item

+

Description

+

use_uid

+

UID of the current account.

+
+ +## Setting Password Complexity + +### Description + +You can set the password complexity requirements by modifying the corresponding configuration file. You are advised to set the password complexity based on the site requirements. + +### Implementation + +The password complexity is implemented by the **pam\_pwquality.so** and **pam\_pwhistory.so** modules in the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files. You can modify the configuration items of the two modules to change the password complexity requirements. + +### Example + +This section provides an example for configuring password complexity. + +**Password Complexity Requirements** + +1. Contains at least eight characters. +2. Contains at least three types of the following characters: + + - At least one lowercase letter + + - At least one uppercase letter + + - At least one digit + + - At least one space or one of the following special characters: \` \~ ! @ \# $ % ^ & \* \( \) - \_ = + \\ | \[ \{ \} \] ; : ' " , < . \> / ? + +3. Cannot be the same as an account or the account in reverse order. +4. Cannot be the last five passwords used. + +**Implementation** + +Add the following content to the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files: + +``` +password requisite pam_pwquality.so minlen=8 minclass=3 enforce_for_root try_first_pass local_users_only retry=3 dcredit=0 ucredit=0 lcredit=0 ocredit=0 +password required pam_pwhistory.so use_authtok remember=5 enforce_for_root +``` + +   + +**Configuration Item Description** + +For details about the configuration items of **pam\_pwquality.so** and **pam\_pwhistory.so**, see [Table 1](#table201221044172117) and [Table 2](#table1212544452120), respectively. + +**Table 1** Configuration items in pam\_pwquality.so + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

minlen=8

+

A password must contain at least eight characters.

+

minclass=3

+

A password must contain at least three of the following types: uppercase letters, lowercase letters, digits, and special characters.

+

ucredit=0

+

A password contains any number of uppercase letters.

+

lcredit=0

+

A password contains any number of lowercase letters.

+

dcredit=0

+

A password contains any number of digits.

+

ocredit=0

+

A password contains any number of special characters.

+

retry=3

+

Each time a maximum of three password changes is allowed.

+

enforce_for_root

+

This configuration is also effective for user root.

+
+ +**Table 2** Configuration items in pam\_pwhistory.so + + + + + + + + + + + + + +

Item

+

Description

+

remember=5

+

A password must be different from the last five passwords used.

+

enforce_for_root

+

This configuration is also effective for user root.

+
+ +## Setting the Password Validity Period + +### Description + +To ensure system security, you are advised to set the password validity period and notify users to change passwords before the passwords expire. + +### Implementation + +The password validity period is set by modifying the **/etc/login.defs** file. [Table 1](#en-us_topic_0152100281_t77b5d0753721450c81911c18b74e82eb) describes the hardening items. All hardening items in the table are in the **/etc/login.defs** file. You can directly modify the items in the configuration file. + +**Table 1** Configuration items in login.defs + + + + + + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

Suggestion

+

Configured as Suggested

+

PASS_MAX_DAYS

+

Maximum validity period of a password.

+

90

+

No

+

PASS_MIN_DAYS

+

Minimum interval between password changes.

+

0

+

No

+

PASS_WARN_AGE

+

Number of days before the password expires.

+

7

+

No

+
+ +>![](public_sys-resources/icon-note.gif) **NOTE:** +>The **login.defs** file is used to set restrictions on user accounts, such as setting the maximum password validity period and maximum length. The configuration in this file is invalid for the user **root**. If the **/etc/shadow** file contains the same items, the **/etc/shadow** configuration takes precedence over the **/etc/login.defs** configuration. When a user attempts to log in after the password expires, the user will be informed of the password expiry and is required to change the password. If the user does not change the password, the user cannot access the system. + +## Setting Password Encryption Algorithms + +### Description + +For system security, passwords cannot be stored in plaintext in the system and must be encrypted. The passwords that do not need to be restored must be encrypted using irreversible algorithms. Set the password encryption algorithm to SHA-512. This item has been set by default in openEuler. The preceding settings can effectively prevent password disclosure and ensure password security. + +### Implementation + +To set the password encryption algorithm, add the following configuration to the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files: + +``` +password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok +``` + +   + +**Table 1** Configuration items in pam\_unix.so + + + + + + + + + + +

Item

+

Description

+

sha512

+

The SHA-512 algorithm is used for password encryption.

+
+ +## Locking an Account After Three Login Failures + +### Description + +To ensure user system security, you are advised to set the maximum number of incorrect password attempts \(three attempts are recommended\) and the automatic unlocking time \(300 seconds are recommended\) for a locked account. + +If an account is locked, any input is invalid but does not cause the locking timer to recount. Records of the user's invalid inputs are cleared once unlocked. The preceding settings protect passwords from being forcibly cracked and improve system security. + +>![](public_sys-resources/icon-note.gif) **NOTE:** +>By default, the maximum number of incorrect password attempts is 3 in openEuler. After the system is locked, the automatic unlock time is 60 seconds. + +### Implementation + +The password complexity is set by modifying the **/etc/pam.d/password-auth** and **/etc/pam.d/system-auth** files. The maximum number of incorrect password attempts is set to **3**, and the unlocking time after the system is locked is set to **300** seconds. The configuration is as follows: + +``` +auth required pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=300 +auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=300 +auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=300 +``` + +**Table 1** Configuration items in pam\_faillock.so + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

authfail

+

Captures account login failure events.

+

deny=3

+

A user account will be locked after three login attempts.

+

unlock_time=300

+

A locked common user account is automatically unlocked in 300 seconds.

+

even_deny_root

+

This configuration is also effective for user root.

+
+ +## Hardening the su Command + +### Description + +To enhance system security and prevent the environment variables of the current user from being brought into other environments when you run the **su** command to switch to another user, this item has been configured by default in openEuler. The **PATH** variable is always initialized when the **su** command is used to switch users. + +### Implementation + +Modify the **/etc/login.defs** file. The configuration is as follows: + +``` +ALWAYS_SET_PATH=yes +``` diff --git a/docs/en/docs/SecHarden/appendix.md b/docs/en/docs/SecHarden/appendix.md new file mode 100644 index 0000000000000000000000000000000000000000..2c47d84fc9055ad6390ee0eb7e63cd76f9b6eff3 --- /dev/null +++ b/docs/en/docs/SecHarden/appendix.md @@ -0,0 +1,36 @@ +# Appendix + +This chapter describes the file permissions and **umask** values. + +- [Appendix](#appendix.md) + - [Permissions on Files and Directories](#permissions-on-files-and-directories) + - [umask Values](#umask-values) + + + + + +## Permissions on Files and Directories + +Permission on files and directories in Linux specifies the users who can access and perform operations on files and directories and the access and operation modes. Permissions on files and directories include read only, write only, and execute. + +The following types of users can access files and directories: + +- File creator +- Users in the same group as a file creator +- Users not in the same group as a file creator + +An example of permission on files and directories is described as follows: + +If the permission on **/usr/src** is set to **755** which is 111101101 in binary mode, permissions for each type of users are described as follows: + +- The left-most **111** indicates that the file owner can read, write, and execute the file. +- The middle **101** indicates the group users can read and execute but cannot write the file. +- The right-most **101** indicates that other users can read and execute but cannot write the file. + +## umask Values + +When a user creates a file or directory, the file or directory has a default permission. The default permission is specified by the **umask** value. + +The **umask** value is the complement of the permission value. The actual permission value is obtained by subtracting the **umask** value from the default maximum permission value. The default maximum permission of a file is readable and writable. The default maximum permission of a directory is readable, writable, and executable. The default permission of a file is 666 minus the **umask** value. The default permission of a directory is 777 minus the **umask** value. + diff --git a/docs/en/docs/SecHarden/authentication-and-authorization.md b/docs/en/docs/SecHarden/authentication-and-authorization.md new file mode 100644 index 0000000000000000000000000000000000000000..7f3a14f70f7c47a75bb5dccb43daa733ffc4705c --- /dev/null +++ b/docs/en/docs/SecHarden/authentication-and-authorization.md @@ -0,0 +1,156 @@ +# Authentication and Authorization + +- [Authentication and Authorization](#authentication-and-authorization) + - [Setting a Warning for Remote Network Access](#setting-a-warning-for-remote-network-access) + - [Forestalling Unauthorized System Restart by Holding Down Ctrl, Alt, and Delete](#forestalling-unauthorized-system-restart-by-holding-down-ctrl-alt-and-delete) + - [Setting an Automatic Exit Interval for Shell](#setting-an-automatic-exit-interval-for-shell) + - [Setting the Default umask Value for Users to 0077](#setting-the-default-umask-value-for-users-to-0077) + - [Setting the GRUB2 Encryption Password](#setting-the-grub2-encryption-password) + - [Setting the Secure Single-user Mode](#setting-the-secure-single-user-mode) + - [Disabling Interactive Startup](#disabling-interactive-startup) + + + +## Setting a Warning for Remote Network Access + +### Description + +A warning for remote network access is configured and displayed for users who attempt to remotely log in to the system. The warning indicates the penalty for authorized access and is used to threaten potential attackers. When the warning is displayed, system architecture and other system information are hidden to protect the system from being attacked. + +### Implementation + +This setting can be implemented by modifying the **/etc/issue.net** file. Replace the original content in the **/etc/issue.net** file with the following information \(which has been set by default in openEuler\): + +``` +Authorized users only. All activities may be monitored and reported. +``` + +## Forestalling Unauthorized System Restart by Holding Down Ctrl, Alt, and Delete + +### Description + +By default, you can restart the OS by holding down **Ctrl**, **Alt**, and **Delete**. Disabling this feature can prevent data loss caused by misoperations. + +### Implementation + +To disable the feature of restarting the system by holding down **Ctrl**, **Alt**, and **Delete**, perform the following steps: + +1. Run the following commands to delete the two **ctrl-alt-del.target** files: + + ``` + rm -f /etc/systemd/system/ctrl-alt-del.target + rm -f /usr/lib/systemd/system/ctrl-alt-del.target + ``` + +2. Change **\#CtrlAltDelBurstAction=reboot-force** to **CtrlAltDelBurstAction=none** in the **/etc/systemd/system.conf** file. +3. Run the following command to restart systemd for the modification to take effect: + + ``` + systemctl daemon-reexec + ``` + +## Setting an Automatic Exit Interval for Shell + +### Description + +An unattended shell is prone to listening or attacks. Therefore, a mechanism must be configured to ensure that a shell can automatically exit when it does not run for a period. + +### Implementation + +At the end of file **/etc/profile**, set the **TMOUT** field \(unit: second\) that specifies the interval for automatic exit as follows: + +``` +export TMOUT=300 +``` + +## Setting the Default umask Value for Users to 0077 + +### Description + +The **umask** value is used to set default permission on files and directories. A smaller **umask** value indicates that group users or other users have incorrect permission, which brings system security risks. Therefore, the default **umask** value must be set to **0077** for all users, that is, the default permission on user directories is **700** and the permission on user files is **600**. The **umask** value indicates the complement of a permission. For details about how to convert the **umask** value to a permission, see [umask Values](#umask-values.md). + +>![](public_sys-resources/icon-note.gif) **NOTE:** +>By default, the **umask** value of the openEuler user is set to **0077**. + +### Implementation + +1. Add **umask 0077** to the **/etc/bashrc** file and all files in the **/etc/profile.d/** directory. + + ``` + echo "umask 0077" >> $FILE + ``` + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >_$FILE_ indicates the file name, for example, echo "umask 0077" \>\> /etc/bashrc. + +2. Set the ownership and group of the **/etc/bashrc** file and all files in the **/etc/profile.d/** directory to **root**. + + ``` + chown root.root $FILE + ``` + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >_$FILE_ indicates the file name, for example, **chown root.root /etc/bashrc**. + + +## Setting the GRUB2 Encryption Password + +### Description + +GRand Unified Bootloader \(GRUB\) is an operating system boot manager used to boot different systems \(such as Windows and Linux\). GRUB2 is an upgraded version of GRUB. + +When starting the system, you can modify the startup parameters of the system on the GRUB2 screen. To ensure that the system startup parameters are not modified randomly, you need to encrypt the GRUB2 screen. The startup parameters can be modified only when the correct GRUB2 password is entered. + +>![](public_sys-resources/icon-note.gif) **NOTE:** +>The default password of GRUB2 is **openEuler\#12**. You are advised to change the default password upon the first login and periodically update the password. If the password is leaked, startup item configurations may be modified, causing the system startup failure. + +### Implementation + +1. Run the **grub2-mkpasswd-pbkdf2** command to generate an encrypted password. + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >SHA-512 is used as the GRUB2 encryption algorithm. + + ``` + # grub2-mkpasswd-pbkdf2 + Enter password: + Reenter password: + PBKDF2 hash of your password is + grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 + ``` + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >Enter the same password in the **Enter password** and **Reenter password** lines. + >After **openEuler\#12** is encrypted by **grub2-mkpasswd-pbkdf2**, the output is **grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08**. The ciphertext is different each time. + +2. Open **/boot/efi/EFI/openEuler/grub.cfg** in a vi editor. Append the following fields to the beginning of **/boot/efi/EFI/openEuler/grub.cfg**. + + ``` + set superusers="root" + password_pbkdf2 root grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 + ``` + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >- The **superusers** field is used to set the account name of the super GRUB2 administrator. + >- The first parameter following the **password\_pbkdf2** field is the GRUB2 account name, and the second parameter is the encrypted password of the account. + + +## Setting the Secure Single-user Mode + +### Description + +When you log in to the system as user **root** in single-user mode, if the **root** password is not set, high security risks exist. + +### Implementation + +This setting can be implemented by modifying the **/etc/sysconfig/init** file. Set **SINGLE** to **SINGLE=/sbin/sulogin**. + +## Disabling Interactive Startup + +### Description + +With interactive guidance, console users can disable audit, firewall, or other services, which compromises system security. Users can disable interactive startup to improve security. This item is disabled by default in openEuler. + +### Implementation + +This setting can be implemented by modifying the **/etc/sysconfig/init** file. Set **PROMPT** to **no**. diff --git a/docs/en/docs/SecHarden/figures/en-us_image_0221925211.png b/docs/en/docs/SecHarden/figures/en-us_image_0221925211.png new file mode 100644 index 0000000000000000000000000000000000000000..62ef0decdf6f1e591059904001d712a54f727e68 Binary files /dev/null and b/docs/en/docs/SecHarden/figures/en-us_image_0221925211.png differ diff --git a/docs/en/docs/SecHarden/figures/en-us_image_0221925212.png b/docs/en/docs/SecHarden/figures/en-us_image_0221925212.png new file mode 100644 index 0000000000000000000000000000000000000000..ad5ed3f7beeb01e6a48707c4806606b41d687e22 Binary files /dev/null and b/docs/en/docs/SecHarden/figures/en-us_image_0221925212.png differ diff --git a/docs/en/docs/SecHarden/file-permissions.md b/docs/en/docs/SecHarden/file-permissions.md new file mode 100644 index 0000000000000000000000000000000000000000..03499949cdf440d1c7b4d3a153ebd37ff353f73e --- /dev/null +++ b/docs/en/docs/SecHarden/file-permissions.md @@ -0,0 +1,241 @@ + +## File Permissions + +- [File Permissions](#file-permissions) + - [Setting the Permissions on and Ownership of Files](#setting-the-permissions-on-and-ownership-of-files) + - [Deleting Unowned Files](#deleting-unowned-files) + - [Removing a Symbolic Link to /dev/null](#removing-a-symbolic-link-to-dev-null) + - [Setting the umask Value for a Daemon](#setting-the-umask-value-for-a-daemon) + - [Adding a Sticky Bit Attribute to Globally Writable Directories](#adding-a-sticky-bit-attribute-to-globally-writable-directories) + - [Disabling the Globally Writable Permission on Unauthorized Files](#disabling-the-globally-writable-permission-on-unauthorized-files) + - [Restricting Permissions on the at Command](#restricting-permissions-on-the-at-command) + - [Restricting Permissions on the cron Command](#restricting-permissions-on-the-cron-command) + - [Restricting Permissions on the sudo Command](#restricting-permissions-on-the-sudo-command) + + +## Setting the Permissions on and Ownership of Files + +### Description + +In Linux, all objects are processed as files. Even a directory will be processed as a large file containing many files. Therefore, the most important thing in Linux is the security of files and directories. Their security is ensured by permissions and owners. + +By default, the permissions and ownership of common directories, executable files, and configuration files in the system are set in openEuler. + +### Implementation + +The following uses the **/bin** directory as an example to describe how to change the permission and ownership of a file: + +- Modify the file permission. For example, set the permission on the **/bin** directory to **755**. + + ``` + chmod 755 /bin + ``` + +- Change the ownership of the file. For example, set the ownership and group of the **/bin** directory to **root:root**. + + ``` + chown root:root /bin + ``` + + +## Deleting Unowned Files + +### Description + +When deleting a user or group, the system administrator may forget to delete the files of the user or group. If the name of a new user or group is the same as that of the deleted user or group, the new user or group will own files on which it has no permission. You are advised to delete these files. + +### Implementation + +Delete the file whose user ID does not exist. + +1. Search for the file whose user ID does not exist. + + ``` + find / -nouser + ``` + +2. Delete the found file. In the preceding command, _filename_ indicates the name of the file whose user ID does not exist. + + ``` + rm -f filename + ``` + + +Delete the file whose group ID does not exist. + +1. Search for the file whose user ID does not exist. + + ``` + find / -nogroup + ``` + +2. Delete the found file. In the preceding command, _filename_ indicates the name of the file whose user ID does not exist. + + ``` + rm -f filename + ``` + + +## Removing a Symbolic Link to /dev/null + +### Description + +A symbolic link to **/dev/null** may be used by malicious users. This affects system security. You are advised to delete these symbolic links to improve system security. + +### Special Scenario + +After openEuler is installed, symbolic links to **/dev/null** may exist. These links may have corresponding functions. \(Some of them are preconfigured and may be depended by other components.\) Rectify the fault based on the site requirements. For details, see [Implementation](#en-us_topic_0152100319_s1b24647cdd834a8eaca3032611baf072). + +For example, openEuler supports UEFI and legacy BIOS installation modes. The GRUB packages supported in the two boot scenarios are installed by default. If you select the legacy BIOS installation mode, a symbolic link **/etc/grub2-efi.cfg** is generated. If you select the UEFI installation mode, a symbolic link **/etc/grub2.cfg** is generated. You need to process these symbolic links based on the site requirements. + +### Implementation + +1. Run the following command to search for symbolic links to **/dev/null**: + + ``` + find dirname -type l -follow 2>/dev/null + ``` + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >_dir__name_ indicates the directory to be searched. Normally, key system directories, such as **/bin**, **/boot**, **/usr**, **/lib64**, **/lib**, and **/var**, need to be searched. + +2. If these symbolic links are useless, run the following command to delete them: + + ``` + rm -f filename + ``` + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >_filename_ indicates the file name obtained in [Step 1](#en-us_topic_0152100319_l4dc74664c4fb400aaf91fb314c4f9da6). + + +## Setting the umask Value for a Daemon + +### Description + +The **umask** value is used to set default permission on files and directories. If the **umask** value is not specified, the file has the globally writable permission. This brings risks. A daemon provides a service for the system to receive user requests or network customer requests. To improve the security of files and directories created by the daemon, you are advised to set **umask** to **0027**. The **umask** value indicates the complement of a permission. For details about how to convert the **umask** value to a permission, see [umask Values](#umask-values.md). + +>![](public_sys-resources/icon-note.gif) **NOTE:** +>By default, the **umask** value of the daemon is set to **0022** in openEuler. + +### Implementation + +In configuration file **/etc/sysconfig/init**, add **umask 0027** as a new row. + +## Adding a Sticky Bit Attribute to Globally Writable Directories + +### Description + +Any user can delete or modify a file or directory in a globally writable directory, which leads to unauthorized file or directory deletion. Therefore, the sticky bit attribute is required for globally writable directories. + +### Implementation + +1. Search for globally writable directories. + + ``` + find / -type d -perm -0002 ! -perm -1000 -ls | grep -v proc + ``` + +2. Add the sticky bit attribute to globally writable directories. _dirname_ indicates the name of the directory that is found. + + ``` + chmod +t dirname + ``` + + +## Disabling the Globally Writable Permission on Unauthorized Files + +### Description + +Any user can modify globally writable files, which affects system integrity. + +### Implementation + +1. Search for all globally writable files. + + ``` + find / -type d \( -perm -o+w \) | grep -v procfind / -type f \( -perm -o+w \) | grep -v proc + ``` + +2. View the settings of files \(excluding files and directories with sticky bits\) listed in step 1, and delete the files or disable the globally writable permission on them. Run the following command to remove the permission. In the command, _filename_ indicates the file name. + +    + + ``` + chmod o-w filename + ``` + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >You can run the following command to check whether the sticky bit is set for the file or directory. If the command output contains the **T** flag, the file or directory is with a sticky bit. In the command, _filename_ indicates the name of the file or directory to be queried. + >``` + >ls -l filename + >``` + + +## Restricting Permissions on the at Command + +### Description + +The **at** command is used to create a scheduled task. Users who can run the **at** command must be specified to protect the system from being attacked. + +### Implementation + +1. Delete the **/etc/at.deny** file. + + ``` + rm -f /etc/at.deny + ``` + +2. Run the following command to change the ownership of file **/etc/at.allow** file to **root:root**. + + ``` + chown root:root /etc/at.allow + ``` + +3. Set that only user **root** can operate file **/etc/at.allow**. + + ``` + chmod og-rwx /etc/at.allow + ``` + + +## Restricting Permissions on the cron Command + +### Description + +The **cron** command is used to create a routine task. Users who can run the **cron** command must be specified to protect the system from being attacked. + +### Implementation + +1. Delete the **/etc/cron.deny** file. + + ``` + rm -f /etc/at.deny + ``` + +2. Run the following command to change the ownership of the **/etc/cron.allow** file to **root:root**: + + ``` + chown root:root /etc/cron.allow + ``` + +3. Set that only user **root** can operate file **/etc/cron.allow**. + + ``` + chmod og-rwx /etc/cron.allow + ``` + + +## Restricting Permissions on the sudo Command + +### Description + +A common user can use the **sudo** command to run commands as the user **root**. To harden system security, it is necessary to restrict permissions on the **sudo** command. Only user **root** can use the **sudo** command. + +### Implementation + +Modify the **/etc/sudoers** file to restrict permissions on the **sudo** command. Comment out the following configuration line: + +``` +#%wheel ALL=(ALL) ALL +``` diff --git a/docs/en/docs/SecHarden/kernel-parameters.md b/docs/en/docs/SecHarden/kernel-parameters.md new file mode 100644 index 0000000000000000000000000000000000000000..5e786d3c550f673ba04826c08a7fe62e43f02951 --- /dev/null +++ b/docs/en/docs/SecHarden/kernel-parameters.md @@ -0,0 +1,229 @@ +# Kernel Parameters + +- [Kernel Parameters](#kernel-parameters) + - [Hardening the Security of Kernel Parameters](#hardening-the-security-of-kernel-parameters) + + +## Hardening the Security of Kernel Parameters + +### Description + +Kernel parameters specify the status of network configurations and application privileges. The kernel provides system control which can be fine-tuned or configured by users. This function can improve the security of the OS by controlling configurable kernel parameters. For example, you can fine-tune or configure network options to improve system security. + +### Implementation + +1. Write the hardening items in [Table 1](#en-us_topic_0152100187_t69b5423c26644b26abe94d88d38878eb) to the **/etc/sysctl.conf** file. + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >Record security hardening items as follows: + >``` + >net.ipv4.icmp_echo_ignore_broadcasts = 1 + >net.ipv4.conf.all.rp_filter = 1 + >net.ipv4.conf.default.rp_filter = 1 + >``` + + **Table 1** Policies for hardening the security of kernel parameters + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

Suggestion

+

Configured as Suggested

+

net.ipv4.icmp_echo_ignore_broadcasts

+

Specifies whether ICMP broadcast packets are accepted. They are not accepted according to the hardening policy.

+

1

+

Yes

+

net.ipv4.conf.all.rp_filter

+

Specifies whether the actual source IP address used by a data packet is related to a routing table and whether the data packet receives responses through interfaces. The item is enabled according to the hardening policy.

+

1

+

Yes

+

net.ipv4.conf.default.rp_filter

+

1

+

Yes

+

net.ipv4.ip_forward

+

The IP forwarding function prevents unauthorized IP address packets from being transferred to a network. The item is disabled according to the hardening policy.

+

0

+

Yes

+

net.ipv4.conf.all.accept_source_route

+

accept_source_route indicates that a packet sender can specify a path for sending the packet and a path for receiving a response. The item is disabled according to the hardening policy.

+

0

+

Yes

+

net.ipv4.conf.default.accept_source_route

+

0

+

Yes

+

net.ipv4.conf.all.accept_redirects

+

Specifies whether a redirected ICMP packet is sent. The packet is not sent according to the hardening policy.

+

0

+

Yes

+

net.ipv4.conf.default.accept_redirects

+

0

+

Yes

+

net.ipv6.conf.all.accept_redirects

+

0

+

Yes

+

net.ipv6.conf.default.accept_redirects

+

0

+

Yes

+

net.ipv4.conf.all.send_redirects

+

Specifies whether a redirected ICMP packet is sent to another server. This item is enabled only when the host functions as a route. The item is disabled according to the hardening policy.

+

0

+

Yes

+

net.ipv4.conf.default.send_redirects

+

0

+

Yes

+

net.ipv4.icmp_ignore_bogus_error_responses

+

Fake ICMP packets are not recorded to logs, which saves disk space. The item is enabled according to the hardening policy.

+

1

+

Yes

+

net.ipv4.tcp_syncookies

+

SYN attack is a DoS attack that forces system restart by occupying system resources. TCP-SYN cookie protection is enabled according to the hardening policy.

+

1

+

Yes

+

kernel.dmesg_restrict

+

Hardens dmesg messages. Only the administrator is allowed to view the messages.

+

1

+

Yes

+

kernel.sched_autogroup_enabled

+

Determines whether the kernel automatically groups and schedules threads. After this item is enabled, scheduling groups compete for time slices, and threads in a scheduling group compete for the time slices allocated to the scheduling group. The item is disabled according to the hardening policy.

+

0

+

No

+

kernel.sysrq

+

Disables the magic key.

+
NOTE:

You are advised to disable the magic key so that commands cannot be directly passed to the kernel.

+
+

0

+

Yes

+

net.ipv4.conf.all.secure_redirects

+

Specifies whether redirected ICMP messages sent from any servers or from gateways listed in the default gateway list are accepted. Redirected ICMP messages are received from any servers according to the hardening policy.

+

0

+

Yes

+

net.ipv4.conf.default.secure_redirects

+

0

+

Yes

+
+ +2. Run the following command to load the kernel parameters set in the **sysctl.conf** file: + + ``` + sysctl -p /etc/sysctl.conf + ``` + + +### Other Security Suggestions + +- **net.ipv4.icmp\_echo\_ignore\_all**: ignores ICMP requests. + + For security purposes, you are advised to enable this item. The default value is **0**. Set the value to **1** to enable this item. + + After this item is enabled, all incoming ICMP Echo request packets will be ignored, which will cause failure to ping the target host. Determine whether to enable this item based on your actual networking condition. + +- **net.ipv4.conf.all.log\_martians/net.ipv4.conf.default.log\_martians**: logs spoofed, source routed, and redirect packets. + + For security purposes, you are advised to enable this item. The default value is **0**. Set the value to **1** to enable this item. + + After this item is enabled, data from forbidden IP addresses will be logged. Too many new logs will overwrite old logs because the total number of logs allowed is fixed. Determine whether to enable this item based on your actual usage scenario. + +- **net.ipv4.tcp\_timestamps**: disables tcp\_timestamps. + + For security purposes, you are advised to disable tcp\_timestamps. The default value is **1**. Set the value to **0** to disable tcp\_timestamps. + + After this item is disabled, TCP retransmission timeout will be affected. Determine whether to disable this item based on the actual usage scenario. + +- **net.ipv4.tcp\_max\_syn\_backlog**: determines the number of queues that is in SYN\_RECV state. + + This parameter determines the number of queues that is in SYN\_RECV state. When this number is exceeded, new TCP connection requests will not be accepted. This to some extent prevents system resource exhaustion. Configure this parameter based on your actual usage scenario. diff --git a/docs/en/docs/SecHarden/os-hardening-overview.md b/docs/en/docs/SecHarden/os-hardening-overview.md new file mode 100644 index 0000000000000000000000000000000000000000..44fd1bdd4083b58b5cf375cc9437cdf5874b5bf7 --- /dev/null +++ b/docs/en/docs/SecHarden/os-hardening-overview.md @@ -0,0 +1,121 @@ +# OS Hardening Overview +- [OS Hardening Overview](#os-hardening-overview) + - [Security Hardening Purpose](#security-hardening-purpose) + - [Security Hardening Solution](#security-hardening-solution) + - [Security Hardening Impacts](#security-hardening-impacts) + +This chapter describes the purpose and solution of openEuler system hardening. + + + +## security-hardening-purpose + +The OS, as the core of the information system, manages hardware and software resources and is the basis of information system security. Applications must depend on the OS to ensure the integrity, confidentiality, availability, and controllability of information. Without the OS security protection, protective methods against hackers and virus attacks at other layers cannot meet the security requirements. + +Therefore, security hardening is essential for an OS. Security hardening helps build a dynamic and complete security system, enhance product security, and improve product competitiveness. + +## security-hardening-solution + +This section describes the openEuler security hardening solution, including the hardening method and items. + +### Security Hardening Method + +You can manually modify security hardening configurations or run commands to harden the system, or use the security hardening tool to modify security hardening items in batches. The openEuler security hardening tool runs as openEuler-security.service. When the system is started for the first time, the system automatically runs the service to execute the default hardening policy, and automatically set the service not to start as the system starts. + +You can modify the **security.conf** file and use the security hardening tool to implement user-defined security hardening. + + +## security hardening impacts + +Security hardening on file permissions and account passwords may change user habits, affecting system usability. For details about common hardening items that affect system usability, see [Table 1](#en-us_topic_0152100325_ta4a48f54ff2849ada7845e2380209917). + +**Table 1** Security hardening impacts + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Item

+

Suggestion

+

Impact

+

Configured By Default

+

Timeout setting on the text-based user interface (TUI)

+

When the TUI is idle for a long period of time, it automatically exits.

+
NOTE:

When a user logs in to the system using SSH, the timeout period is determined by the smaller value of the TMOUT field in the /etc/profile file and the ClientAliveInterval field in the /etc/ssh/sshd_config file. You are advised to set this parameter to 300 seconds.

+
+

If you do not perform any operation on the TUI for a long time, TUI automatically exits.

+

No

+

Password complexity

+

The password is a string containing at least eight characters chosen from three or four of the following types: uppercase letters, lowercase letters, digits, and special characters.

+

All passwords must comply with the complexity requirements.

+

No

+

Password retry limits

+

If a user fails to enter the correct password for three consecutive times when logging in to the OS, the user account will be locked for 60 seconds.

+

After the account is locked, the user can log in to the system only after 60 seconds.

+

Yes

+

Default umask value

+

The default umask value of all users is set to 077 so that the default permission on files created by users is 600 and the default permission on directories is 700.

+

Users must modify the permission on specified files or directories as required.

+

Yes

+

Password validity period

+

The password validity period can be modified in the /etc/login.defs file and is set to 90 days by default. It can be modified in any time. An expiration notification will be displayed seven days before a password is to expire.

+

When a user attempts to log in after the password expires, the user will be informed of the password expiry and is required to change the password. If the user does not change the password, the user cannot access the system.

+

No

+

su permission control

+

The su command is used to switch user accounts. To improve system security, only the user root and users in the wheel group can use the su command.

+

Common users can successfully run the su command only after joining in the wheel group.

+

Yes

+

Disabling user root from logging in using SSH

+

Set the value of the PermitRootLogin field in the /etc/ssh/sshd_config file to no. In this way, user root cannot directly log in to the system using SSH.

+

You need to log in to the system as a common user in SSH mode and then switch to user root.

+

No

+

Strong SSH encryption algorithm

+

The MACs and Ciphers configurations of SSH services support the CTR and SHA2 algorithms and do not support the CBC, MD5, and SHA1 algorithms.

+

Some early Xshell and PuTTY versions do not support aes128-ctr, aes192-ctr, aes256-ctr, hmac-sha2-256, and hmac-sha2-512 algorithms. Ensure that the latest PuTTY (0.63 or later) and Xshell (5.0 or later) are used.

+

Yes

+
+ diff --git a/content/en/docs/Virtualization/public_sys-resources/icon-caution.gif b/docs/en/docs/SecHarden/public_sys-resources/icon-caution.gif similarity index 100% rename from content/en/docs/Virtualization/public_sys-resources/icon-caution.gif rename to docs/en/docs/SecHarden/public_sys-resources/icon-caution.gif diff --git a/content/en/docs/Virtualization/public_sys-resources/icon-danger.gif b/docs/en/docs/SecHarden/public_sys-resources/icon-danger.gif similarity index 100% rename from content/en/docs/Virtualization/public_sys-resources/icon-danger.gif rename to docs/en/docs/SecHarden/public_sys-resources/icon-danger.gif diff --git a/content/en/docs/Virtualization/public_sys-resources/icon-note.gif b/docs/en/docs/SecHarden/public_sys-resources/icon-note.gif similarity index 100% rename from content/en/docs/Virtualization/public_sys-resources/icon-note.gif rename to docs/en/docs/SecHarden/public_sys-resources/icon-note.gif diff --git a/content/en/docs/Virtualization/public_sys-resources/icon-notice.gif b/docs/en/docs/SecHarden/public_sys-resources/icon-notice.gif similarity index 100% rename from content/en/docs/Virtualization/public_sys-resources/icon-notice.gif rename to docs/en/docs/SecHarden/public_sys-resources/icon-notice.gif diff --git a/content/en/docs/Virtualization/public_sys-resources/icon-tip.gif b/docs/en/docs/SecHarden/public_sys-resources/icon-tip.gif similarity index 100% rename from content/en/docs/Virtualization/public_sys-resources/icon-tip.gif rename to docs/en/docs/SecHarden/public_sys-resources/icon-tip.gif diff --git a/content/en/docs/Virtualization/public_sys-resources/icon-warning.gif b/docs/en/docs/SecHarden/public_sys-resources/icon-warning.gif similarity index 100% rename from content/en/docs/Virtualization/public_sys-resources/icon-warning.gif rename to docs/en/docs/SecHarden/public_sys-resources/icon-warning.gif diff --git a/docs/en/docs/SecHarden/secHarden.md b/docs/en/docs/SecHarden/secHarden.md new file mode 100644 index 0000000000000000000000000000000000000000..6539f6bd1eb52da6f2076345facd9c4759538a79 --- /dev/null +++ b/docs/en/docs/SecHarden/secHarden.md @@ -0,0 +1,5 @@ +# Security Hardening Guide + +This document describes how to perform security hardening for openEuler. + +This document is intended for administrators who need to perform security hardening for openEuler. You must be familiar with the OS security architecture and technologies. diff --git a/docs/en/docs/SecHarden/security-hardening-guide.md b/docs/en/docs/SecHarden/security-hardening-guide.md new file mode 100644 index 0000000000000000000000000000000000000000..38b3bec79c4e11aaebbd80e5b19204ebfb9edc7a --- /dev/null +++ b/docs/en/docs/SecHarden/security-hardening-guide.md @@ -0,0 +1,4 @@ +# Security Hardening Guide + +You can modify the hardening policy configuration file or script to harden the system. This chapter describes the hardening items, whether the items are hardened by default, and how to perform security hardening. + diff --git a/docs/en/docs/SecHarden/security-hardening-tools.md b/docs/en/docs/SecHarden/security-hardening-tools.md new file mode 100644 index 0000000000000000000000000000000000000000..0cfbfd942d51f13e70f0155d1fa57ff9a2816e77 --- /dev/null +++ b/docs/en/docs/SecHarden/security-hardening-tools.md @@ -0,0 +1,137 @@ +# Security Hardening Tools + +- [Security Hardening Tools](#security-hardening-tools) + - [Security Hardening Procedure](#security-hardening-procedure) + - [Hardening Items Taking Effect](#hardening-items-taking-effect) + + + + + +## Security Hardening Procedure + +### Overview + +You need to modify the **usr-security.conf** file so that the security hardening tool can set hardening policies based on the **usr-security.conf** file. This section describes rules for modifying the **usr-security.conf** file. For details about the configurable security hardening items, see [Security Hardening Guide](#security-hardening-guide.md). + +### Precautions + +- After modifying the items, restart the security hardening service for the modification to take effect. For details about how to restart the service, see [Hardening Items Taking Effect](#hardening-items-taking-effect.md). +- When modifying security hardening items, you only need to modify the **/etc/openEuler\_security/usr-security.conf** file. You are not advised to modify the **/etc/openEuler\_security/security.conf** file. The **security.conf** file contains basic hardening items which are executed only once. +- After the security hardening service is restarted for the configuration to take effect, the previous configuration cannot be deleted by deleting the corresponding hardening items from the **usr-security.conf** file and restarting the security hardening service. +- Security hardening operations are recorded in the **/var/log/openEuler-security.log** file. + +### Configuration Format + +Each line in the **usr-security.conf** file indicates a configuration item. The configuration format varies according to the configuration content. The following describes the format of each configuration item. + +>![](public_sys-resources/icon-note.gif) **NOTE:** +>- All configuration items start with an execution ID. The execution ID is a positive integer and can be customized. +>- Contents of a configuration item are separated by an at sign \(@\). +>- If the actual configuration content contains an at sign \(@\), use two at signs \(@@\) to distinguish the content from the separator. For example, if the actual content is **xxx@yyy**, set this item to **xxx@@yyy**. Currently, an at sign \(@\) cannot be placed at the beginning or end of the configuration content. + +   + +- **d**: comment + + Format: _Execution ID_**@d@**_Object file_**@**_Match item_ + + Function: Comment out lines starting with the match item \(the line can start with a space\) in an object file by adding a number sign \(\#\) at the beginning of the line. + + Example: If the execution ID is **401**, comment out lines starting with **%wheel** in the **/etc/sudoers** file. + + ``` + 401@d@/etc/sudoers@%wheel + ``` + + +- **m**: replacement + + Format: _Execution ID_**@m@**_Object file_**@**_Match item_**@**_Target value_ + + Function: Replace lines starting with the match item \(the line can start with a space\) in an object file with _match item_ and _target value_. If the match line starts with spaces, the spaces will be deleted after the replacement. + + Example: If the execution ID is **101**, replace lines starting with **Protocol** in the **/etc/ssh/sshd\_config** file with **Protocol 2**. The spaces after **Protocol** are matched and replaced. + + ``` + 101@m@/etc/ssh/sshd_config@Protocol @2 + ``` + +- **sm**: accurate modification + + Format: _Execution ID_**@sm@**_Object file_**@**_Match item_**@**_Target value_ + + Function: Replace lines starting with the match item \(the line can start with a space\) in an object file with _match item_ and _target value_. If the match line starts with spaces, the spaces are retained after the replacement. This is the difference between **sm** and **m**. + + Example: If the execution ID is **201**, replace lines starting with **size** in the **/etc/audit/hzqtest** file with **size 2048**. + + ``` + 201@sm@/etc/audit/hzqtest@size@ 2048 + ``` + + +- **M**: subitem modification + + Format: _Execution ID_**@M@**_Object file_**@**_Match item_**@**_Match subitem__\[@Value of the match subitem\]_ + + Function: Match lines starting with the match item \(the line can start with a space\) in an object file and replace the content starting with the match subitem in these lines with the _match subitem_ and _value of the match subitem_. The value of the match subitem is optional. + + Example: If the execution ID is **101**, find lines starting with **key** in the file and replace the content starting with **key2** in these lines with **key2value2**. + + ``` + 101@M@file@key@key2@value2 + ``` + +- **systemctl**: service management + + Format: _Execution ID_**@systemctl@**_Object service_**@**_Operation_ + + Function: Use **systemctl** to manage object services. The value of **Operation** can be **start**, **stop**, **restart**, or **disable**. + + Example: If the execution ID is **218**, stop the **cups.service**. This provides the same function as running the **systemctl stop cups.service** command. + + ``` + 218@systemctl@cups.service@stop + ``` + +    + +- Other commands + + Format: _Execution ID_**@**_Command_**@**_Object file_ + + Function: Run the corresponding command, that is, run the command line _Command_ _Object file_. + + Example 1: If the execution ID is **402**, run the **rm -f** command to delete the **/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem** file. + + ``` + 402@rm -f @/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem + ``` + + Example 2: If the execution ID is **215**, run the **touch** command to create the **/etc/cron.allow** file. + + ``` + 215@touch @/etc/cron.allow + ``` + + Example 3: If the execution ID is **214**, run the **chown** command to change the owner of the **/etc/at.allow** file to **root:root**. + + ``` + 214@chown root:root @/etc/at.allow + ``` + + Example 4: If the execution ID is **214**, run the **chmod** command to remove the **rwx** permission of the group to which the owner of the** /etc/at.allow** file belongs and other non-owner users. + + ``` + 214@chmod og-rwx @/etc/at.allow + ``` + + +## Hardening Items Taking Effect + +After modifying the **usr-security.conf** file, run the following command for the new configuration items to take effect: + +``` +systemctl restart openEuler-security.service +``` + diff --git a/docs/en/docs/SecHarden/selinux-configuration.md b/docs/en/docs/SecHarden/selinux-configuration.md new file mode 100644 index 0000000000000000000000000000000000000000..10f42960f9d9758c47c4915c01aed2c517eae24d --- /dev/null +++ b/docs/en/docs/SecHarden/selinux-configuration.md @@ -0,0 +1,67 @@ +# SELinux Configuration + +## Overview + +Discretionary access control \(DAC\) determines whether a resource can be accessed based on users, groups, and other permissions. It does not allow the system administrator to create comprehensive and fine-grained security policies. SELinux \(Security-Enhanced Linux\) is a module of the Linux kernel and a security subsystem of Linux. SELinux implements mandatory access control \(MAC\). Each process and system resource has a special security label. In addition to the principles specified by the DAC, the SELinux needs to determine whether each type of process has the permission to access a type of resource. + +By default, openEuler uses SELinux to improve system security. SELinux has three modes: + +- **permissive**: The SELinux outputs alarms but does not forcibly execute the security policy. +- **enforcing**: The SELinux security policy is forcibly executed. +- **disabled**: The SELinux security policy is not loaded. + +## Configuration Description + +SELinux is enabled for openEuler by default and the default mode is enforcing. You can change the SELinux mode by changing the value of **SELINUX** in **/etc/selinux/config**. + +- To disable the SELinux policy, run the following command: + + ``` + SELINUX=disabled + ``` + +- To use the permissive policy, run the following command: + + ``` + SELINUX=permissive + ``` + + +>![](public_sys-resources/icon-note.gif) **NOTE:** +>When you switch between the disabled mode and the other mode, you need to restart the system for the switch to take effect. +>``` +># reboot +>``` + +## SELinux Commands + +- Query the SELinux mode. For example, the following shows that the SELinux mode is permissive. + + ``` + # getenforce + Permissive + ``` + +- Set the SELinux mode. **0** indicates the permissive mode, and **1** indicates the enforcing mode. For example, run the following command to set the SELinux mode to enforcing. This command cannot be used to set the disabled mode. After the system is restarted, the mode set in **/etc/selinux/config** is restored. + + ``` + # setenforce 1 + ``` + +- Query the SELinux status. **SELinux status** indicates the SELinux status. **enabled** indicates that SELinux is enabled, and **disabled** indicates that SELinux is disabled. **Current mode** indicates the current security policy of the SELinux. + + ``` + # sestatus + SELinux status: enabled + SELinuxfs mount: /sys/fs/selinux + SELinux root directory: /etc/selinux + Loaded policy name: targeted + Current mode: enforcing + Mode from config file: enforcing + Policy MLS status: enabled + Policy deny_unknown status: allowed + Memory protection checking: actual (secure) + Max kernel policy version: 31 + ``` + + diff --git a/docs/en/docs/SecHarden/system-services.md b/docs/en/docs/SecHarden/system-services.md new file mode 100644 index 0000000000000000000000000000000000000000..02256411c4035a57b520f06c7a61ce33cb634153 --- /dev/null +++ b/docs/en/docs/SecHarden/system-services.md @@ -0,0 +1,468 @@ +# system-services + +- [System Services](#system-services) + - [Hardening the SSH Service](#hardening-the-ssh-service) + + +## hardening-the-ssh-service + +### Description + +The Secure Shell \(SSH\) is a reliable security protocol for remote logins and other network services. SSH prevents information disclosure during remote management. SSH encrypts transferred data to prevent domain name server \(DNS\) spoofing and IP spoofing. OpenSSH was created as an open source alternative to the proprietary SSH protocol. + +Hardening the SSH service is to modify configurations of the SSH service to set the algorithm and authentication parameters when the system uses the OpenSSH protocol, improving the system security. [Table 1](#en-us_topic_0152100390_ta2fdb8e4931b4c1a8f502b3c7d887b95) describes the hardening items, recommended hardening values, and default policies. + +### Implementation + +To harden a server, perform the following steps: + +1. Open the configuration file **/etc/ssh/sshd\_config** of the SSH service on the server, and modify or add hardening items and values in the file. +2. Save the **/etc/ssh/sshd\_config** file. +3. Run the following command to restart the SSH service: + + ``` + systemctl restart sshd + ``` + + +   + +To harden a client, perform the following steps: + +1. Open the configuration file **/etc/ssh/ssh\_config** of the SSH service on the client, and modify or add hardening items and values in the file. +2. Save the **/etc/ssh/ssh\_config** file. +3. Run the following command to restart the SSH service: + + ``` + systemctl restart sshd + ``` + + +### Hardening Items + +- Server hardening policies + + All SSH service hardening items are stored in the **/etc/ssh/sshd\_config** configuration file. For details about the server hardening items, hardening suggestions, and whether the hardening items are configured as suggested, see [Table 1](#en-us_topic_0152100390_ta2fdb8e4931b4c1a8f502b3c7d887b95). + + **Table 1** SSH hardening items on a server + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

Suggestion

+

Configured as Suggested

+

Protocol

+

SSH protocol version.

+

2

+

Yes

+

SyslogFacility

+

Log type of the SSH service. The item is set to AUTH, indicating authentication logs.

+

AUTH

+

Yes

+

LogLevel

+

Level for recording SSHD logs.

+

VERBOSE

+

Yes

+

X11Forwarding

+

Specifies whether a GUI can be used after login using SSH.

+

no

+

Yes

+

MaxAuthTries

+

Maximum number of authentication attempts.

+

3

+

No

+

PubkeyAuthentication

+

Specifies whether public key authentication is allowed.

+

yes

+

Yes

+

RSAAuthentication

+

Specifies whether only RSA security authentication is allowed.

+

yes

+

Yes

+

IgnoreRhosts

+

Specifies whether the rhosts and shosts files are used for authentication. The rhosts and shosts files record the names of the servers that support remote access and related login names.

+

yes

+

Yes

+

RhostsRSAAuthentication

+

Specifies whether the RSA algorithm security authentication based on the rhosts file is used. The rhosts file records the names of the servers that support remote access and related login names.

+

no

+

Yes

+

HostbasedAuthentication

+

Specifies whether host-based authentication is used. Host-based authentication indicates that any user of a trusted client can use the SSH service.

+

no

+

Yes

+

PermitRootLogin

+

Specifies whether to allow user root to log in to the system using SSH.

+
NOTE:

If you want to log in to the system using SSH as user root, set the value of the PermitRootLogin field in the /etc/ssh/sshd_config file to yes.

+
+

no

+

No

+

PermitEmptyPasswords

+

Specifies whether accounts with empty passwords can log in.

+

no

+

Yes

+

PermitUserEnvironment

+

Specifies whether to resolve the environment variables set in ~/.ssh/environment and ~/.ssh/authorized_keys.

+

no

+

Yes

+

Ciphers

+

Encryption algorithm of SSH data transmission.

+

aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com

+

Yes

+

ClientAliveCountMax

+

Timeout count. After the server sends a request, if the number of times that the client does not respond reaches a specified value, the server automatically disconnects from the client.

+

0

+

No

+

Banner

+

File of the prompt information displayed before and after SSH login.

+

/etc/issue.net

+

Yes

+

MACs

+

Hash algorithm for SSH data verification.

+

hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com

+

Yes

+

StrictModes

+

Specifies whether to check the permission on and ownership of the home directory and rhosts file before SSH receives login requests.

+

yes

+

Yes

+

UsePAM

+

Specifies whether to use PAM for login authentication.

+

yes

+

Yes

+

AllowTcpForwarding

+

Specifies whether to allow TCP forwarding.

+

no

+

Yes

+

Subsystem sftp /usr/libexec/openssh/sftp-server

+

SFTP log record level, which records the INFO level and authentication logs.

+

-l INFO -f AUTH

+

Yes

+

AllowAgentForwarding

+

Specifies whether to allow SSH Agent forwarding.

+

no

+

Yes

+

GatewayPorts

+

Specifies whether SSH can connect to ports on the forwarding client.

+

no

+

Yes

+

PermitTunnel

+

Specifies whether Tunnel devices are allowed.

+

no

+

Yes

+

KexAlgorithms

+

SSH key exchange algorithms.

+

curve25519-sha256,curve25519-sha256@@libssh.org,diffie-hellman-group-exchange-sha256

+

Yes

+

LoginGraceTime

+

Time limit for users passing the authentication. 0 indicates no limit. The default value is 60 seconds.

+

60

+

No

+
+ + >![](public_sys-resources/icon-note.gif) **NOTE:** + >By default, the messages displayed before and after SSH login are saved in the **/etc/issue.net** file. The default information in the **/etc/issue.net** file is **Authorized users only.** **All activities may be monitored and reported.** + + +- Client hardening policies + + All SSH service hardening items are stored in the **/etc/ssh/ssh\_config** configuration file. For details about the client hardening items, hardening suggestions, and whether the hardening items are configured as suggested, see [Table 2](#en-us_topic_0152100390_tb289c5a6f1c7420ab4339187f9018ea4). + + **Table 2** SSH hardening items on a client + + + + + + + + + + + + + + + + + + + +

Item

+

Description

+

Suggestion

+

Configured as Suggested

+

KexAlgorithms

+

SSH key exchange algorithms.

+

ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256

+

No

+

VerifyHostKeyDNS

+

Specifies whether to verify HostKey files by using DNS or SSHFP.

+

ask

+

No

+
+ + >![](public_sys-resources/icon-note.gif) **NOTE:** + >Third-party clients and servers that use the Diffie-Hellman algorithm are required to allow at least 2048-bit connection. + + +### Other Security Suggestions + +- The SSH service only listens on specified IP addresses. + + For security purposes, you are advised to only listen on required IP addresses rather than listen on 0.0.0.0 when using the SSH service. You can specify the IP addresses that SSH needs to listen on in the ListenAddress configuration item in the **/etc/ssh/sshd\_config** file. + + 1. Open and modify the **/etc/ssh/sshd\_config** file. + + ``` + vi /etc/ssh/sshd_config + ``` + + The following information indicates that the bound listening IP address is **192.168.1.100**. You can change the listening IP address based on the site requirements. + + ``` + ... + ListenAddress 192.168.1.100 + ... + ``` + + 2. Restart the SSH service. + + ``` + systemctl restart sshd.service + ``` + + + +- SFTP users are restricted from access to upper-level directories. + + SFTP is a secure FTP designed to provide secure file transfer over SSH. Users can only use dedicated accounts to access SFTP for file upload and download, instead of SSH login. In addition, directories that can be accessed over SFTP are limited to prevent directory traversal attacks. The configuration process is as follows: + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >In the following configurations, **sftpgroup** is an example user group name, and **sftpuser** is an example username. + + 1. Create an SFTP user group. + + ``` + groupadd sftpgroup + ``` + + 2. Create an SFTP root directory. + + ``` + mkdir /sftp + ``` + + 3. Modify the ownership of and permission on the SFTP root directory. + + ``` + chown root:root /sftp + chmod 755 /sftp + ``` + + 4. Create an SFTP user. + + ``` + useradd -g sftpgroup -s /sbin/nologin sftpuser + ``` + + 5. Set the password of the SFTP user. + + ``` + passwd sftpuser + ``` + + 6. Create a directory used to store files uploaded by the SFTP user. + + ``` + mkdir /sftp/sftpuser + ``` + + 7. Modify the ownership of and permission on the upload directory of the SFTP user. + + ``` + chown root:root /sftp/sftpuser + chmod 777 /sftp/sftpuser + ``` + + 8. Modify the **/etc/ssh/sshd\_config** file. + + ``` + vi /etc/ssh/sshd_config + ``` + + Modify the following information: + + ``` + #Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTH + Subsystem sftp internal-sftp -l INFO -f AUTH + ... + + Match Group sftpgroup + ChrootDirectory /sftp/%u + ForceCommand internal-sftp + ``` + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >- **%u** is a wildcard character. Enter **%u** to represent the username of the current SFTP user. + >- The following content must be added to the end of the **/etc/ssh/sshd\_config** file: + > ``` + > Match Group sftpgroup + > ChrootDirectory /sftp/%u + > ForceCommand internal-sftp + > ``` + + 9. Restart the SSH service. + + ``` + systemctl restart sshd.service + ``` + + + +- Remotely execute commands using SSH. + + When a command is executed remotely through OpenSSH, TTY is disabled by default. If a password is required during command execution, the password is displayed in plain text. To ensure password input security, you are advised to add the **-t** option to the command. Example: + + ``` + ssh -t testuser@192.168.1.100 su + ``` + + >![](public_sys-resources/icon-note.gif) **NOTE:** + >**192.168.1.100** is an example IP address, and **testuser** is an example username. diff --git a/content/en/docs/Virtualization/appendix.md b/docs/en/docs/Virtualization/appendix.md similarity index 100% rename from content/en/docs/Virtualization/appendix.md rename to docs/en/docs/Virtualization/appendix.md diff --git a/content/en/docs/Virtualization/best-practices.md b/docs/en/docs/Virtualization/best-practices.md similarity index 99% rename from content/en/docs/Virtualization/best-practices.md rename to docs/en/docs/Virtualization/best-practices.md index c2b4164230dd668da1cad297852c496e09e71a50..2f7a1173fd0bb734f917ab37626d2422e7dabe88 100644 --- a/content/en/docs/Virtualization/best-practices.md +++ b/docs/en/docs/Virtualization/best-practices.md @@ -20,7 +20,7 @@ If compute resources are sufficient, the halt-polling feature can be used to enable VMs to obtain performance similar to that of physical machines. If the halt-polling feature is not enabled, the host allocates CPU resources to other processes when the vCPU exits due to idle timeout. When the halt-polling feature is enabled on the host, the vCPU of the VM performs polling when it is idle. The polling duration depends on the actual configuration. If the vCPU is woken up during the polling, the vCPU can continue to run without being scheduled from the host. This reduces the scheduling overhead and improves the VM system performance. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The halt-polling mechanism ensures that the vCPU thread of the VM responds in a timely manner. However, when the VM has no load, the host also performs polling. As a result, the host detects that the CPU usage of the vCPU is high, but the actual CPU usage of the VM is not high. #### Instructions @@ -313,7 +313,7 @@ QEMU guest agent \(qemu-ga\) is a daemon running within VMs. It allows users on In some scenarios with high security requirements, qemu-ga provides the blacklist function to prevent internal information leakage of VMs. You can use a blacklist to selectively shield some functions provided by qemu-ga. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The qemu-ga installation package is **qemu-guest-agent-**_xx_**.rpm**. It is not installed on openEuler by default. _xx_ indicates the actual version number. #### Procedure @@ -364,7 +364,7 @@ To add a qemu-ga blacklist, perform the following steps: root 727 1 0 08:17 ? 00:00:00 /usr/bin/qemu-ga --method=virtio-serial --path=/dev/virtio-ports/org.qemu.guest_agent.0 --blacklist=guest-file-open guest-file-close guest-file-read guest-file-write guest-file-seek guest-file-flush -F/etc/qemu-ga/fsfreeze-hook ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >For more information about qemu-ga, visit [https://wiki.qemu.org/Features/GuestAgent](https://wiki.qemu.org/Features/GuestAgent). diff --git a/content/en/docs/Virtualization/environment-preparation.md b/docs/en/docs/Virtualization/environment-preparation.md similarity index 99% rename from content/en/docs/Virtualization/environment-preparation.md rename to docs/en/docs/Virtualization/environment-preparation.md index 3124c15cc358b2f58047b191002a18611334056d..dd5010c7694264e7d1cd892184caca13b9e9046d 100644 --- a/content/en/docs/Virtualization/environment-preparation.md +++ b/docs/en/docs/Virtualization/environment-preparation.md @@ -114,7 +114,7 @@ To enable the VM to communicate with external networks, you need to configure th This section describes how to set up a Linux bridge and an Open vSwitch bridge to connect a VM to the network. You can select a bridge type based on the site requirements. **Figure 1** Virtual network structure -![](figures/virtual-network-structure.png "virtual-network-structure") +![](./figures/virtual-network-structure.png "virtual-network-structure") ### Setting Up a Linux Bridge diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP1.png b/docs/en/docs/Virtualization/figures/CertEnrollP1.png new file mode 100644 index 0000000000000000000000000000000000000000..536e0618a3ab5b70937292205242a08237e34712 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP1.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP2.png b/docs/en/docs/Virtualization/figures/CertEnrollP2.png new file mode 100644 index 0000000000000000000000000000000000000000..0557c8782960188dbe9d84a1d0e66c9b45d2b303 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP2.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP3.png b/docs/en/docs/Virtualization/figures/CertEnrollP3.png new file mode 100644 index 0000000000000000000000000000000000000000..326fcf1e8d5e3c795ebcde286d8e0fef14bec7d1 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP3.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP4.png b/docs/en/docs/Virtualization/figures/CertEnrollP4.png new file mode 100644 index 0000000000000000000000000000000000000000..bc77c038e1e3a5ec30d7ba4f805ca937792e9327 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP4.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP5.png b/docs/en/docs/Virtualization/figures/CertEnrollP5.png new file mode 100644 index 0000000000000000000000000000000000000000..0f22b3cbd84f7c93f74898a926bc3e32f231667f Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP5.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP6.png b/docs/en/docs/Virtualization/figures/CertEnrollP6.png new file mode 100644 index 0000000000000000000000000000000000000000..08235013ca71f1ec51e9af2f143629d1a6132fe9 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP6.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP7.png b/docs/en/docs/Virtualization/figures/CertEnrollP7.png new file mode 100644 index 0000000000000000000000000000000000000000..f934521d59dd4a75449fcb2ca8abc54045b9102b Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP7.png differ diff --git a/docs/en/docs/Virtualization/figures/CertEnrollP8.png b/docs/en/docs/Virtualization/figures/CertEnrollP8.png new file mode 100644 index 0000000000000000000000000000000000000000..9a8158e3378bf25dee05b892cc60f424542455d7 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/CertEnrollP8.png differ diff --git a/docs/en/docs/Virtualization/figures/OSBootFlow.png b/docs/en/docs/Virtualization/figures/OSBootFlow.png new file mode 100644 index 0000000000000000000000000000000000000000..f496c5675c72359e5160384c766a11399b04bfa6 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/OSBootFlow.png differ diff --git a/docs/en/docs/Virtualization/figures/SecureBootFlow.png b/docs/en/docs/Virtualization/figures/SecureBootFlow.png new file mode 100644 index 0000000000000000000000000000000000000000..d639975800752c6eca6765a416c256a4752fb590 Binary files /dev/null and b/docs/en/docs/Virtualization/figures/SecureBootFlow.png differ diff --git a/content/en/docs/Virtualization/figures/en-us_image_0218587435.png b/docs/en/docs/Virtualization/figures/en-us_image_0218587435.png similarity index 100% rename from content/en/docs/Virtualization/figures/en-us_image_0218587435.png rename to docs/en/docs/Virtualization/figures/en-us_image_0218587435.png diff --git a/content/en/docs/Virtualization/figures/en-us_image_0218587436.png b/docs/en/docs/Virtualization/figures/en-us_image_0218587436.png similarity index 100% rename from content/en/docs/Virtualization/figures/en-us_image_0218587436.png rename to docs/en/docs/Virtualization/figures/en-us_image_0218587436.png diff --git a/content/en/docs/Virtualization/figures/kvm-architecture.png b/docs/en/docs/Virtualization/figures/kvm-architecture.png similarity index 100% rename from content/en/docs/Virtualization/figures/kvm-architecture.png rename to docs/en/docs/Virtualization/figures/kvm-architecture.png diff --git a/content/en/docs/Virtualization/figures/status-transition-diagram.png b/docs/en/docs/Virtualization/figures/status-transition-diagram.png similarity index 100% rename from content/en/docs/Virtualization/figures/status-transition-diagram.png rename to docs/en/docs/Virtualization/figures/status-transition-diagram.png diff --git a/content/en/docs/Virtualization/figures/virtual-network-structure.png b/docs/en/docs/Virtualization/figures/virtual-network-structure.png similarity index 100% rename from content/en/docs/Virtualization/figures/virtual-network-structure.png rename to docs/en/docs/Virtualization/figures/virtual-network-structure.png diff --git a/content/en/docs/Virtualization/figures/virtualized-architecture.png b/docs/en/docs/Virtualization/figures/virtualized-architecture.png similarity index 100% rename from content/en/docs/Virtualization/figures/virtualized-architecture.png rename to docs/en/docs/Virtualization/figures/virtualized-architecture.png diff --git a/content/en/docs/Virtualization/installation-to-virtualization.md b/docs/en/docs/Virtualization/installation-to-virtualization.md similarity index 98% rename from content/en/docs/Virtualization/installation-to-virtualization.md rename to docs/en/docs/Virtualization/installation-to-virtualization.md index d49588392512857b973c8a159aa2a3b27e051cf4..eff49ef5d6fba87cae5bf78a0411713f3fda144a 100644 --- a/content/en/docs/Virtualization/installation-to-virtualization.md +++ b/docs/en/docs/Virtualization/installation-to-virtualization.md @@ -25,7 +25,7 @@ The minimum hardware requirements for installing virtualization components on op #### Prerequisites -- The yum source has been configured. For details, see _openEuler 20.03 LTS Administrator Guide_. +- The yum source has been configured. For details, see _openEuler 20.03 LTS SP1 Administrator Guide_. - Only the administrator has permission to perform the installation. #### Procedure @@ -49,7 +49,7 @@ The minimum hardware requirements for installing virtualization components on op ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The KVM module is integrated in the openEuler kernel and does not need to be installed separately. ### Verifying the Installation diff --git a/content/en/docs/Virtualization/introduction-to-virtualization.md b/docs/en/docs/Virtualization/introduction-to-virtualization.md similarity index 97% rename from content/en/docs/Virtualization/introduction-to-virtualization.md rename to docs/en/docs/Virtualization/introduction-to-virtualization.md index a97608208c1538e076c478f6f1a78b7706cd025f..0abe43ba5f4a5d869f2c8a5c68cbac325d9a4f83 100644 --- a/content/en/docs/Virtualization/introduction-to-virtualization.md +++ b/docs/en/docs/Virtualization/introduction-to-virtualization.md @@ -7,7 +7,7 @@ In computer technologies, virtualization is a resource management technology. It Virtualization enables multiple virtual machines \(VMs\) to run on a physical server. The VMs share the processor, memory, and I/O resources of the physical server, but are logically isolated from each other. In the virtualization technology, the physical server is called a host machine, the VM running on the host machine is called a guest, and the operating system \(OS\) running on the VM is called a guest OS. A layer of software, called the virtualization layer, exists between a host machine and a VM to simulate virtual hardware. This virtualization layer is called a VM monitor, as shown in the following figure. **Figure 1** Virtualized architecture -![](figures/virtualized-architecture.png "virtualized-architecture") +![](./figures/virtualized-architecture.png "virtualized-architecture") ## Virtualized Architecture @@ -25,7 +25,7 @@ Currently, mainstream virtualization technologies are classified into two types Kernel-based Virtual Machine \(KVM\) is a kernel module of Linux. It makes Linux a hypervisor. [Figure 2](#fig310953013541) shows the KVM architecture. KVM does not simulate any hardware device. It is used to enable virtualization capabilities provided by the hardware, such as Intel VT-x, AMD-V, Arm virtualization extensions. The user-mode QEMU simulates the mainboard, memory, and I/O devices. The user-mode QEMU works with the kernel KVM module to simulate VM hardware. The guest OS runs on the hardware simulated by the QEMU and KVM. **Figure 2** KVM architecture -![](figures/kvm-architecture.png "kvm-architecture") +![](./figures/kvm-architecture.png "kvm-architecture") ## Virtualization Components diff --git a/content/en/docs/Virtualization/managing-devices.md b/docs/en/docs/Virtualization/managing-devices.md similarity index 99% rename from content/en/docs/Virtualization/managing-devices.md rename to docs/en/docs/Virtualization/managing-devices.md index 9b963276fc2c671e42a9b8ec48889e01e6302b20..5a99b0e168c3ce88a5b09cb4544d46c4333a7d4f 100644 --- a/content/en/docs/Virtualization/managing-devices.md +++ b/docs/en/docs/Virtualization/managing-devices.md @@ -283,7 +283,7 @@ PCI passthrough directly assigns a physical PCI device on the host to a VM. The ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >VFIO passthrough is implemented by IOMMU group. Devices are divided to IOMMU groups based on access control services \(ACS\) on hardware. Devices in the same IOMMU group can be assigned to only one VM. If multiple functions on a PCI device belong to the same IOMMU group, they can be directly assigned to only one VM as well. ### SR-IOV Passthrough @@ -292,7 +292,7 @@ PCI passthrough directly assigns a physical PCI device on the host to a VM. The Single Root I/O Virtualization \(SR-IOV\) is a hardware-based virtualization solution. With the SR-IOV technology, a physical function \(PF\) can provide multiple virtual functions \(VFs\), and each VF can be directly assigned to a VM. This greatly improves hardware resource utilization and I/O performance of VMs. A typical application scenario is SR-IOV passthrough for NICs. With the SR-IOV technology, a physical NIC \(PF\) can function as multiple VF NICs, and then the VFs can be directly assigned to VMs. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- SR-IOV requires the support of physical hardware. Before using SR-IOV, ensure that the hardware device to be directly assigned supports SR-IOV and the device driver on the host OS works in SR-IOV mode. >- The following describes how to query the NIC model: >In the following command output, values in the first column indicate the PCI numbers of NICs, and **19e5:1822** indicates the vendor ID and device ID of the NIC. @@ -450,7 +450,7 @@ To configure SR-IOV passthrough for a NIC, perform the following steps: - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >Disabling the SR-IOV function: >To disable the SR-IOV function after the VM is stopped and no VF is in use, run the following command: >The following uses the Hi1822 NIC \(corresponding network interface name: eth0\) as an example: @@ -605,7 +605,7 @@ To configure USB passthrough, perform the following steps: The VM system may be damaged due to virus damage, system file deletion by mistake, or incorrect formatting. As a result, the system cannot be started. To quickly restore a damaged system, openEuler provides the storage snapshot function. openEuler can create a snapshot that records the VM status at specific time points without informing users \(usually within a few seconds\). The snapshot can be used to restore the VM to the status when the snapshots were taken. For example, a damaged system can be quickly restored with the help of snapshots, which improves system reliability. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Currently, storage snapshots can be QCOW2 and RAW images only. Block devices are not supported. ### Procedure diff --git a/content/en/docs/Virtualization/managing-vms.md b/docs/en/docs/Virtualization/managing-vms.md similarity index 76% rename from content/en/docs/Virtualization/managing-vms.md rename to docs/en/docs/Virtualization/managing-vms.md index d2ba205d45693d00d596d65e8e4b2fb5b5aa572b..bd60d7264cad52b3a74d40c4ea6def659daa4577 100644 --- a/content/en/docs/Virtualization/managing-vms.md +++ b/docs/en/docs/Virtualization/managing-vms.md @@ -10,7 +10,9 @@ - [Logging In to a VM](#logging-in-to-a-vm) - [Logging In Using VNC Passwords](#logging-in-using-vnc-passwords) - [Configuring VNC TLS Login](#configuring-vnc-tls-login) - + - [VM Secure Boot](#VM-Secure-Boot) + - [General Introduction](#General-Introduction) + - [Secure Boot Practice](#Secure-Boot-Practice) ### VM Life Cycle @@ -36,7 +38,7 @@ A VM can be in one of the following status: VMs in different status can be converted, but certain rules must be met. [Figure 1](#fig671014583483) describes the common rules for transiting the VM status. **Figure 1** Status transition diagram -![](figures/status-transition-diagram.png "status-transition-diagram") +![](./figures/status-transition-diagram.png "status-transition-diagram") ##### VM ID @@ -71,7 +73,7 @@ In libvirt, a created VM instance is called a **domain**, which describes the c ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >Run the **virsh** command to query the VM ID and UUID. For details, see [Querying VM Information](#querying-vm-information). #### Management Commands @@ -454,7 +456,7 @@ Libvirt component provides a group of commands for querying the VM status, inclu Target Source --------------------------------------------------------------------- sda /home/openeuler/vm/openEuler_aarch64.qcow2 - sdb /home/openeuler/vm/openEuler-20.03-LTS-aarch64-dvd.iso + sdb /home/openeuler/vm/openEuler-20.03-LTS-SP1-aarch64-dvd.iso ``` - Run the **virsh domiflist** command to query the VM NIC information. The query result shows that the VM has one NIC, the backend is vnet0, which is on the br0 bridge of the host. The MAC address is 00:05:fe:d4:f1:cc. @@ -499,7 +501,7 @@ Before logging in to a VM using a client, such as RealVNC or TightVNC, ensure th - You have obtained the VNC listening port of the VM. This port is automatically allocated when the client is started. Generally, the port number is **5900 + x** \(_x_ is a positive integer and increases in ascending order based on the VM startup sequence. **5900** is invisible to users.\) - If a password has been set for the VNC, you also need to obtain the VNC password of the VM. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >To set a password for the VM VNC, edit the XML configuration file of the VM. That is, add the **passwd** attribute to the **graphics** element and set the attribute value to the password to be configured. For example, to set the VNC password of the VM to **n8VfjbFK**, configure the XML file as follows: >``` > @@ -518,7 +520,7 @@ Before logging in to a VM using a client, such as RealVNC or TightVNC, ensure th :3 ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >To log in to the VNC, you need to configure firewall rules to allow the connection of the VNC port. The reference command is as follows, where _X_ is **5900 + Port number**, for example, **5903**. >``` >firewall-cmd --zone=public --add-port=X/tcp @@ -533,7 +535,7 @@ Before logging in to a VM using a client, such as RealVNC or TightVNC, ensure th By default, the VNC server and client transmit data in plaintext. Therefore, the communication content may be intercepted by a third party. To improve security, openEuler allows the VNC server to configure the Transport Layer Security \(TLS\) mode for encryption and authentication. TLS implements encrypted communication between the VNC server and client to prevent communication content from being intercepted by third parties. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- To use the TLS encryption authentication mode, the VNC client must support the TLS mode \(for example, TigerVNC\). Otherwise, the VNC client cannot be connected. >- The TLS encryption authentication mode is configured at the host level. After this feature is enabled, the TLS encryption authentication mode is enabled for the VNC clients of all VMs running on the host. @@ -552,7 +554,7 @@ To enable the TLS encryption authentication mode for the VNC, perform the follow 2. Create a certificate and a private key file for the VNC. The following uses GNU TLS as an example. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >To use GNU TLS, install the gnu-utils software package in advance. 1. Create a certificate file issued by the Certificate Authority \(CA\). @@ -644,7 +646,157 @@ To enable the TLS encryption authentication mode for the VNC, perform the follow 5. Copy the generated client certificates **ca-cert.pem**, **client-cert.pem**, and **client-key.pem** to the VNC client. After the TLS certificate of the VNC client is configured, you can use VNC TLS to log in to the VM. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >- For details about how to configure the VNC client certificate, see the usage description of each client. >- For details about how to log in to the VM, see Logging In Using VNC Passwords. +### VM Secure Boot + +#### General Introduction + +##### Overview + +Secure boot uses public and private key pairs to sign and validate boot components. During the startup, the previous component validates the digital signature of the next component. If the validation is successful, the next component starts. If the validation fails, the startup fails. Secure boot is used to detect whether the firmware and software during startup of the device are tampered with to prevent malware from intrusion and modification. Secure boot ensures the integrity of each component during system startup and prevents unauthorized components from being loaded and running, thereby preventing security threats to the system and user data. Secure boot is implemented based on the UEFI boot mode. It is not supported by the legacy boot mode. According to UEFI specifications, some reliable public keys can be built in the mainboard before delivery. Any operating system or hardware drivers that you want to load on this mainboard must be authenticated by these public keys. The secure boot of a physical machine is implemented by the physical BIOS, while the secure boot of a VM is simulated by software. The process of the VM secure boot is the same as that of the host secure boot, both complying with the open-source UEFI specifications. The UEFI on the virtualization platform is provided by the edk component. When a VM starts, QEMU maps the UEFI image to the memory to simulate the firmware startup process for the VM. Secure boot is a security protection capability provided by edk during the VM startup to protect the OS kernel of the VM from being tampered with. The sequence of signature validation for the secure boot is as follows: UEFI BIOS->shim->GRUB->vmlinuz (signature validation is passed and loaded in sequence). + +| English | Acronyms and Abbreviations | Description | +| :----- | :----- | :----- | +| Secure boot | - | Secure boot indicates that a component validates the digital signature of the next component during startup. If the validation is successful, the component runs. If the validation fails, the component stops running. It ensures the integrity of each component during system startup. | +| Platform key | PK | Platform key is owned by the OEM vendor and must be RSA2048 or stronger. The PK establishes a trusted relationship between the platform owner and the platform firmware. The platform owner registers the PKpub, public key of the PK, with the platform firmware. The platform owner can use the PKpriv, private part of the PK, to change the ownership of the platform or register the KEK key. | +| Key exchange key | KEK | Key exchange key creates a trusted relationship between the platform firmware and the OS. Each OS and third-party application that communicates with the platform firmware register the KEKpub, public part of the KEK key, in the platform firmware. | +| Database trustlist | DB | Database trustlist stores and validates the keys of components such as shim, GRUB, and vmlinuz. | +| Database blocklist | DBx | Database blocklist stores revoked keys. | + +##### Function Description + +The VM secure boot feature is implemented based on the edk open-source project. In non-secure boot mode, the basic Linux process is as follows: + +**Figure 1** System startup process + +![](./figures/OSBootFlow.png) + +In secure boot mode, the first component loaded after UEFI BIOS starts is shim in the system image. By interacting with UEFI BIOS, shim obtains the key stored in the variable DB of UEFI BIOS to validate GRUB. After GRUB is loaded, the key and the authentication API are also called to validate the kernel. The Linux boot process is as follows: + +**Figure 2** Secure boot process + +![](./figures/SecureBootFlow.png) + +The secure boot feature involves multiple key scenarios. Based on the scenario analysis and system breakdown, the secure boot feature involves the following subsystems: UEFI BIOS validating shim, shim validating GRUB, and GRUB validating kernel. When UEFI BIOS validates shim, if the validation is successful, shim is started. If the validation fails, an error message is displayed and shim fails to start. Shim needs to use the private key for signature during image compilation and creation, and the public key certificate needs to be imported to the variable area DB of UEFI BIOS. After shim is started, validate the startup of GRUB. If the validation is successful, GRUB is started. If the validation fails, an error message is displayed and GRUB fails to start. GRUB needs to be signed during image compilation and creation. The public and private key pairs are the same as those of shim. After GRUB is started, it calls the key and the authentication API key registered in UEFI BIOS to validate the kernel. If the validation is successful, GRUB starts the kernel. If the validation fails, an error message is displayed. GRUB needs to sign the image during compilation and creation and uses the public and private key pair that is the same as that of shim. + +##### Constraints + +* Running on the UEFI BIOS that does not support secure boot does not affect existing functions and services. +* The secure boot feature depends on the UEFI BIOS and takes effect only when the UEFI supports this feature. +* When secure boot is enabled in the UEFI BIOS, the system cannot be started if the related components have no signature or the signature is incorrect. +* If secure boot is disabled in the UEFI BIOS, the validation function during the boot process is disabled. +* The second half of the secure boot validation chain, that is, shim->GRUB->kernel, guides the kernel to start. This part of the validation chain is implemented by the OS image. If the OS does not support guiding the kernel for secure boot, the VM secure boot fails. +* Currently, the x86 architecture do not provide nvram file configuration to configure VM secure boot. + +#### Secure Boot Practice + +VM secure boot depends on UEFI BIOS. The UEFI BIOS image is installed using the edk rpm package. This section uses AArch64 as an example to describe how to configure VM secure boot. + +##### Configuring VM + +The components in the edk rpm package are installed in the /usr/share/edk2/aarch64 directory, including `QEMU_EFI-pflash.raw` and `vars-template-pflash.raw`. The following describes the XML configuration of the UEFI BIOS during VM startup. + +``` + + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + /path/to/QEMU-VARS.fd + +``` + +In the preceding configuration, /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw indicates the path of the UEFI BIOS image. /usr/share/edk2/aarch64/vars-template-pflash.raw is the path of the NVRAM image template, and /path/to/QEMU-VARS.fd is the path of the NVRAM image file of the current VM, which is used to store environment variables in the UEFI BIOS. + +##### Importing Certificate + +The certificate for VM secure boot is imported from the BIOS page. Before importing the certificate, you need to import the certificate file to the VM. You can mount the directory where the certificate file is located to the VM by mounting a disk. For example, you can create an image that contains the certificate and mount the image in the XML configuration file of the VM. + +Create a certificate file image. + +``` +dd of='/path/to/data.img' if='/dev/zero' bs=1M count=64 +mkfs.vfat -I /path/to/data.img +mkdir /path/to/mnt +mount path/to/data.img /path/to/mnt/ +cp -a /path/to/certificates/* /path/to/mnt/ +umount /path/to/mnt/ +``` +In the preceding command, /path/to/certificates/ indicates the path where the certificate file is located, /path/to/data.img indicates the path where the certificate file image is located, and /path/to/mnt/ indicates the image mounting path. + +Mount the image in the XML file of the VM. + +``` + + + + + + + + + +``` + +Start the VM and import the PK certificate. The procedure is as follows (the procedure for importing the KEK certificate is the same as that for importing the DB certificate): + +After the VM is started, press F2 to go to the BIOS screen. + +**Figure 1** BIOS screen + +![](./figures/CertEnrollP1.png) + +**Figure 2** Device Manager + +![](./figures/CertEnrollP2.png) + +**Figure 3** Custom Secure Boot Options + +![](./figures/CertEnrollP3.png) + +**Figure 4** PK Options + +![](./figures/CertEnrollP4.png) + +**Figure 5** Enrolling PK + +![](./figures/CertEnrollP5.png) + +In the File Explorer window, many disk directories are displayed, including the certificate file directory mounted through the disk. + +**Figure 6** File Explorer + +![](./figures/CertEnrollP6.png) + +Select the PK certificate to be imported in the disk directory. + +**Figure 7** Disk where the certificate is stored + +![](./figures/CertEnrollP7.png) + +**Figure 8** Selecting Commit Changes and Exit to save the imported certificate + +![](./figures/CertEnrollP8.png) + +After the certificate is imported, the UEFI BIOS writes the certificate information and secure boot attributes to the NVRAM configuration file /path/to/QEMU-VARS.fd. Upon the next startup, the VM reads related configurations from the /path/to/QEMU-VARS.fd file, initializes certificate information and secure boot attributes, automatically imports the certificate, and enables secure boot. Similarly, you can use /path/to/QEMU-VARS.fd as the UEFI BIOS boot configuration template file of other VMs with the same configuration. Modify the nvram template field so that the certificate is automatically imported and the secure boot option is enabled when other VMs are started. The VM XML configuration is modified as follows: + +``` + + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + + +``` + +##### Secure Boot Observation + +After the VM is correctly configured and the PK, KEK, and DB certificates are imported, the VM runs in secure boot mode. You can configure the serial port log file in the VM configuration file in XML format to check whether the VM is in the secure boot mode. The following figure shows how to configure the serial port log file. + +``` + + + +``` + +After the OS image is successfully loaded to the VM, if "UEFI Secure Boot is enabled" is displayed in the serial port log file, the VM is in the secure boot state. diff --git a/content/zh/docs/A-Tune/public_sys-resources/icon-caution.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-caution.gif similarity index 100% rename from content/zh/docs/A-Tune/public_sys-resources/icon-caution.gif rename to docs/en/docs/Virtualization/public_sys-resources/icon-caution.gif diff --git a/content/zh/docs/A-Tune/public_sys-resources/icon-danger.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-danger.gif similarity index 100% rename from content/zh/docs/A-Tune/public_sys-resources/icon-danger.gif rename to docs/en/docs/Virtualization/public_sys-resources/icon-danger.gif diff --git a/content/zh/docs/A-Tune/public_sys-resources/icon-note.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-note.gif similarity index 100% rename from content/zh/docs/A-Tune/public_sys-resources/icon-note.gif rename to docs/en/docs/Virtualization/public_sys-resources/icon-note.gif diff --git a/content/zh/docs/A-Tune/public_sys-resources/icon-notice.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-notice.gif similarity index 100% rename from content/zh/docs/A-Tune/public_sys-resources/icon-notice.gif rename to docs/en/docs/Virtualization/public_sys-resources/icon-notice.gif diff --git a/content/zh/docs/A-Tune/public_sys-resources/icon-tip.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-tip.gif similarity index 100% rename from content/zh/docs/A-Tune/public_sys-resources/icon-tip.gif rename to docs/en/docs/Virtualization/public_sys-resources/icon-tip.gif diff --git a/content/zh/docs/A-Tune/public_sys-resources/icon-warning.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-warning.gif similarity index 100% rename from content/zh/docs/A-Tune/public_sys-resources/icon-warning.gif rename to docs/en/docs/Virtualization/public_sys-resources/icon-warning.gif diff --git a/content/en/docs/Virtualization/system-resource-management.md b/docs/en/docs/Virtualization/system-resource-management.md similarity index 73% rename from content/en/docs/Virtualization/system-resource-management.md rename to docs/en/docs/Virtualization/system-resource-management.md index 998e47d7cd29478435ca7989fb03d60dbac6d24f..80c83970233d2088f55728f0d98e16b0b6895789 100644 --- a/content/en/docs/Virtualization/system-resource-management.md +++ b/docs/en/docs/Virtualization/system-resource-management.md @@ -203,6 +203,90 @@ Run the **virsh vcpupin** command to adjust the binding relationship between v The preceding commands bind vCPU **0** of VM **openEulerVM** to physical CPUs **0**, **2**, and **3**. That is, vCPU **0** is scheduled only on the three physical CPUs. The modification of the binding relationship does not take effect immediately. Instead, the modification takes effect after the next startup of the VM and takes effect permanently. +### CPU Hot Add + +#### Overview + +This feature allows users to hot add CPUs to a running VM without affecting its normal running. When the internal service pressure of a VM keeps increasing, all CPUs will be overloaded. To improve the computing capability of the VM, you can use the CPU hot add function to increase the number of CPUs on the VM without stopping it. + +#### Constraints + +- For processors using the AArch64 architecture, the specified VM chipset type \(machine\) needs to be virt-4.1 or a later version when a VM is created. For processors using the x86\_64 architecture, the specified VM chipset type \(machine\) needs to be pc-i440fx-1.5 or a later version when a VM is created. +- When configuring Guest NUMA, you need to configure the vCPUs that belong to the same socket in the same vNode. Otherwise, the VM may be soft locked up after the CPU is hot added, which may cause the VM panic. +- VMs do not support CPU hot add during migration, hibernation, wake-up, or snapshot. +- Whether the hot added CPU can automatically go online depends on the VM OS logic rather than the virtualization layer. +- CPU hot add is restricted by the maximum number of CPUs supported by the Hypervisor and GuestOS. +- When a VM is being started, stopped, or restarted, the hot added CPU may become invalid. However, the hot added CPU takes effect after the VM is restarted. +- During VM CPU hot add, if the number of added CPUs is not an integer multiple of the number of cores in the VM CPU topology configuration item, the CPU topology displayed in the VM may be disordered. You are advised to add CPUs whose number is an integer multiple of the number of cores each time. +- If the hot added CPU needs to take effect online and is still valid after the VM is restarted, the --config and --live options need to be transferred to the virsh setvcpus API to persist the hot added CPU. + +#### Procedure + +**VM XML Configuration** + +1. To use the CPU hot add function, configure the number of CPUs, the maximum number of CPUs supported by the VM, and the VM chipset type when creating the VM. (For the AArch64 architecture, the virt-4.1 or a later version is required. For the x86\_64 architecture, the pc-i440fx-1.5 or later version is required. The AArch64 VM is used as an example. The configuration template is as follows: + + ``` + + ... + n + + hvm + + ... + + ``` + + >![](./public_sys-resources/icon-note.gif) **Note** + >- The value of placement must be static. + >- m indicates the current number of CPUs on the VM, that is, the default number of CPUs after the VM is started. n indicates the maximum number of CPUs that can be hot added to a VM. The value cannot exceed the maximum CPU specifications supported by the Hypervisor or GuestOS. n is greater than or equal to m. + + For example, if the current number of CPUs of a VM is 4 and the maximum number of hot added CPUs is 64, the XML configuration is as follows: + + ``` + + …… + 64 + + hvm + + …… + ``` + + +**Hot Adding and Bringing CPUs Online** + +1. If the hot added CPU needs to be automatically brought online, create the udev rules file /etc/udev/rules.d/99-hotplug-cpu.rules in the VM as user root and define the udev rules in the file. The following is an example: + + ``` + ### automatically online hot-plugged cpu + ACTION=="add", SUBSYSTEM=="cpu", ATTR{online}="1" + ``` + + >![](./public_sys-resources/icon-note.gif) **Note** + >If you do not use the udev rules, you can use the root permission to manually bring the hot added CPU online by running the following command: + >``` + >for i in `grep -l 0 /sys/devices/system/cpu/cpu*/online` + >do + > echo 1 > $i + >done + >``` + +2. Use the virsh tool to hot add CPUs to the VM. For example, to set the number of CPUs after hot adding to 6 on the VM named openEulerVM and make the hot add take effect online, run the following command: + + ``` + virsh setvcpus openEulerVM 6 --live + ``` + + >![](./public_sys-resources/icon-note.gif) **Note** + >The format for running the virsh setvcpus command to hot add a VM CPU is as follows: + >``` + >virsh setvcpus [--config] [--live] + >``` + >- domain: Parameter, which is mandatory. Specifies the name of a VM. + >- count: Parameter, which is mandatory. Specifies the number of target CPUs, that is, the number of CPUs after hot adding. + >- --config: Option, which is optional. This parameter is still valid when the VM is restarted. + >- --live: Option, which is optional. The configuration takes effect online. ## Managing Virtual Memory @@ -253,7 +337,7 @@ To improve VM performance, you can specify NUMA nodes for a VM using the VM XML If the vCPU of the VM is bound to the physical CPU of **node 0**, the performance deterioration caused by the vCPU accessing the remote memory can be avoided. - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >- The sum of memory allocated to the VM cannot exceed the remaining available memory of the NUMA node. Otherwise, the VM may fail to start. >- You are advised to bind the VM memory and vCPU to the same NUMA node to avoid the performance deterioration caused by vCPU access to the remote memory. For example, bind the vCPU to NUMA node 0 as well. @@ -288,7 +372,7 @@ After Guest NUMA is configured in the VM XML configuration file, you can view th ``` ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >- **** provides the NUMA topology function for VMs. **cell id** indicates the vNode ID, **cpus** indicates the vCPU ID, and **memory** indicates the memory size on the vNode. >- If you want to use Guest NUMA to provide better performance, configure <**numatune\>** and **** so that the vCPU and memory are distributed on the same physical NUMA node. > - **cellid** in **** corresponds to **cell id** in ****. **mode** can be set to **strict** \(apply for memory from a specified node strictly. If the memory is insufficient, the application fails.\), **preferred** \(apply for memory from a node first. If the memory is insufficient, apply for memory from another node\), or **interleave** \(apply for memory from a specified node in cross mode\).; **nodeset** indicates the specified physical NUMA node. diff --git a/docs/en/docs/Virtualization/tool-guide.md b/docs/en/docs/Virtualization/tool-guide.md new file mode 100644 index 0000000000000000000000000000000000000000..d22f203deaa05c79cb05eebb48ef455c5b2dce8f --- /dev/null +++ b/docs/en/docs/Virtualization/tool-guide.md @@ -0,0 +1,140 @@ +# Tool Guide + +- [vmtop](#vmtop) + +## vmtop + +### Overview +vmtop is a user-mode tool running on the host machine. You can use the vmtop tool to dynamically view the usage of VM resources in real time, such as CPU usage, memory usage, and the number of vCPU traps. Therefore, the vmtop tool can be used to locate virtualization problems and optimize performance. + +The vmtop monitoring items are as follows (sampling difference: difference between two data obtained at a specified interval): +- VM/task-name: VM/Process name +- DID: VM ID +- PID: PID of the qemu process of the VM +- %CPU: CPU usage of a process +- EXThvc: Number of hvc-exits (sampling difference) +- EXTwfe: Number of wfe-exits (sampling difference) +- EXTwfi: Number of wfi-exits (sampling difference) +- EXTmmioU: Number of mmioU-exits (sampling difference) +- EXTmmioK: Number of mmioK-exits (sampling difference) +- EXTfp: Number of fp-exits (sampling difference) +- EXTirq: Number of irq-exits (sampling difference) +- EXTsys64: Number of sys64 exits (sampling difference) +- EXTmabt: Number of mem abort exits (sampling difference) +- EXTsum: Total number of KVM exits (sampling difference) +- S: Process status +- P: Physical CPU usage of a process +- %ST: Ratio of the preemption time to the CPU running time (KVM data) +- %GUE: Ratio of the VM internal occupation time to the CPU running time (KVM data) +- %HYP: Virtualization overhead ratio (KVM data) + +### Usage +vmtop is a command line tool. You can directly run the vmtop in command line mode. +In addition, the vmtop tool provides different options for querying different information. + +#### Syntax +```sh +vmtop [option] +``` + +#### Option Description +- -d: sets the refresh interval, in seconds. +- -H: displays the VM thread information. +- -n: sets the number of refresh times and exits after the refresh is complete. +- -b: displays Batch mode, which can be used to redirect to a file. +- -h: displays help information. +- -v: displays versions. + +#### Keyboard Shortcut +Shortcut key used when the vmtop is running. +- H: displays or stops the VM thread information. The information is displayed by default. +- up/down: moves the VM list upwards or downwards. +- left/right: moves the cursor leftwards or rightwards to display the columns that are hidden due to the screen width. +- f: enters the editing mode of a monitoring item and selects the monitoring item to be enabled. +- q: exits the vmtop process. + +### Example +Run the vmtop command on the host. +```sh +vmtop +``` +The command output is as follows: +```sh +vmtop - 2020-09-14 09:54:48 - 1.0 +Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P %ST %GUE %HYP + 2 example 4054916 13.0 0 0 1206 10 0 144 62 174 0 1452 S 106 0.0 99.7 16.0 +``` +As shown in the output, there is only one VM named "example" on the host. The ID is 2. The CPU usage is 13.0%. The total number of traps within one second is 1452. The physical CPU occupied by the VM process is CPU 106. The ratio of the VM internal occupation time to the CPU running time is 99.7%. + +1. Display VM thread information. +Press H to display the thread information. +```sh +vmtop - 2020-09-14 10:11:27 - 1.0 +Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P %ST %GUE %HYP + 2 example 4054916 13.0 0 0 1191 17 4 120 76 147 0 1435 S 119 0.0 123.7 4.0 + |_ qemu-kvm 4054916 0.0 0 0 0 0 0 0 0 0 0 0 S 119 0.0 0.0 0.0 + |_ qemu-kvm 4054928 0.0 0 0 0 0 0 0 0 0 0 0 S 119 0.0 0.0 0.0 + |_ signalfd_com 4054929 0.0 0 0 0 0 0 0 0 0 0 0 S 120 0.0 0.0 0.0 + |_ IO mon_iothr 4054932 0.0 0 0 0 0 0 0 0 0 0 0 S 117 0.0 0.0 0.0 + |_ CPU 0/KVM 4054933 3.0 0 0 280 6 4 28 19 41 0 350 S 105 0.0 27.9 0.0 + |_ CPU 1/KVM 4054934 3.0 0 0 260 0 0 16 12 36 0 308 S 31 0.0 20.0 0.0 + |_ CPU 2/KVM 4054935 3.0 0 0 341 0 0 44 20 26 0 387 R 108 0.0 27.9 4.0 + |_ CPU 3/KVM 4054936 5.0 0 0 310 11 0 32 25 44 0 390 S 103 0.0 47.9 0.0 + |_ memory_lock 4054940 0.0 0 0 0 0 0 0 0 0 0 0 S 126 0.0 0.0 0.0 + |_ vnc_worker 4054944 0.0 0 0 0 0 0 0 0 0 0 0 S 118 0.0 0.0 0.0 + |_ worker 4143738 0.0 0 0 0 0 0 0 0 0 0 0 S 120 0.0 0.0 0.0 +``` +The example VM has 11 threads, including the vCPU thread, vnc_worker, and IO mon_iotreads. Each thread also displays detailed CPU usage and trap information. + +2. Select the monitoring item. +Enter f to edit the monitoring item. +```sh +field filter - select which field to be showed +Use up/down to navigate, use space to set whether chosen filed to be showed +'q' to quit to normal display + + * DID + * VM/task-name + * PID + * %CPU + * EXThvc + * EXTwfe + * EXTwfi + * EXTmmioU + * EXTmmioK + * EXTfp + * EXTirq + * EXTsys64 + * EXTmabt + * EXTsum + * S + * P + * %ST + * %GUE + * %HYP +``` +By default, all monitoring items are displayed. You can press the up or down key to select a monitoring item. Press the space bar to set the monitoring item, and press q to exit. +After %ST, %GUE, and %HYP are hidden, the following information is displayed: +```sh +vmtop - 2020-09-14 10:23:25 - 1.0 +Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P + 2 example 4054916 12.0 0 0 1213 14 1 144 68 168 0 1464 S 125 + |_ qemu-kvm 4054916 0.0 0 0 0 0 0 0 0 0 0 0 S 125 + |_ qemu-kvm 4054928 0.0 0 0 0 0 0 0 0 0 0 0 S 119 + |_ signalfd_com 4054929 0.0 0 0 0 0 0 0 0 0 0 0 S 120 + |_ IO mon_iothr 4054932 0.0 0 0 0 0 0 0 0 0 0 0 S 117 + |_ CPU 0/KVM 4054933 2.0 0 0 303 6 0 29 10 35 0 354 S 98 + |_ CPU 1/KVM 4054934 4.0 0 0 279 0 0 39 17 49 0 345 S 1 + |_ CPU 2/KVM 4054935 3.0 0 0 283 0 0 33 20 40 0 343 S 122 + |_ CPU 3/KVM 4054936 3.0 0 0 348 8 1 43 21 44 0 422 S 110 + |_ memory_lock 4054940 0.0 0 0 0 0 0 0 0 0 0 0 S 126 + |_ vnc_worker 4054944 0.0 0 0 0 0 0 0 0 0 0 0 S 118 + |_ worker 1794 0.0 0 0 0 0 0 0 0 0 0 0 S 126 +``` +%ST, %GUE, and %HYP will not be displayed on the screen. diff --git a/content/en/docs/Virtualization/user-and-administrator-guide.md b/docs/en/docs/Virtualization/user-and-administrator-guide.md similarity index 99% rename from content/en/docs/Virtualization/user-and-administrator-guide.md rename to docs/en/docs/Virtualization/user-and-administrator-guide.md index eb75d5342560e396d81dfa5ec83bd0f0a5877a46..47646f59b84e0a9b7e9952054286eba74f6ebdd1 100644 --- a/content/en/docs/Virtualization/user-and-administrator-guide.md +++ b/docs/en/docs/Virtualization/user-and-administrator-guide.md @@ -26,7 +26,7 @@ This chapter describes how to create VMs on the virtualization platform, manage If compute resources are sufficient, the halt-polling feature can be used to enable VMs to obtain performance similar to that of physical machines. If the halt-polling feature is not enabled, the host allocates CPU resources to other processes when the vCPU exits due to idle timeout. When the halt-polling feature is enabled on the host, the vCPU of the VM performs polling when it is idle. The polling duration depends on the actual configuration. If the vCPU is woken up during the polling, the vCPU can continue to run without being scheduled from the host. This reduces the scheduling overhead and improves the VM system performance. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The halt-polling mechanism ensures that the vCPU thread of the VM responds in a timely manner. However, when the VM has no load, the host also performs polling. As a result, the host detects that the CPU usage of the vCPU is high, but the actual CPU usage of the VM is not high. ##### Instructions @@ -319,7 +319,7 @@ QEMU guest agent \(qemu-ga\) is a daemon running within VMs. It allows users on In some scenarios with high security requirements, qemu-ga provides the blacklist function to prevent internal information leakage of VMs. You can use a blacklist to selectively shield some functions provided by qemu-ga. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The qemu-ga installation package is **qemu-guest-agent-**_xx_**.rpm**. It is not installed on openEuler by default. _xx_ indicates the actual version number. ##### Procedure @@ -370,7 +370,7 @@ To add a qemu-ga blacklist, perform the following steps: root 727 1 0 08:17 ? 00:00:00 /usr/bin/qemu-ga --method=virtio-serial --path=/dev/virtio-ports/org.qemu.guest_agent.0 --blacklist=guest-file-open guest-file-close guest-file-read guest-file-write guest-file-seek guest-file-flush -F/etc/qemu-ga/fsfreeze-hook ``` - >![](public_sys-resources/icon-note.gif) **NOTE:** + >![](./public_sys-resources/icon-note.gif) **NOTE:** >For more information about qemu-ga, visit [https://wiki.qemu.org/Features/GuestAgent](https://wiki.qemu.org/Features/GuestAgent). diff --git a/content/en/docs/Virtualization/virtualization.md b/docs/en/docs/Virtualization/virtualization.md similarity index 100% rename from content/en/docs/Virtualization/virtualization.md rename to docs/en/docs/Virtualization/virtualization.md diff --git a/content/en/docs/Virtualization/vm-configuration.md b/docs/en/docs/Virtualization/vm-configuration.md similarity index 96% rename from content/en/docs/Virtualization/vm-configuration.md rename to docs/en/docs/Virtualization/vm-configuration.md index a290a4a05d92b6440a67f627f3857f5cde638164..abb947dd03c5e0891f139444df48af8f189c99c7 100644 --- a/content/en/docs/Virtualization/vm-configuration.md +++ b/docs/en/docs/Virtualization/vm-configuration.md @@ -97,12 +97,34 @@ This section describes how to configure the vCPU and virtual memory. - **cpu**: The mode of the virtual processor. - **mode**: The mode of the vCPU. The **host-passthrough** indicates that the architecture and features of the virtual CPU are the same as those of the host. + **mode**: The mode of the vCPU. + + - **host-passthrough**: indicates that the architecture and features of the virtual CPU are the same as those of the host. + + - **custom**: indicates that the architecture and features of the virtual CPU are configured by the **cpu** element. Sub-element **topology**: A sub-element of the element cpu, used to describe the topology structure of a vCPU mode. - The attributes **socket**, **cores**, and **threads** of the sub-element topology describe the number of CPU sockets of a VM, the number of processor cores included in each CPU socket, and the number of hyperthreads included in each processor core, respectively. The attribute value is a positive integer, and a product of the three values is equal to the number of of vCPUs. + Sub-element **model**: A sub-element of the element cpu, used to describe the CPU model when **mode** is custom. + + Sub-element **feature**: A sub-element of the element cpu, used to enable/disable a CPU feature when **mode** is custom. The attribute **name** describes the name of the CPU feature. And whether enable the CPU feature is controlled by the attribute **policy**: + + - **force**: force enable the CPU feature regardless of it being supported by host CPU. + + - **require**: enable the CPU feature. + + - **optional**: the CPU feature will be enabled if and only if it is supported by host CPU. + + - **disable**: disable the CPU feature. + + - **forbid**: disable the CPU feature and guest creation will fail if the feature is supported by host CPU. + + >![](./public_sys-resources/icon-note.gif) **NOTE:** + > + >The display of user-mode CPU features in VM (e.g. the 'Flags' field of the 'lscpu' command) needs the support of the VM kernel. If you use old kernel in VM, some CPU features may not be displayed. + ### Configuration Example @@ -120,6 +142,21 @@ For example, if the number of vCPUs is 4, the processing mode is host-passthroug ``` +If the virtual memory is 8 GiB, the number of vCPUs is 4, the processing mode is custom, the CPU model is Kunpeng-920, and pmull is disabled, the configuration is as follows: + +``` + + ... + 4 + 8 + + Kunpeng-920 + + + ... + +``` + ## Virtual Device Configuration The VM XML configuration file uses the **devices** elements to configure virtual devices, including storage devices, network devices, buses, and mouse devices. This section describes how to configure common virtual devices. @@ -244,7 +281,7 @@ In this example, two I/O threads, one block disk device and one CD, are configur - + @@ -371,7 +408,7 @@ The bus is a channel for information communication between components of a compu The PCIe bus is a typical tree structure and has good scalability. The buses are associated with each other by using a controller. The following uses the PCIe bus as an example to describe how to configure a bus topology for a VM. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >The bus configuration is complex. If the device topology does not need to be precisely controlled, the default bus configuration automatically generated by libvirt can be used. #### Elements @@ -573,7 +610,7 @@ In addition to storage devices and network devices, some external devices need t For example, in the following example, the VM emulator path, pty serial port, VirtIO media device, USB tablet, USB keyboard, and VNC graphics device are configured. ->![](public_sys-resources/icon-note.gif) **NOTE:** +>![](./public_sys-resources/icon-note.gif) **NOTE:** >When **type** of **graphics** is set to **VNC**, you are advised to set the **passwd** attribute, that is, the password for logging in to the VM using VNC. ``` @@ -744,7 +781,7 @@ An XML configuration file of AArch64 VM, which contains basic elements. The foll - + diff --git a/content/en/docs/Virtualization/vm-live-migration.md b/docs/en/docs/Virtualization/vm-live-migration.md similarity index 100% rename from content/en/docs/Virtualization/vm-live-migration.md rename to docs/en/docs/Virtualization/vm-live-migration.md diff --git a/docs/en/docs/userguide/UKUI-user-guide.md b/docs/en/docs/userguide/UKUI-user-guide.md new file mode 100644 index 0000000000000000000000000000000000000000..732e0c6f4a259fc35eb233e1723bc468aa4fd729 --- /dev/null +++ b/docs/en/docs/userguide/UKUI-user-guide.md @@ -0,0 +1,413 @@ + +- [UKUI Desktop Environment](#ukui-desktop-environment) + - [Overview](#overview) + - [Desktop](#desktop) + - [Desktop’s Icons](#desktops-icons) + - [Right-click Menu](#right-click-menu) + - [Taskbar](#taskbar) + - [Basic Function](#basic-function) + - [Multi View Switch](#multi-view-switch) + - [Preview Window](#preview-window) + - [Sidebar](#sidebar) + - [Notification Center](#notification-center) + - [Clipboard](#clipboard) + - [Tray Menu](#tray-menu) + - [Storage Menu](#storage-menu) + - [Input Method](#input-method) + - [USB](#usb) + - [Power Supply](#power-supply) + - [Network](#network) + - [1) Wired Network](#1-wired-network) + - [2) Wireless Network](#2-wireless-network) + - [3) Network Setting](#3-network-setting) + - [Volume](#volume) + - [1) Mini Mode](#1-mini-mode) + - [2) According to Equipment](#2-according-to-equipment) + - [3) According to Application](#3-according-to-application) + - [Calendar](#calendar) + - [Night Mode](#night-mode) + - [Advanced Setting](#advanced-setting) + - [Window](#window) + - [Window Manager](#window-manager) + - [Window Switch](#window-switch) + - [Start Menu](#start-menu) + - [Basic Function](#basic-function-1) + - [Category Menu at right side](#category-menu-at-right-side) + - [Function Button at right side](#function-button-at-right-side) + - [User Avatar](#user-avatar) + - [Computer](#computer) + - [Control Center](#control-center) + - [Shutdown](#shutdown) + - [Lock Screen](#lock-screen) + - [Switch Users & Log Out](#switch-users--log-out) + - [Shutdown & Reboot](#shutdown--reboot) + - [Advanced Setting](#advanced-setting-1) + - [Applications](#applications) + - [FAQ](#faq) + - [Can’t login to the system after locking the screen?](#cant-login-to-the-system-after-locking-the-screen) + - [Appendix](#appendix) + - [Shortcut Key](#shortcut-key) + +# UKUI Desktop Environment +## Overview +Desktop Environment is the basis for the user's operation on the graphical interface, and provides multiple functions including taskbar, start menu, etc. The main interface is shown in figure below. + +![Fig. 1 Desktop main interface-big](./figures/1.png) + +
+ +## Desktop +### Desktop’s Icons +The system places three icons Computer, Recycle Bin and Personal by default, and double click the left mouse button to open the page. The functions are shown in table below. + +| Icon | Description | +| :------------ | :------------ | +| ![](./figures/icon1.png) | Computer: Show the drives and hardwares connected to the machine| +| ![](./figures/icon2.png) | Recycle Bin: Show documents that have been diverted| +| ![](./figures/icon3.png) | Personal: Show personal home directory| + +
+ +In addition, right-clicking "Computer" and selecting "Properties", it can show the current system version, kernel version, activation and other related informations. + +![Fig. 2 "Computer" - "Properties"-big](./figures/2.png) + +### Right-click Menu +Right-click on the desktop blank and a menu appears as shown in figure below, providing the users with some shortcut features. + +![Fig. 3 Right-click Menu](./figures/3.png) + +Some of the options are described in table below. + +| Option | Description | +| :------------ | :------------ | +| New | Create new folders, text documents, WPS files | +| View type | Four view types are available: small icon, medium icon, large icon, super large icon | +| Sort by | Four ways to arrange documents according to name, type of document, size and date of modification | + +
+ +## Taskbar +### Basic Function +Taskbar is located at the bottom and includes the Start Menu, Multi View Switch, File Browser, Firefox Web Browser, WPS, and Tray Menu. + +![Fig. 4 Taskbar](./figures/4.png) + +| Component | Decsription | +| :------------ | :------------ | +|![](./figures/icon4.png)| Start menu: Open the system menu to find applications and files | +|![](./figures/icon5.png)| Multi View Switch: Operate in multiple workspaces without interfering with each other | +|![](./figures/icon6.png)| File Browser: Browse and manage documents in the system | +|![](./figures/icon7.png)| Firefox Web Browser: Provide a convenient and safe way to access the Internet | +|![](./figures/icon8.png)| WPS: Realize the most common functions of office software such as text, forms, presentations, and more | +|Window Display Area| The blank part in the middle of the horizontal bar. Display running programs, opened documents, and allow users to close the windows, top the windows, etc | +|![](./figures/icon9.png)| Tray Menu: Include settings for voice, Kylin weather,input method, internet connection, notification center, date, and night mode | +|Show Desktop| The button is on the far right. Minimize all windows on the desktop and return to the desktop; Clicking again will restore the windows | + +#### Multi View Switch +Click the icon "![](./figures/icon10-o.png)" on the taskbar to enter the interface shown in figure below, and select the operation area that users need to work on at the moment in multiple work areas. + +![Fig. 5 Multi View Switch-big](./figures/5.png) + +#### Preview Window +Users move the mouse over the app icon in the taskbar, and then a small preview window will be shown if this app has already been opened. + +Hover over the specified window as shown below for hover state, the window will be slightly fuzzy glass effect (left), the rest of the window as default Status (right). + +![Fig. 6 Taskbar - Preview Window](./figures/6.png) + +Users can close the application by right-clicking on the app icon in the taskbar. + +![Fig. 7 Taskbar - Right-click Preview](./figures/7.png) + +#### Sidebar +The sidebar is located at the right of the entire desktop. Click the icon "![](./figures/icon11-o.png)" in the taskbar tray menu to open the storage menu, and click the icon "![](./figures/icon12-o.png)" in Sidebar to pop up the sidebar as shown in figure below. + +The sidebar consists of two parts: Notification Center, Clipboard and Widget. + +![Fig. 8 Sidebar without message status-big](./figures/8.png) + +##### Notification Center +Notification center will display a list of recent important and newest informations. + +Select "Clear" in the upper right corner to clear the list of informations; Select "Setting" in the upper right corner to go to the notification settings in the control center, and users can set which applications can show informations and the quantity of informations. + +![Fig. 9 Notification Center-big](./figures/9.png) + +Workspace at right side can be set to fold by applications. + +![Fig. 10 Fold messages by applications-big](./figures/10.png) + +Icon "![](./figures/icon13-o.png)" at the top right corner of the sidebar can store unimportant informations. When the messages are more than 999+, it will be shown as the form of ![](./figures/icon14-o.png) which means limitless. + +![Fig. 11 Message Organizer](./figures/11.png) + +##### Clipboard +Clipboard can save the contents those were recently selected to copy or cut, and users can operate them by using the icons in Table. + +![Fig. 12 Clipboard](./figures/12.png) + +Clicking "![](./figures/icon15-o.png)", users can edit the the contents of the clipboard. + +![Fig. 13 edit the content](./figures/13.png) + +| Icon | Description | Icon | Description | +| :------------ | :------------ | :------------ | :------------ | +| ![](./figures/icon16.png) | Copy the content | ![](./figures/icon18.png) | Edit the content | +| ![](./figures/icon17.png) | Delete the content | | | + +
+ +The second label of the clipboard is the small plug-in that contains alarm clock, notebook, user feedback. + +![Fig. 14 Plug-in](./figures/14.png) + +#### Tray Menu +##### Storage Menu +Click "![](./figures/icon19-o.png)" at the tray menu to open the storage menu. + +It contains Kylin Weather, Input Method, Bluetooth, USB, etc. + +![Fig. 15 Storage Menu](./figures/15.png) + +##### Input Method +The taskbar input method defaults to Sogou input method. Use the shortcut key "Ctrl+Space" to switch it out, and the "Shift" key to switch between Chinese and English modes. + +![Fig. 16 Input Method](./figures/16.png) + +##### USB +When the USB is inserted into the computer, it will be matically read the data inside. + +Click "![](./figures/icon26-o.png)" to open the window as shown in figure below. + +When users need to umount the USB, please click the icon "![](./figures/icon27-o.png)". + +![Fig. 17 The status of USB](./figures/17.png) + +##### Power Supply +Click the icon "![](./figures/icon28-o.png)": + +When no power supply is detected. + +![Fig. 18 No Power Supply](./figures/18.png) + +When power supply is detected. + +![Fig. 19 Have Power Supply](./figures/19.png) + +Users right-click the icon "![](./figures/icon30-o.png)" of power manager to open the power setting menu. + +It provides two setting options: adjust screen brightness, and set power and sleep. + +![Fig. 20 Power Manager](./figures/20.png) + +If the power manager pops up a"low battery" window, users can click to turn on the power save mode, and the power manager will set the machine to run in this mode immediately. + +![Fig. 21 Power Saving Mode](./figures/21.png) + +##### Network +Users can choose wired or wireless network connections by clicking the icon "![](./figures/icon31-o.png)" of network manager. + +| Icon | Description | Icon | Description | +| :------------ | :------------ | :------------ | :------------ | +|![](./figures/icon32.png)| Connected |![](./figures/icon37.png)| Unconnected | +|![](./figures/icon33.png)| Connection limited |![](./figures/icon38.png)| Locked | +|![](./figures/icon34.png)| Connecting |![](./figures/icon39.png)| Wifi connected | +|![](./figures/icon35.png)| Wifi unconnected |![](./figures/icon40.png)| Wificonnection limited | +|![](./figures/icon36.png)| Wifi locked |![](./figures/icon41.png)| Wifi connecting | + +
+ +![Fig. 22 Network Connection](./figures/22.png) + +###### 1) Wired Network +In the wired network connection interface, click on the wired network plan to expand. Details of the network. + +![Fig. 23 Wired Network](./figures/23.png) + +###### 2) Wireless Network +Click the switch button in the upper right corner to turn on the wireless network connection, and select the WiFi from the list of available wireless networks. Enter the password to access the Internet. + +![Fig. 24 Wireless Network](./figures/24.png) + +###### 3) Network Setting +Right-click the icon "![](./figures/icon42-o.png)" of network mnager to pop up the setting menu. + +![Fig. 25 Wired Network Setting](./figures/25.png) + +Click network setting to go to the setting window immediately. + +![Fig. 26 Network Setting](./figures/26.png) + +##### Volume +Click the icon "![](./figures/icon43-o.png)" to open the volume window, and there provides three modes. + +###### 1) Mini Mode +It only displays the volume of the speaker. + +![Fig. 27 Mini Mode](./figures/27.png) + +###### 2) According to Equipment +It contains input equipments and output equipments. + +![Fig. 28 According to Equipment List](./figures/28.png) + +###### 3) According to Application +It contains system volume and other applications' volume. + +![Fig. 29 According to Application List](./figures/29.png) + +##### Calendar +Click the date&time on the taskbar to open the calendar window. + +Users can view the day's informations by filtering the year, month, day. The date will be displayed in large letters, with the time, the week, the festival,and the lunar calendar. Taboos can be seen by checking. + +![Fig. 30 Calendar-big](./figures/30.png) + +##### Night Mode +Click the icon "![](./figures/icon44-o.png)" on the Taskbar and then the system changes to the night mode. + +#### Advanced Setting +Right-click the Taskbar to open the menu. + +![Fig. 31 Right-Clicking Menu](./figures/31.png) + +Users can set the lauserst of taskbar accroding to "Taskbar Settings". + +
+ +## Window +### Window Manager +The functions provided as shown in Table. + +| Function | Description | +| :--------| :----------| +| Title Bar | Show the title name of current window | +| Minimize/Maximize/Close | The three icon buttons at the right of the title bar correspond to minimize, maximize and close respectively | +| Side Sliding | Users can scroll up and down to view the page by the slider at the right of the window | +| Stack | Allow overlap among windows | +| Drag and Drop | Long press the left mouse button at the title bar to move the window to any position | +| Resize | Move the mouse to the corner of the window and long press the left button to resize the window | + +
+ +### Window Switch +There are three ways to switch windows: + +* Click the window title on the Taskbar. + +* Click the different window at the desktop. + +* Use shortcut keys < Alt > + < Tab >. + +
+ +## Start Menu +### Basic Function +Click the button to open the "Start Menu". + +It provides sliding bar. + +![Fig. 32 Start Menu](./figures/32.png) + +#### Category Menu at right side +When the mouse is over the right side of the start menu, it will appear a pre-expanded cue bar. Clicking to expand, and then three categories are showing at the right side by default: "Common Software", "Alphabetical Category", and "Functional category". + +* All Software: List all software, recently used software will be displayed on the top of this page. + +* Alphabetical Category: List all softwares by first letter. + +* Functional category: List all softwares by their functions. + +Users can click the button at top right corner to view fullscreen menu mode. + +![Fig. 33 Fullscreen Menu-big](./figures/33.png) + +#### Function Button at right side +It provides User Avatar, Computer, Control Center and Shutdown four options. + +##### User Avatar +Click "![](./figures/icon45-o.png)" to view user's informations. + +##### Computer +Click "![](./figures/icon46-o.png)" to open personal home folder + +##### Control Center +Click "![](./figures/icon47-o.png)" to go to the control center. + +##### Shutdown +###### Lock Screen +When users do not need to use the computer temporarily, the lock screen can be selected (without affecting the current running state of the system) to prevent misoperations. And input the password to re-enter the system. + + The system will matically lock the screen after a period of idle time by default. + +![Fig. 34 Lock Screen-big](./figures/34.png) + +###### Switch Users & Log Out +When users want to select another user to log in uing the computer, users can select "Log out" or "Switch user". + +At this point, the system will close all running applications; Therefore, please save the current jobs before performing this action. + +###### Shutdown & Reboot +There are two ways: + +1)"Start Menu" > "Power" > "Shutdown" + +It will pop up a dialog box, and users can choose shutdown or reboot as needed. + +![Fig. 35 Shutdown Dialog Box-big](./figures/35.png) + +2)"Start Menu" > right side menu of the "Shutdown" button > "Shutdown"/"Reboot" + +The system will shutdown or reboot immediately without poping up the dialog box. + +### Advanced Setting + +Right-clicking Start Menu, it provides lock screen, switch user, log out, reboot, and shutdown five shortcut options. + +### Applications +Users can search apps in the search box by key words. As shown in figure below, the result will show up matically with the input. + +![Fig. 36 Search Apps](./figures/36.png) + +Right-clicking one app in the Start Menu, the right-click menu poping up. + +![Fig. 37 Right-click Menu](./figures/37.png) + +The options are described in table below. + +| Option | Description | +| :------| :--------| +| Attach to "All Software" |Add the selected software to the top of the list of All Software| +| Attach to Taskbar |Generate icon for the application on the Taskbar| +| Add to Desktop Shortcut |Generate shortcut icon for the application on the desktop| +| Uninstall |Remove the application| + +
+ +## FAQ + +### Can’t login to the system after locking the screen? + +(1)Switch to character terminal by < Ctrl + Alt + F1 >. + +(2)Input the user-name and passwd to login to the system. + +(3)Do "sudo rm -rf ~/.Xauthority". + +(4)Switch to graphical interface by < Ctrl + Alt + F7 >, and input the passwd. + +
+ +## Appendix +### Shortcut Key + +|Shortcut Key|Function| +| :------ | :----- +| F5 | Refresh the desktop | +| F1 | Open the user-guide| +| Alt + Tab | Switch the window | +| win | Open the Start Menu | +| Ctrl + Alt + L | Lock Screen | +| Ctrl + Alt + Delete | Log out | + diff --git a/docs/en/docs/userguide/figures/1.png b/docs/en/docs/userguide/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/en/docs/userguide/figures/1.png differ diff --git a/docs/en/docs/userguide/figures/10.png b/docs/en/docs/userguide/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/en/docs/userguide/figures/10.png differ diff --git a/docs/en/docs/userguide/figures/11.png b/docs/en/docs/userguide/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/en/docs/userguide/figures/11.png differ diff --git a/docs/en/docs/userguide/figures/12.png b/docs/en/docs/userguide/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/en/docs/userguide/figures/12.png differ diff --git a/docs/en/docs/userguide/figures/13.png b/docs/en/docs/userguide/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/en/docs/userguide/figures/13.png differ diff --git a/docs/en/docs/userguide/figures/14.png b/docs/en/docs/userguide/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/en/docs/userguide/figures/14.png differ diff --git a/docs/en/docs/userguide/figures/15.png b/docs/en/docs/userguide/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/en/docs/userguide/figures/15.png differ diff --git a/docs/en/docs/userguide/figures/16.png b/docs/en/docs/userguide/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/en/docs/userguide/figures/16.png differ diff --git a/docs/en/docs/userguide/figures/17.png b/docs/en/docs/userguide/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/en/docs/userguide/figures/17.png differ diff --git a/docs/en/docs/userguide/figures/18.png b/docs/en/docs/userguide/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/en/docs/userguide/figures/18.png differ diff --git a/docs/en/docs/userguide/figures/19.png b/docs/en/docs/userguide/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/en/docs/userguide/figures/19.png differ diff --git a/docs/en/docs/userguide/figures/2.png b/docs/en/docs/userguide/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/en/docs/userguide/figures/2.png differ diff --git a/docs/en/docs/userguide/figures/20.png b/docs/en/docs/userguide/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/en/docs/userguide/figures/20.png differ diff --git a/docs/en/docs/userguide/figures/21.png b/docs/en/docs/userguide/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/en/docs/userguide/figures/21.png differ diff --git a/docs/en/docs/userguide/figures/22.png b/docs/en/docs/userguide/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/en/docs/userguide/figures/22.png differ diff --git a/docs/en/docs/userguide/figures/23.png b/docs/en/docs/userguide/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/en/docs/userguide/figures/23.png differ diff --git a/docs/en/docs/userguide/figures/24.png b/docs/en/docs/userguide/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/en/docs/userguide/figures/24.png differ diff --git a/docs/en/docs/userguide/figures/25.png b/docs/en/docs/userguide/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/en/docs/userguide/figures/25.png differ diff --git a/docs/en/docs/userguide/figures/26.png b/docs/en/docs/userguide/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/en/docs/userguide/figures/26.png differ diff --git a/docs/en/docs/userguide/figures/27.png b/docs/en/docs/userguide/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/en/docs/userguide/figures/27.png differ diff --git a/docs/en/docs/userguide/figures/28.png b/docs/en/docs/userguide/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/en/docs/userguide/figures/28.png differ diff --git a/docs/en/docs/userguide/figures/29.png b/docs/en/docs/userguide/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/en/docs/userguide/figures/29.png differ diff --git a/docs/en/docs/userguide/figures/3.png b/docs/en/docs/userguide/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/en/docs/userguide/figures/3.png differ diff --git a/docs/en/docs/userguide/figures/30.png b/docs/en/docs/userguide/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/en/docs/userguide/figures/30.png differ diff --git a/docs/en/docs/userguide/figures/31.png b/docs/en/docs/userguide/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/en/docs/userguide/figures/31.png differ diff --git a/docs/en/docs/userguide/figures/32.png b/docs/en/docs/userguide/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/en/docs/userguide/figures/32.png differ diff --git a/docs/en/docs/userguide/figures/33.png b/docs/en/docs/userguide/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/en/docs/userguide/figures/33.png differ diff --git a/docs/en/docs/userguide/figures/34.png b/docs/en/docs/userguide/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/en/docs/userguide/figures/34.png differ diff --git a/docs/en/docs/userguide/figures/35.png b/docs/en/docs/userguide/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/en/docs/userguide/figures/35.png differ diff --git a/docs/en/docs/userguide/figures/36.png b/docs/en/docs/userguide/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/en/docs/userguide/figures/36.png differ diff --git a/docs/en/docs/userguide/figures/37.png b/docs/en/docs/userguide/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/en/docs/userguide/figures/37.png differ diff --git a/docs/en/docs/userguide/figures/4.png b/docs/en/docs/userguide/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/en/docs/userguide/figures/4.png differ diff --git a/docs/en/docs/userguide/figures/5.png b/docs/en/docs/userguide/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/en/docs/userguide/figures/5.png differ diff --git a/docs/en/docs/userguide/figures/6.png b/docs/en/docs/userguide/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/en/docs/userguide/figures/6.png differ diff --git a/docs/en/docs/userguide/figures/7.png b/docs/en/docs/userguide/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/en/docs/userguide/figures/7.png differ diff --git a/docs/en/docs/userguide/figures/8.png b/docs/en/docs/userguide/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/en/docs/userguide/figures/8.png differ diff --git a/docs/en/docs/userguide/figures/9.png b/docs/en/docs/userguide/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/en/docs/userguide/figures/9.png differ diff --git a/docs/en/docs/userguide/figures/icon1.png b/docs/en/docs/userguide/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/en/docs/userguide/figures/icon1.png differ diff --git a/docs/en/docs/userguide/figures/icon10-o.png b/docs/en/docs/userguide/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon10-o.png differ diff --git a/docs/en/docs/userguide/figures/icon11-o.png b/docs/en/docs/userguide/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/docs/userguide/figures/icon11-o.png differ diff --git a/docs/en/docs/userguide/figures/icon12-o.png b/docs/en/docs/userguide/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon12-o.png differ diff --git a/docs/en/docs/userguide/figures/icon13-o.png b/docs/en/docs/userguide/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/en/docs/userguide/figures/icon13-o.png differ diff --git a/docs/en/docs/userguide/figures/icon14-o.png b/docs/en/docs/userguide/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon14-o.png differ diff --git a/docs/en/docs/userguide/figures/icon15-o.png b/docs/en/docs/userguide/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon15-o.png differ diff --git a/docs/en/docs/userguide/figures/icon16.png b/docs/en/docs/userguide/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon16.png differ diff --git a/docs/en/docs/userguide/figures/icon17.png b/docs/en/docs/userguide/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon17.png differ diff --git a/docs/en/docs/userguide/figures/icon18.png b/docs/en/docs/userguide/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon18.png differ diff --git a/docs/en/docs/userguide/figures/icon19-o.png b/docs/en/docs/userguide/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/en/docs/userguide/figures/icon19-o.png differ diff --git a/docs/en/docs/userguide/figures/icon2.png b/docs/en/docs/userguide/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon2.png differ diff --git a/docs/en/docs/userguide/figures/icon20.png b/docs/en/docs/userguide/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/en/docs/userguide/figures/icon20.png differ diff --git a/docs/en/docs/userguide/figures/icon21.png b/docs/en/docs/userguide/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon21.png differ diff --git a/docs/en/docs/userguide/figures/icon22.png b/docs/en/docs/userguide/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon22.png differ diff --git a/docs/en/docs/userguide/figures/icon23.png b/docs/en/docs/userguide/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/en/docs/userguide/figures/icon23.png differ diff --git a/docs/en/docs/userguide/figures/icon24.png b/docs/en/docs/userguide/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/en/docs/userguide/figures/icon24.png differ diff --git a/docs/en/docs/userguide/figures/icon25.png b/docs/en/docs/userguide/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/en/docs/userguide/figures/icon25.png differ diff --git a/docs/en/docs/userguide/figures/icon26-o.png b/docs/en/docs/userguide/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon26-o.png differ diff --git a/docs/en/docs/userguide/figures/icon27-o.png b/docs/en/docs/userguide/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/en/docs/userguide/figures/icon27-o.png differ diff --git a/docs/en/docs/userguide/figures/icon28-o.png b/docs/en/docs/userguide/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/docs/userguide/figures/icon28-o.png differ diff --git a/docs/en/docs/userguide/figures/icon29-o.png b/docs/en/docs/userguide/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/docs/userguide/figures/icon29-o.png differ diff --git a/docs/en/docs/userguide/figures/icon3.png b/docs/en/docs/userguide/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon3.png differ diff --git a/docs/en/docs/userguide/figures/icon30-o.png b/docs/en/docs/userguide/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/en/docs/userguide/figures/icon30-o.png differ diff --git a/docs/en/docs/userguide/figures/icon31-o.png b/docs/en/docs/userguide/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/docs/userguide/figures/icon31-o.png differ diff --git a/docs/en/docs/userguide/figures/icon32.png b/docs/en/docs/userguide/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/docs/userguide/figures/icon32.png differ diff --git a/docs/en/docs/userguide/figures/icon33.png b/docs/en/docs/userguide/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/en/docs/userguide/figures/icon33.png differ diff --git a/docs/en/docs/userguide/figures/icon34.png b/docs/en/docs/userguide/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/en/docs/userguide/figures/icon34.png differ diff --git a/docs/en/docs/userguide/figures/icon35.png b/docs/en/docs/userguide/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/en/docs/userguide/figures/icon35.png differ diff --git a/docs/en/docs/userguide/figures/icon36.png b/docs/en/docs/userguide/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/en/docs/userguide/figures/icon36.png differ diff --git a/docs/en/docs/userguide/figures/icon37.png b/docs/en/docs/userguide/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon37.png differ diff --git a/docs/en/docs/userguide/figures/icon38.png b/docs/en/docs/userguide/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon38.png differ diff --git a/docs/en/docs/userguide/figures/icon39.png b/docs/en/docs/userguide/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/en/docs/userguide/figures/icon39.png differ diff --git a/docs/en/docs/userguide/figures/icon4.png b/docs/en/docs/userguide/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon4.png differ diff --git a/docs/en/docs/userguide/figures/icon40.png b/docs/en/docs/userguide/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/en/docs/userguide/figures/icon40.png differ diff --git a/docs/en/docs/userguide/figures/icon41.png b/docs/en/docs/userguide/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/en/docs/userguide/figures/icon41.png differ diff --git a/docs/en/docs/userguide/figures/icon42-o.png b/docs/en/docs/userguide/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/docs/userguide/figures/icon42-o.png differ diff --git a/docs/en/docs/userguide/figures/icon42.png b/docs/en/docs/userguide/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/en/docs/userguide/figures/icon42.png differ diff --git a/docs/en/docs/userguide/figures/icon43-o.png b/docs/en/docs/userguide/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/en/docs/userguide/figures/icon43-o.png differ diff --git a/docs/en/docs/userguide/figures/icon44-o.png b/docs/en/docs/userguide/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon44-o.png differ diff --git a/docs/en/docs/userguide/figures/icon45-o.png b/docs/en/docs/userguide/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/en/docs/userguide/figures/icon45-o.png differ diff --git a/docs/en/docs/userguide/figures/icon46-o.png b/docs/en/docs/userguide/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon46-o.png differ diff --git a/docs/en/docs/userguide/figures/icon47-o.png b/docs/en/docs/userguide/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon47-o.png differ diff --git a/docs/en/docs/userguide/figures/icon5.png b/docs/en/docs/userguide/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon5.png differ diff --git a/docs/en/docs/userguide/figures/icon6.png b/docs/en/docs/userguide/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/en/docs/userguide/figures/icon6.png differ diff --git a/docs/en/docs/userguide/figures/icon7.png b/docs/en/docs/userguide/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/en/docs/userguide/figures/icon7.png differ diff --git a/docs/en/docs/userguide/figures/icon8.png b/docs/en/docs/userguide/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/en/docs/userguide/figures/icon8.png differ diff --git a/docs/en/docs/userguide/figures/icon9.png b/docs/en/docs/userguide/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/en/docs/userguide/figures/icon9.png differ diff --git a/docs/en/menu/menu.json b/docs/en/menu/menu.json new file mode 100644 index 0000000000000000000000000000000000000000..84577e2b39602d6763f6f16a0b4aa30249f1fc2d --- /dev/null +++ b/docs/en/menu/menu.json @@ -0,0 +1,900 @@ +[ + { + "label": "Terms of Use", + "path": "docs/Releasenotes/terms-of-use", + "children": [ + + ] + }, + { + "label": "Release Notes", + "path": "docs/Releasenotes/release_notes", + "children": [ + { + "label": "User Notice", + "path": "docs/Releasenotes/user-notice", + "children": [ + + ] + }, + { + "label": "Introduction", + "path": "docs/Releasenotes/introduction", + "children": [ + + ] + }, + { + "label": "Installing the OS", + "path": "docs/Releasenotes/installing-the-os", + "children": [ + + ] + }, + { + "label": "Key Features", + "path": "docs/Releasenotes/key-features", + "children": [ + + ] + }, + { + "label": "Known Issues", + "path": "docs/Releasenotes/known-issues", + "children": [ + + ] + }, + { + "label": "Resolved Issues", + "path": "docs/Releasenotes/resolved-issues", + "children": [ + + ] + }, + { + "label": "Common Vulnerabilities and Exposures \\(CVE\\)", + "path": "docs/Releasenotes/common-vulnerabilities-and-exposures-(cve)", + "children": [ + + ] + }, + { + "label": "Source Code", + "path": "docs/Releasenotes/source-code", + "children": [ + + ] + }, + { + "label": "Contribution", + "path": "docs/Releasenotes/contribution", + "children": [ + + ] + }, + { + "label": "Acknowledgement", + "path": "docs/Releasenotes/acknowledgement", + "children": [ + + ] + } + ] + }, + { + "label": "Quick Start", + "path": "docs/Quickstart/quick-start", + "children": [ + + ] + }, + { + "label": "Installation Guide", + "path": "docs/Installation/Installation", + "children": [ + { + "label": "Installation on Servers", + "path": "docs/Installation/install-server", + "children": [ + { + "label": "Installation Preparations", + "path": "docs/Installation/installation-preparations", + "children": [] + }, + { + "label": "Installation Mode", + "path": "docs/Installation/installation-mode", + "children": [] + }, + { + "label": "Installation Guideline", + "path": "docs/Installation/installation-guideline", + "children": [] + }, + { + "label": "Using Kickstart for Automatic Installation", + "path": "docs/Installation/using-kickstart-for-automatic-installation", + "children": [] + }, + { + "label": "Installation UKUI", + "path": "docs/Installation/install-UKUI", + "children": [] + }, + { + "label": "Installation DDE", + "path": "docs/Installation/install-DDE", + "children": [] + }, + { + "label": "FAQs", + "path": "docs/Installation/faqs", + "children": [] + } + ] + }, + { + "label": "Installation on Raspberry Pi", + "path": "docs/Installation/install-pi", + "children": [ + { + "label": "Installation Preparations", + "path": "docs/Installation/Installation-Preparations1", + "children": [] + }, + { + "label": "Installation Mode", + "path": "docs/Installation/Installation-Modes1", + "children": [] + }, + { + "label": "Installation Guideline", + "path": "docs/Installation/Installation-Guide1", + "children": [] + }, + { + "label": "FAQs", + "path": "docs/Installation/FAQ1", + "children": [] + }, + { + "label": "More Resources", + "path": "docs/Installation/More-Resources", + "children": [] + } + ] + } + ] + }, + { + "label": "Administrator Guide", + "path": "docs/Administration/administration", + "children": [ + { + "label": "Viewing System Information", + "path": "docs/Administration/viewing-system-information", + "children": [ + + ] + }, + { + "label": "Basic Configuration", + "path": "docs/Administration/basic-configuration", + "children": [ + + ] + }, + { + "label": "User and User Group Management", + "path": "docs/Administration/user-and-user-group-management", + "children": [ + + ] + }, + { + "label": "Using the DNF to Manage Software Packages", + "path": "docs/Administration/using-the-dnf-to-manage-software-packages", + "children": [ + + ] + }, + { + "label": "Service Management", + "path": "docs/Administration/service-management", + "children": [ + + ] + }, + { + "label": "Process Management", + "path": "docs/Administration/process-management", + "children": [ + + ] + }, + { + "label": "Configuring the Network", + "path": "docs/Administration/configuring-the-network", + "children": [ + + ] + }, + { + "label": "Managing Hard Disks Through LVM", + "path": "docs/Administration/managing-hard-disks-through-lvm", + "children": [ + + ] + }, + { + "label": "Using the KAE", + "path": "docs/Administration/using-the-kae", + "children": [ + + ] + }, + { + "label": "Configuring Services", + "path": "docs/Administration/configuring-services", + "children": [ + { + "label": "Configuring the Repo Server", + "path": "docs/Administration/configuring-the-repo-server", + "children": [ + + ] + }, + { + "label": "Configuring the FTP Server", + "path": "docs/Administration/configuring-the-ftp-server", + "children": [ + + ] + }, + { + "label": "Configuring the Web Server", + "path": "docs/Administration/configuring-the-web-server", + "children": [ + + ] + }, + { + "label": "Setting Up the Database Server", + "path": "docs/Administration/setting-up-the-database-server", + "children": [ + + ] + } + ] + }, + { + "label": "FAQs", + "path": "docs/Administration/faqs", + "children": [ + + ] + } + ] + }, + { + "label": "Security Hardening Guide", + "path": "docs/SecHarden/secHarden", + "children": [ + { + "label": "OS Hardening Overview", + "path": "docs/SecHarden/os-hardening-overview", + "children": [ + ] + }, + { + "label": "Security Hardening Guide", + "path": "docs/SecHarden/security-hardening-guide", + "children": [ + { + "label": "Account Passwords", + "path": "docs/SecHarden/account-passwords", + "children": [ + + ] + }, + { + "label": "Authentication and Authorization", + "path": "docs/SecHarden/authentication-and-authorization", + "children": [ + + ] + }, + { + "label": "System Services", + "path": "docs/SecHarden/system-services", + "children": [ + + ] + }, + { + "label": "File Permissions", + "path": "docs/SecHarden/file-permissions", + "children": [ + + ] + }, + { + "label": "Kernel Parameters", + "path": "docs/SecHarden/kernel-parameters", + "children": [ + + ] + }, + { + "label": "SELinux Configuration", + "path": "docs/SecHarden/selinux-configuration", + "children": [ + + ] + } + ] + }, + { + "label": "Security Hardening Tools", + "path": "docs/SecHarden/security-hardening-tools", + "children": [ + + ] + }, + { + "label": "Appendixes", + "path": "docs/SecHarden/appendix", + "children": [ + + ] + } + ] + }, + { + "label": "Virtualization User Guide", + "path": "docs/Virtualization/virtualization", + "children": [ + { + "label": "Introduction to Virtualization", + "path": "docs/Virtualization/introduction-to-virtualization", + "children": [ + + ] + }, + { + "label": "Installation to Virtualization", + "path": "docs/Virtualization/installation-to-virtualization", + "children": [ + + ] + }, + { + "label": "Environment Preparation", + "path": "docs/Virtualization/environment-preparation", + "children": [ + + ] + }, + { + "label": "VM Configuration", + "path": "docs/Virtualization/vm-configuration", + "children": [ + + ] + }, + { + "label": "Managing VMs", + "path": "docs/Virtualization/managing-vms", + "children": [ + + ] + }, + { + "label": "VM Live Migration", + "path": "docs/Virtualization/vm-live-migration", + "children": [ + + ] + }, + { + "label": "System Resource Management", + "path": "docs/Virtualization/system-resource-management", + "children": [ + + ] + }, + { + "label": "Managing Devices", + "path": "docs/Virtualization/managing-devices", + "children": [ + + ] + }, + { + "label": "Best Practices", + "path": "docs/Virtualization/best-practices", + "children": [ + + ] + }, + { + "label": "Tool Guide", + "path": "docs/Virtualization/tool-guide", + "children": [ + + ] + }, + { + "label": "Appendix", + "path": "docs/Virtualization/appendix", + "children": [ + + ] + } + ] + }, + { + "label": "Container User Guide", + "path": "docs/Container/container", + "children": [ + { + "label": "iSulad Container Engine", + "path": "docs/Container/isulad-container-engine", + "children": [ + { + "label": "Installation, Upgrade and Uninstallation", + "path": "docs/Container/installation-upgrade-Uninstallation", + "children": [ + { + "label": "Installation and Configuration", + "path": "docs/Container/installation-configuration", + "children": [ + + ] + }, + { + "label": "Upgrade Methods", + "path": "docs/Container/upgrade-methods", + "children": [ + + ] + }, + { + "label": "Uninstallation", + "path": "docs/Container/uninstallation", + "children": [ + + ] + } + ] + }, + { + "label": "Application Scenarios", + "path": "docs/Container/application-scenarios", + "children": [ + { + "label": "Container Management", + "path": "docs/Container/container-management", + "children": [ + + ] + }, + { + "label": "Interconnection with the CNI Network", + "path": "docs/Container/interconnection-with-the-cni-network", + "children": [ + + ] + }, + { + "label": "Container Resource Management", + "path": "docs/Container/container-resource-management", + "children": [ + + ] + }, + { + "label": "Privileged Container", + "path": "docs/Container/privileged-container", + "children": [ + + ] + }, + { + "label": "CRI", + "path": "docs/Container/cri", + "children": [ + + ] + }, + { + "label": "Image Management", + "path": "docs/Container/image-management", + "children": [ + + ] + }, + { + "label": "Checking the Container Health Status", + "path": "docs/Container/checking-the-container-health-status", + "children": [ + + ] + }, + { + "label": "Querying Information", + "path": "docs/Container/querying-information", + "children": [ + + ] + }, + { + "label": "Security Features", + "path": "docs/Container/security-features", + "children": [ + + ] + }, + { + "label": "Supporting OCI hooks", + "path": "docs/Container/supporting-oci-hooks", + "children": [ + + ] + } + ] + }, + { + "label": "Appendix", + "path": "docs/Container/appendix", + "children": [ + + ] + } + ] + }, + { + "label": "System Container", + "path": "docs/Container/system-container", + "children": [ + { + "label": "Installation Guideline", + "path": "docs/Container/installation-guideline", + "children": [ + + ] + }, + { + "label": "Usage Guide", + "path": "docs/Container/usage-guide", + "children": [ + { + "label": "Specifying Rootfs to Create a Container", + "path": "docs/Container/specifying-rootfs-to-create-a-container", + "children": [ + + ] + }, + { + "label": "Using systemd to Start a Container", + "path": "docs/Container/using-systemd-to-start-a-container", + "children": [ + + ] + }, + { + "label": "Reboot or Shutdown in a Container", + "path": "docs/Container/reboot-or-shutdown-in-a-container", + "children": [ + + ] + }, + { + "label": "Configurable Cgroup Path", + "path": "docs/Container/configurable-cgroup-path", + "children": [ + + ] + }, + { + "label": "Writable Namespace Kernel Parameters", + "path": "docs/Container/writable-namespace-kernel-parameters", + "children": [ + + ] + }, + { + "label": "Shared Memory Channels", + "path": "docs/Container/shared-memory-channels", + "children": [ + + ] + }, + { + "label": "Dynamically Loading the Kernel Module", + "path": "docs/Container/dynamically-loading-the-kernel-module", + "children": [ + + ] + }, + { + "label": "Environment Variable Persisting", + "path": "docs/Container/environment-variable-persisting", + "children": [ + + ] + }, + { + "label": "Maximum Number of Handles", + "path": "docs/Container/maximum-number-of-handles", + "children": [ + + ] + }, + { + "label": "Security and Isolation", + "path": "docs/Container/security-and-isolation", + "children": [ + + ] + }, + { + "label": "Dynamically Managing Container Resources \\(syscontainer-tools\\)", + "path": "docs/Container/dynamically-managing-container-resources-(syscontainer-tools)", + "children": [ + + ] + } + ] + }, + { + "label": "Appendix", + "path": "docs/Container/appendix-1", + "children": [ + + ] + } + ] + }, + { + "label": "Secure Container", + "path": "docs/Container/secure-container", + "children": [ + { + "label": "Installation and Deployment", + "path": "docs/Container/installation-and-deployment-1", + "children": [ + + ] + }, + { + "label": "Application Scenarios", + "path": "docs/Container/application-scenarios-2", + "children": [ + { + "label": "Managing the Lifecycle of a Secure Container", + "path": "docs/Container/managing-the-lifecycle-of-a-secure-container", + "children": [ + + ] + }, + { + "label": "Configuring Resources for a Secure Container", + "path": "docs/Container/configuring-resources-for-a-secure-container", + "children": [ + + ] + }, + { + "label": "Configuring Networking for a Secure Container", + "path": "docs/Container/configuring-networking-for-a-secure-container", + "children": [ + + ] + }, + { + "label": "Monitoring Secure Containers", + "path": "docs/Container/monitoring-secure-containers", + "children": [ + + ] + } + ] + }, + { + "label": "Appendix", + "path": "docs/Container/appendix-2", + "children": [ + + ] + } + ] + }, + { + "label": "Docker Container", + "path": "docs/Container/docker-container", + "children": [ + { + "label": "Installation and Deployment", + "path": "docs/Container/installation-and-deployment-2", + "children": [ + + ] + }, + { + "label": "Container Management", + "path": "docs/Container/container-management-1", + "children": [ + + ] + }, + { + "label": "Image Management", + "path": "docs/Container/image-management-1", + "children": [ + + ] + }, + { + "label": "Command Reference", + "path": "docs/Container/command-reference", + "children": [ + { + "label": "Container Engine", + "path": "docs/Container/container-engine", + "children": [ + + ] + }, + { + "label": "Container Management", + "path": "docs/Container/container-management-2", + "children": [ + + ] + }, + { + "label": "Image Management", + "path": "docs/Container/image-management-2", + "children": [ + + ] + }, + { + "label": "Statistics", + "path": "docs/Container/statistics", + "children": [ + + ] + } + ] + } + ] + }, + { + "label": "Image Building", + "path": "docs/Container/isula-build", + "children": [ + + ] + } + ] + }, + { + "label": "A-Tune User Guide", + "path": "docs/A-Tune/A-Tune", + "children": [ + { + "label": "Getting to Know A-Tune", + "path": "docs/A-Tune/getting-to-know-a-tune", + "children": [ + + ] + }, + { + "label": "Installation and Deployment", + "path": "docs/A-Tune/installation-and-deployment", + "children": [ + + ] + }, + { + "label": "Application Scenarios", + "path": "docs/A-Tune/application-scenarios", + "children": [ + + ] + }, + { + "label": "FAQs", + "path": "docs/A-Tune/faqs", + "children": [ + + ] + }, + { + "label": "Appendixes", + "path": "docs/A-Tune/appendixes", + "children": [ + + ] + } + ] + }, + { + "label": "Application Development Guide", + "path": "docs/ApplicationDev/application-development", + "children": [ + { + "label": "Preparation", + "path": "docs/ApplicationDev/preparation", + "children": [ + + ] + }, + { + "label": "Using GCC for Compilation", + "path": "docs/ApplicationDev/using-gcc-for-compilation", + "children": [ + + ] + }, + { + "label": "Using Make for Compilation", + "path": "docs/ApplicationDev/using-make-for-compilation", + "children": [ + + ] + }, + { + "label": "Using JDK for Compilation", + "path": "docs/ApplicationDev/using-jdk-for-compilation", + "children": [ + + ] + }, + { + "label": "Building an RPM Package", + "path": "docs/ApplicationDev/building-an-rpm-package", + "children": [ + + ] + } + ] + }, + { + "label": "Third-Party Software Porting Guide", + "path": "docs/thirdparty_migration/thidrparty", + "children": [ + { + "label": "Single-Node Deployment Guide for OpenStack-train", + "path": "docs/thirdparty_migration/openstack-train", + "children": [ + + ] + }, + { + "label": "Kubernetes Environment Setup Guide", + "path": "docs/thirdparty_migration/k8sinstall", + "children": [ + + ] + }, + { + "label": "springframework单机部署指导", + "path": "docs/thirdparty_migration/SpringFramework Single-Node System Deployment Guide", + "children": [ + + ] + } + ] + }, + { + "label": "UKUI User Guide ", + "path": "docs/userguide/UKUI-user-guide", + "children": [ + + ] + } +] diff --git a/content/zh/docs/A-Tune/A-Tune.md b/docs/zh/docs/A-Tune/A-Tune.md similarity index 100% rename from content/zh/docs/A-Tune/A-Tune.md rename to docs/zh/docs/A-Tune/A-Tune.md diff --git a/content/zh/docs/A-Tune/figures/zh-cn_image_0213178479.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0213178479.png similarity index 100% rename from content/zh/docs/A-Tune/figures/zh-cn_image_0213178479.png rename to docs/zh/docs/A-Tune/figures/zh-cn_image_0213178479.png diff --git a/content/zh/docs/A-Tune/figures/zh-cn_image_0213178480.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0213178480.png similarity index 100% rename from content/zh/docs/A-Tune/figures/zh-cn_image_0213178480.png rename to docs/zh/docs/A-Tune/figures/zh-cn_image_0213178480.png diff --git a/content/zh/docs/A-Tune/figures/zh-cn_image_0214540398.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0214540398.png similarity index 100% rename from content/zh/docs/A-Tune/figures/zh-cn_image_0214540398.png rename to docs/zh/docs/A-Tune/figures/zh-cn_image_0214540398.png diff --git a/content/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png similarity index 100% rename from content/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png rename to docs/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png new file mode 100644 index 0000000000000000000000000000000000000000..aecf293846ebd12f15b9a3fb5fdc2618d9d527dc Binary files /dev/null and b/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png differ diff --git a/content/zh/docs/A-Tune/figures/zh-cn_image_0231122163.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0231122163.png similarity index 100% rename from content/zh/docs/A-Tune/figures/zh-cn_image_0231122163.png rename to docs/zh/docs/A-Tune/figures/zh-cn_image_0231122163.png diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0245342444.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0245342444.png new file mode 100644 index 0000000000000000000000000000000000000000..10f0fceb42c00c80ef49decdc0c480eb04c2ca6d Binary files /dev/null and b/docs/zh/docs/A-Tune/figures/zh-cn_image_0245342444.png differ diff --git a/content/zh/docs/Administration/public_sys-resources/icon-caution.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-caution.gif similarity index 100% rename from content/zh/docs/Administration/public_sys-resources/icon-caution.gif rename to docs/zh/docs/A-Tune/public_sys-resources/icon-caution.gif diff --git a/content/zh/docs/Administration/public_sys-resources/icon-danger.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-danger.gif similarity index 100% rename from content/zh/docs/Administration/public_sys-resources/icon-danger.gif rename to docs/zh/docs/A-Tune/public_sys-resources/icon-danger.gif diff --git a/content/zh/docs/Administration/public_sys-resources/icon-note.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-note.gif similarity index 100% rename from content/zh/docs/Administration/public_sys-resources/icon-note.gif rename to docs/zh/docs/A-Tune/public_sys-resources/icon-note.gif diff --git a/content/zh/docs/Administration/public_sys-resources/icon-notice.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-notice.gif similarity index 100% rename from content/zh/docs/Administration/public_sys-resources/icon-notice.gif rename to docs/zh/docs/A-Tune/public_sys-resources/icon-notice.gif diff --git a/content/zh/docs/Administration/public_sys-resources/icon-tip.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-tip.gif similarity index 100% rename from content/zh/docs/Administration/public_sys-resources/icon-tip.gif rename to docs/zh/docs/A-Tune/public_sys-resources/icon-tip.gif diff --git a/content/zh/docs/Administration/public_sys-resources/icon-warning.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-warning.gif similarity index 100% rename from content/zh/docs/Administration/public_sys-resources/icon-warning.gif rename to docs/zh/docs/A-Tune/public_sys-resources/icon-warning.gif diff --git "a/content/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" "b/docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" similarity index 70% rename from "content/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" rename to "docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" index 9839fd35342575be2482db35d4c716361c24d917..021f8ea7f08368aea8188bc3c7937bef7097bbce 100644 --- "a/content/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" +++ "b/docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" @@ -2,6 +2,7 @@ 用户可以通过命令行客户端atune-adm使用A-Tune提供的功能。本章介绍A-Tune客户端包含的功能和使用方法。 + - [使用方法](#使用方法) - [总体说明](#总体说明) - [查询负载类型](#查询负载类型) @@ -42,10 +43,6 @@ - define、update、undefine、collection、train、upgrade不支持远程执行。 - 命令格式中,\[ \] 表示参数可选,<\> 表示参数必选,具体参数由实际情况确定。 -- 命令格式中,各命令含义如下: - - WORKLOAD\_TYPE:用户自定义负载类型的名称,负载支持的类型参考list命令查询结果。 - - PROFILE\_NAME:用户自定义profile的名称 - - PROFILE\_PATH:用户自定义profile的路径 ## 查询负载类型 @@ -53,7 +50,7 @@ ### 功能描述 -查询系统当前支持的workload\_type和对应的profile,以及当前处于active状态的profile。 +查询系统当前支持的profile,以及当前处于active状态的profile。 ### 命令格式 @@ -62,35 +59,109 @@ ### 使用示例 ``` -# atune-adm list - -Support WorkloadTypes: -+-----------------------------------+------------------------+-----------+ -| WorkloadType | ProfileName | Active | -+===================================+========================+===========+ -| default | default | true | -+-----------------------------------+------------------------+-----------+ -| webserver | ssl_webserver | false | -+-----------------------------------+------------------------+-----------+ -| big_database | database | false | -+-----------------------------------+------------------------+-----------+ -| big_data | big_data | false | -+-----------------------------------+------------------------+-----------+ -| in-memory_computing | in-memory_computing | false | -+-----------------------------------+------------------------+-----------+ -| in-memory_database | in-memory_database | false | -+-----------------------------------+------------------------+-----------+ -| single_computer_intensive_jobs | compute-intensive | false | -+-----------------------------------+------------------------+-----------+ -| communication | rpc_communication | false | -+-----------------------------------+------------------------+-----------+ -| idle | default | false | -+-----------------------------------+------------------------+-----------+ +# atune-adm list + +Support profiles: ++------------------------------------------------+-----------+ +| ProfileName | Active | ++================================================+===========+ +| arm-native-android-container-robox | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-fio | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-lmbench | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-netperf | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-stream | false | ++------------------------------------------------+-----------+ +| basic-test-suite-euleros-baseline-unixbench | false | ++------------------------------------------------+-----------+ +| basic-test-suite-speccpu-speccpu2006 | false | ++------------------------------------------------+-----------+ +| basic-test-suite-specjbb-specjbb2015 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-hdfs-dfsio-hdd | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-hdfs-dfsio-ssd | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-bayesian | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-kmeans | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql1 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql10 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql2 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql3 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql4 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql5 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql6 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql7 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql8 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-sql9 | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-tersort | false | ++------------------------------------------------+-----------+ +| big-data-hadoop-spark-wordcount | false | ++------------------------------------------------+-----------+ +| cloud-compute-kvm-host | false | ++------------------------------------------------+-----------+ +| database-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| database-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| database-mongodb-2p-sysbench | false | ++------------------------------------------------+-----------+ +| database-mysql-2p-sysbench-hdd | false | ++------------------------------------------------+-----------+ +| database-mysql-2p-sysbench-ssd | false | ++------------------------------------------------+-----------+ +| database-postgresql-2p-sysbench-hdd | false | ++------------------------------------------------+-----------+ +| database-postgresql-2p-sysbench-ssd | false | ++------------------------------------------------+-----------+ +| default-default | false | ++------------------------------------------------+-----------+ +| docker-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| docker-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| hpc-gatk4-human-genome | false | ++------------------------------------------------+-----------+ +| in-memory-database-redis-redis-benchmark | false | ++------------------------------------------------+-----------+ +| middleware-dubbo-dubbo-benchmark | false | ++------------------------------------------------+-----------+ +| storage-ceph-vdbench-hdd | false | ++------------------------------------------------+-----------+ +| storage-ceph-vdbench-ssd | false | ++------------------------------------------------+-----------+ +| virtualization-consumer-cloud-olc | false | ++------------------------------------------------+-----------+ +| virtualization-mariadb-2p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| virtualization-mariadb-4p-tpcc-c3 | false | ++------------------------------------------------+-----------+ +| web-apache-traffic-server-spirent-pingpo | false | ++------------------------------------------------+-----------+ +| web-nginx-http-long-connection | true | ++------------------------------------------------+-----------+ +| web-nginx-https-short-connection | false | ++------------------------------------------------+-----------+ ``` ->![](public_sys-resources/icon-note.gif) **说明:** ->Active为true表示当前激活的profile,示例表示当前激活的是default类型对应的profile。 +>![](./public_sys-resources/icon-note.gif) **说明:** +>Active为true表示当前激活的profile,示例表示当前激活的profile是web-nginx-http-long-connection。 ## 分析负载类型并自优化 ### analysis @@ -108,6 +179,7 @@ Support WorkloadTypes: - OPTIONS + + + +

参数

描述

@@ -119,19 +191,30 @@ Support WorkloadTypes:

用户自训练产生的新模型

--characterization, -c

+

使用默认的模型进行应用识别,不进行自动优化

+
### 使用示例 -- 使用默认的模型进行分类识别 +- 使用默认的模型进行应用识别 ``` - # atune-adm analysis + # atune-adm analysis --characterization ``` -- 使用自训练的模型进行识别 +- 使用默认的模型进行应用识别,并进行自动优化 + + ``` + # atune-adm analysis + ``` + +- 使用自训练的模型进行应用识别 ``` # atune-adm analysis --model /usr/libexec/atuned/analysis/models/new-model.m @@ -142,8 +225,8 @@ Support WorkloadTypes: A-Tune支持用户定义并学习新模型。定义新模型的操作流程如下: -1. 用define命令定义workload\_type和profile -2. 用collection命令收集workload\_type对应的画像数据 +1. 用define命令定义一个新应用的profile +2. 用collection命令收集应用对应的系统数据 3. 用train命令训练得到模型 @@ -152,49 +235,47 @@ A-Tune支持用户定义并学习新模型。定义新模型的操作流程如 ### 功能描述 -添加用户自定义的workload\_type,及对应的profile优化项。 +添加用户自定义的应用场景,及对应的profile优化项。 ### 命令格式 -**atune-adm define** +**atune-adm define** ### 使用示例 -新增一个workload type,workload type的名称为test\_type,profile name的名称为test\_name,优化项的配置文件为example.conf。 +新增一个profile,service_type的名称为test_service,application_name的名称为test_app,scenario_name的名称为test_scenario,优化项的配置文件为example.conf。 ``` -# atune-adm define test_type test_name ./example.conf +# atune-adm define test_service test_app test_scenario ./example.conf ``` example.conf 可以参考如下方式书写(以下各优化项非必填,仅供参考),也可通过**atune-adm info**查看已有的profile是如何书写的。 ``` -[main] -# list its parent profile -[tip] -# the recommended optimization, which should be performed manunaly -[check] -# check the environment -[affinity.irq] -# to change the affinity of irqs -[affinity.task] -# to change the affinity of tasks -[bios] -# to change the bios config -[bootloader.grub2] -# to change the grub2 config -[kernel_config] -# to change the kernel config -[script] -# the script extention of cpi -[sysctl] -# to change the /proc/sys/* config -[sysfs] -# to change the /sys/* config -[systemctl] -# to change the system service config -[ulimit] -# to change the resources limit of user + [main] + # list its parent profile + [kernel_config] + # to change the kernel config + [bios] + # to change the bios config + [bootloader.grub2] + # to change the grub2 config + [sysfs] + # to change the /sys/* config + [systemctl] + # to change the system service status + [sysctl] + # to change the /proc/sys/* config + [script] + # the script extention of cpi + [ulimit] + # to change the resources limit of user + [schedule_policy] + # to change the schedule policy + [check] + # check the environment + [tip] + # the recommended optimization, which should be performed manunaly ``` ### collection @@ -203,7 +284,7 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅 采集业务运行时系统的全局资源使用情况以及OS的各项状态信息,并将收集的结果保存到csv格式的输出文件中,作为模型训练的输入数据集。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 本命令依赖采样工具perf,mpstat,vmstat,iostat,sar。 >- CPU型号目前仅支持鲲鹏920,可通过dmidecode -t processor检查CPU型号。 @@ -242,9 +323,9 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅

业务运行时使用的网络接口,如eth0

-

--workload_type, -t

+

--app_type, -t

-

标记业务的负载类型,作为训练时使用的标签

+

标记业务的应用类型,作为训练时使用的标签

--duration, -d

@@ -264,14 +345,14 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅 ### 使用示例 ``` -# atune-adm collection --filename name --interval 5 --duration 1200 --output_path /home/data --disk sda --network eth0 --workload_type test_type +# atune-adm collection --filename name --interval 5 --duration 1200 --output_path /home/data --disk sda --network eth0 --app_type test_type ``` ### train ### 功能描述 -使用采集的数据进行模型的训练。训练时至少采集两种workload\_type的数据,否则训练会出错。 +使用采集的数据进行模型的训练。训练时至少采集两种应用类型的数据,否则训练会出错。 ### 命令格式 @@ -314,18 +395,18 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅 ### 功能描述 -删除用户自定义的workload\_type。 +删除用户自定义的profile。 ### 命令格式 -**atune-adm undefine** +**atune-adm undefine** ### 使用示例 -删除自定义的负载类型test\_type。 +删除自定义的profile。 ``` -# atune-adm undefine test_type +# atune-adm undefine test_service-test_app-test_scenario ``` ## 查询profile @@ -334,26 +415,26 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅 ### 功能描述 -查看workload\_type对应的profile内容。 +查看对应的profile内容。 ### 命令格式 -**atune-adm info** _ +**atune-adm info** ### 使用示例 -查看webserver的profile内容: +查看web-nginx-http-long-connection的profile内容: ``` -# atune-adm info webserver +# atune-adm info web-nginx-http-long-connection -*** ssl_webserver: +*** web-nginx-http-long-connection: # -# webserver tuned configuration +# nginx http long connection A-Tune configuration # [main] -#TODO CONFIG +include = default-default [kernel_config] #TODO CONFIG @@ -361,11 +442,18 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅 [bios] #TODO CONFIG +[bootloader.grub2] +iommu.passthrough = 1 + [sysfs] #TODO CONFIG +[systemctl] +sysmonitor = stop +irqbalance = stop + [sysctl] -fs.file-max=6553600 +fs.file-max = 6553600 fs.suid_dumpable = 1 fs.aio-max-nr = 1048576 kernel.shmmax = 68719476736 @@ -393,36 +481,23 @@ net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 -[systemctl] -sysmonitor=stop -irqbalance=stop - -[bootloader.grub2] -selinux=0 -iommu.passthrough=1 - -[tip] -bind your master process to the CPU near the network = affinity -bind your network interrupt to the CPU that has this network = affinity -relogin into the system to enable limits setting = OS - [script] -openssl_hpre = 0 prefetch = off +ethtool = -X {network} hfunc toeplitz [ulimit] {user}.hard.nofile = 102400 {user}.soft.nofile = 102400 -[affinity.task] -#TODO CONFIG - -[affinity.irq] +[schedule_policy] #TODO CONFIG [check] #TODO CONFIG +[tip] +SELinux provides extra control and security features to linux kernel. Disabling SELinux will improve the performance but may cause security risks. = kernel +disable the nginx log = application ``` ## 更新profile @@ -432,18 +507,18 @@ prefetch = off ### 功能描述 -将workload\_type原来的优化项更新为new.conf中的内容。 +将已有profile中原来的优化项更新为new.conf中的内容。 ### 命令格式 -**atune-adm update** +**atune-adm update** ### 使用示例 -更新负载类型为test\_type,优化项名称为test\_name的优化项为new.conf。 +更新名为test_service-test_app-test_scenario的profile优化项为new.conf。 ``` -# atune-adm update test_type test_name ./new.conf +# atune-adm update test_service-test_app-test_scenario ./new.conf ``` ## 激活profile @@ -451,22 +526,22 @@ prefetch = off ### 功能描述 -手动激活workload\_type对应的profile,使得workload\_type处于active状态。 +手动激活profile,使其处于active状态。 ### 命令格式 -**atune-adm profile **_<_WORKLOAD\_TYPE_\>_ +**atune-adm profile** ### 参数说明 -WORKLOAD\_TYPE支持的类型参考list命令查询结果。 +profile名参考list命令查询结果。 ### 使用示例 -激活webserver对应的profile配置。 +激活web-nginx-http-long-connection对应的profile配置。 ``` -# atune-adm profile webserver +# atune-adm profile web-nginx-http-long-connection ``` ## 回滚profile @@ -556,10 +631,10 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数 ### 命令格式 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >在运行命令前,需要满足如下条件: ->1. 编辑好服务端yaml配置文件,且需要服务端管理员将该配置文件放到服务端的/etc/atuned/tuning/目录下。 ->2. 编辑好客户端yaml配置文件并放在客户端任一目录。 +>1. 服务端的yaml配置文件已经编辑完成并放置于 atuned服务下的**/etc/atuned/tuning/**目录中。 +>2. 客户端的yaml配置文件已经编辑完成并放置于atuned客户端任意目录下。 **atune-adm tuning** \[OPTIONS\] @@ -568,6 +643,7 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数 - OPTIONS + + + + + + +

参数

描述

@@ -584,11 +660,22 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数

指定需要恢复的yaml文件中的项目名称

--restart, -c

+

基于历史调优结果进行调优

+

--detail, -d

+

打印tuning过程的详细信息

+
- - >![](public_sys-resources/icon-note.gif) **说明:** - >当使用参数时,上述两个参数需要同时使用,且-p参数后需要跟具体的项目名称。 + + + >![](./public_sys-resources/icon-note.gif) **说明:** + >当使用参数时,-p参数后需要跟具体的项目名称且必须指定该项目yaml文件。 - PROJECT\_YAML:客户端yaml配置文件。 @@ -660,6 +747,7 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数 **表 2** object项配置说明 + - - - - - - - - @@ -769,21 +857,15 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数 - - - - -

配置名称

配置说明

@@ -726,36 +814,36 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数

dtype

该参数仅在type为discrete类型时配置,目前支持int和string两种类型

+

该参数仅在type为discrete类型时配置,目前支持int, float, string类型

枚举

int, string

+

int, float, string

scope

参数设置范围,仅在type为discrete且dtype为int时或者type为continuous时生效

+

参数设置范围,仅在type为discrete且dtype为int或float时或者type为continuous时生效

整型

+

整型/浮点型

用户自定义,取值在该参数的合法范围

step

参数值步长,dtype为int时使用

+

参数值步长,dtype为int或float时使用

整型

+

整型/浮点型

用户自定义

items

参数值在scope定义范围之外的枚举值,dtype为int时使用

+

参数值在scope定义范围之外的枚举值,dtype为int或float时使用

整型

+

整型/浮点型

用户自定义,取值在该参数的合法范围

用户自定义,取值在该参数的合法范围

ref

-

参数的推荐初始值

-

整型或字符串

-

用户自定义,取值在该参数的合法范围

-
+ + **表 3** 客户端yaml文件配置说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

配置名称

配置说明

@@ -803,6 +885,15 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数

-

engine

+

调优算法

+

字符串

+

"random", "forest", "gbrt", "bayes", "extraTrees"

+

iterations

调优迭代次数

@@ -812,6 +903,51 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数

>=10

random_starts

+

随机迭代次数

+

整型

+

<iterations

+

feature_filter_engine

+

参数搜索算法,用于重要参数选择,该参数可选

+

字符串

+

"lhs"

+

feature_filter_cycle

+

参数搜索轮数,用于重要参数选择,该参数配合feature_filter_engine使用

+

整型

+

-

+

feature_filter_iters

+

每轮参数搜索的迭代次数,用于重要参数选择,该参数配合feature_filter_engine使用

+

整型

+

-

+

split_count

+

调优参数取值范围中均匀选取的参数个数,用于重要参数选择,该参数配合feature_filter_engine使用

+

整型

+

-

+

benchmark

性能测试脚本

@@ -834,9 +970,12 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数
+ + **表 4** evaluations项配置说明 + - - @@ -72,18 +72,19 @@ A-Tune支持的主要特性、特性成熟度以及使用建议请参见[表1](#

配置名称

配置说明

@@ -900,102 +1039,60 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数 服务端yaml文件配置示例: ``` -project: "example" -maxiterations: 10 +project: "compress" +maxiterations: 500 startworkload: "" stopworkload: "" object : - - name : "vm.swappiness" + name : "compressLevel" info : - desc : "the vm.swappiness" - get : "sysctl -a | grep vm.swappiness" - set : "sysctl -w vm.swappiness=$value" - needrestart: "false" + desc : "The compresslevel parameter is an integer from 1 to 9 controlling the level of compression" + get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressLevel=' | awk -F '=' '{print $2}'" + set : "sed -i 's/compressLevel=\\s*[0-9]*/compressLevel=$value/g' /root/A-Tune/examples/tuning/compress/compress.py" + needrestart : "false" type : "continuous" scope : - - 0 - - 10 - ref : 1 - - - name : "irqbalance" - info : - desc : "system irqbalance" - get : "systemctl status irqbalance" - set : "systemctl $value sysmonitor;systemctl $value irqbalance" - needrestart: "false" - type : "discrete" - options: - - "start" - - "stop" - dtype : "string" - ref : "start" - - - name : "net.tcp_min_tso_segs" - info : - desc : "the minimum tso number" - get : "cat /proc/sys/net/ipv4/tcp_min_tso_segs" - set : "echo $value > /proc/sys/net/ipv4/tcp_min_tso_segs" - needrestart: "false" - type : "continuous" - scope: - 1 - - 16 - ref : 2 + - 9 + dtype : "int" - - name : "prefetcher" + name : "compressMethod" info : - desc : "" - get : "cat /sys/class/misc/prefetch/policy" - set : "echo $value > /sys/class/misc/prefetch/policy" - needrestart: "false" + desc : "The compressMethod parameter is a string controlling the compression method" + get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressMethod=' | awk -F '=' '{print $2}' | sed 's/\"//g'" + set : "sed -i 's/compressMethod=\\s*[0-9,a-z,\"]*/compressMethod=\"$value\"/g' /root/A-Tune/examples/tuning/compress/compress.py" + needrestart : "false" type : "discrete" - options: - - "0" - - "15" + options : + - "bz2" + - "zlib" + - "gzip" dtype : "string" - ref : "15" - - - name : "kernel.sched_min_granularity_ns" - info : - desc : "Minimal preemption granularity for CPU-bound tasks" - get : "sysctl kernel.sched_min_granularity_ns" - set : "sysctl -w kernel.sched_min_granularity_ns=$value" - needrestart: "false" - type : "continuous" - scope: - - 5000000 - - 50000000 - ref : 10000000 - - - name : "kernel.sched_latency_ns" - info : - desc : "" - get : "sysctl kernel.sched_latency_ns" - set : "sysctl -w kernel.sched_latency_ns=$value" - needrestart: "false" - type : "continuous" - scope: - - 10000000 - - 100000000 - ref : 16000000 - ``` 客户端yaml文件配置示例: ``` -project: "example" -iterations : 10 -benchmark : "sh /home/Benchmarks/mysql/tunning_mysql.sh" +project: "compress" +engine : "gbrt" +iterations : 20 +random_starts : 10 + +benchmark : "python3 /root/A-Tune/examples/tuning/compress/compress.py" evaluations : - - name: "tps" + name: "time" + info: + get: "echo '$out' | grep 'time' | awk '{print $3}'" + type: "positive" + weight: 20 + - + name: "compress_ratio" info: - get: "echo -e '$out' |grep 'transactions:' |awk '{print $3}' | cut -c 2-" + get: "echo '$out' | grep 'compress_ratio' | awk '{print $3}'" type: "negative" - weight: 100 - threshold: 100 + weight: 80 ``` ### 使用示例 @@ -1003,13 +1100,13 @@ evaluations : - 进行tuning调优 ``` - # atune-adm tuning example-client.yaml + # atune-adm tuning --project compress --detail compress_client.yaml ``` -- 恢复tuning调优前的初始配置,example为yaml文件中的项目名称 +- 恢复tuning调优前的初始配置,compress为yaml文件中的项目名称 ``` - # atune-adm tuning --restore --project example + # atune-adm tuning --restore --project compress ``` diff --git "a/content/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" "b/docs/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" similarity index 32% rename from "content/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" rename to "docs/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" index ba4ec2d291b4cad7ddaf9ec6e4ca274aed275547..64e50602a55eb21710ccfc9b3baabbae292f85ef 100644 --- "a/content/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" +++ "b/docs/zh/docs/A-Tune/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" @@ -2,16 +2,18 @@ 本章介绍如何安装和部署A-Tune。 + - [安装与部署](#安装与部署) - [软硬件要求](#软硬件要求) - [环境准备](#环境准备) - - [安装A-Tune](#安装A-Tune) + - [安装A-Tune](#安装a-tune) - [安装模式介绍](#安装模式介绍) - [安装操作](#安装操作) - - [部署A-Tune](#部署A-Tune) + - [部署A-Tune](#部署a-tune) - [配置介绍](#配置介绍) - - [启动A-Tune](#启动A-Tune) - + - [启动A-Tune](#启动a-tune) + - [启动A-Tune engine](#启动a-tune-engine) + ## 软硬件要求 @@ -25,7 +27,7 @@ ## 环境准备 -- 安装openEuler系统,安装方法参考《openEuler 20.03 LTS 安装指南》。 +- 安装openEuler系统,安装方法参考《openEuler 20.03 LTS SP1 安装指南》。 - 安装A-Tune需要使用root权限。 @@ -47,7 +49,7 @@ A-Tune支持单机模式和分布式模式安装: 两种安装模式的简单图示如下: -![](figures/zh-cn_image_0231122163.png) +![](./figures/zh-cn_image_0231122163.png) ### 安装操作 @@ -56,7 +58,7 @@ A-Tune支持单机模式和分布式模式安装: 1. 挂载openEuler的iso文件。 ``` - # mount openEuler-20.03-LTS-aarch64-dvd.iso /mnt + # mount openEuler-20.03-LTS-SP1-aarch64-dvd.iso /mnt ``` 2. 配置本地yum源。 @@ -82,13 +84,14 @@ A-Tune支持单机模式和分布式模式安装: ``` -4. 安装A-Tune服务端。 +4. 安装A-Tune服务端。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >本步骤会同时安装服务端和客户端软件包,对于单机部署模式,请跳过**步骤5**。 ``` # yum install atune -y + # yum install atune-engine -y ``` 5. 若为分布式部署,请安装A-Tune客户端。 @@ -104,6 +107,7 @@ A-Tune支持单机模式和分布式模式安装: atune-client-xxx atune-db-xxx atune-xxx + atune-engine-xxx ``` @@ -114,16 +118,37 @@ A-Tune支持单机模式和分布式模式安装: A-Tune配置文件/etc/atuned/atuned.cnf的配置项说明如下: -- A-Tune服务启动配置 +- A-Tune服务启动配置 可根据需要进行修改。 - protocol:系统grpc服务使用的协议,unix或tcp,unix为本地socket通信方式,tcp为socket监听端口方式。默认为unix。 - - address:系统grpc服务的侦听地址,默认为unix socket,若为分布式部署,需修改为侦听的ip地址。 - port:系统grpc服务的侦听端口,范围为0\~65535未使用的端口。如果protocol配置是unix,则不需要配置。 - - rest\_port:系统restservice的侦听端口, 范围为0\~65535未使用的端口。 - - sample\_num:系统执行analysis流程时采集样本的数量。 + - connect:若为集群部署时,atune所在节点的ip列表,ip地址以逗号分隔。 + - rest_host:系统rest service的侦听地址,默认为localhost。 + - rest_port:系统rest service的侦听端口,范围为0~65535未使用的端口,默认为8383。 + - engine_host:与系统atune engine service链接的地址。 + - engine_port:与系统atune engine service链接的端口。 + - sample_num:系统执行analysis流程时采集样本的数量,默认为20。 + - interval:系统执行analysis流程时采集样本的间隔时间,默认为5s。 + - grpc_tls:系统grpc的SSL/TLS证书校验开关,默认不开启。开启grpc_tls后,atune-adm命令在使用前需要设置以下环境变量方可与服务端进行通讯: + - export ATUNE_TLS=yes + - export ATUNED_CACERT=<客户端CA证书路径> + - export ATUNED_CLIENTCERT=<客户端证书路径> + - export ATUNED_CLIENTKEY=<客户端秘钥路径> + - export ATUNED_SERVERCN=server + - tlsservercafile:gPRC服务端CA证书路径。 + - tlsservercertfile:gPRC服务端证书路径。 + - tlsserverkeyfile:gPRC服务端秘钥路径。 + - rest_tls:系统rest service的SSL/TLS证书校验开关,默认开启。 + - tlsrestcacertfile:系统rest service的服务端CA证书路径。 + - tlsrestservercertfile:系统rest service的服务端证书路径 + - tlsrestserverkeyfile:系统rest service的服务端秘钥路径。 + - engine_tls:系统atune engine service的SSL/TLS证书校验开关,默认开启。 + - tlsenginecacertfile:系统atune engine service的客户端CA证书路径。 + - tlsengineclientcertfile:系统atune engine service的客户端证书路径 + - tlsengineclientkeyfile:系统atune engine service的客户端秘钥路径 - system信息 @@ -131,84 +156,158 @@ A-Tune配置文件/etc/atuned/atuned.cnf的配置项说明如下: - disk:执行analysis流程时需要采集的对应磁盘的信息或执行磁盘相关优化时需要指定的磁盘。 - network:执行analysis时需要采集的对应的网卡的信息或执行网卡相关优化时需要指定的网卡。 + - user:执行ulimit相关优化时用到的用户名。目前只支持root用户。 - - tls:开启A-Tune的gRPC和http服务SSL/TLS证书校验,默认不开启。开启TLS后atune-adm命令在使用前需要设置以下环境变量方可与服务端进行通讯: - - export ATUNE\_TLS=yes - - export ATUNE\_CLICERT=<客户端证书路径\> - - - tlsservercertfile:gPRC服务端证书路径。 - - tlsserverkeyfile:gPRC服务端秘钥路径。 - - tlshttpcertfile:http服务端证书路径。 - - tlshttpkeyfile:http服务端秘钥路径。 - - tlshttpcacertfile:http服务端CA证书路径。 - + - 日志信息 - 根据情况修改日志的路径和级别,默认的日志信息在/var/log/messages中。 + 根据情况修改日志的级别,默认为info级别,日志信息打印在/var/log/messages中。 - monitor信息 为系统启动时默认采集的系统硬件信息。 + +- tuning信息 + + tuning为系统进行离线调优时需要用到的参数信息。 + + - noise:高斯噪声的评估值。 + - sel_feature:控制离线调优参数重要性排名输出的开关,默认关闭。 ### 配置示例 ``` -##################################### server ############################### -# atuned config -[server] -# the protocol grpc server running on -# ranges: unix or tcp -protocol = unix - -# the address that the grpc server to bind to -# default is unix socket /var/run/atuned/atuned.sock -# ranges: /var/run/atuned/atuned.sock or ip -address = /var/run/atuned/atuned.sock - -# the atuned grpc listening port, default is 60001 -# the port can be set between 0 to 65535 which not be used -port = 60001 - -# the rest service listening port, default is 8383 -# the port can be set between 0 to 65535 which not be used -rest_port = 8383 - -# when run analysis command, the numbers of collected data. -# default is 20 -sample_num = 20 - -# Enable gRPC and http server authentication SSL/TLS -# default is false -# tls = true -# tlsservercertfile = /etc/atuned/server.pem -# tlsserverkeyfile = /etc/atuned/server.key -# tlshttpcertfile = /etc/atuned/http/server.pem -# tlshttpkeyfile = /etc/atuned/http/server.key -# tlshttpcacertfile = /etc/atuned/http/cacert.pem - -##################################### log ############################### -# Either "debug", "info", "warn", "error", "critical", default is "info" -level = info - -##################################### monitor ############################### -[monitor] -# With the module and format of the MPI, the format is {module}_{purpose} -# The module is Either "mem", "net", "cpu", "storage" -# The purpose is "topo" -module = mem_topo, cpu_topo - -##################################### system ############################### -# you can add arbitrary key-value here, just like key = value -# you can use the key in the profile -[system] -# the disk to be analysis -disk = sda - -# the network to be analysis -network = enp189s0f0 - -user = root +#################################### server ############################### + # atuned config + [server] + # the protocol grpc server running on + # ranges: unix or tcp + protocol = unix + + # the address that the grpc server to bind to + # default is unix socket /var/run/atuned/atuned.sock + # ranges: /var/run/atuned/atuned.sock or ip address + address = /var/run/atuned/atuned.sock + + # the atune nodes in cluster mode, separated by commas + # it is valid when protocol is tcp + # connect = ip01,ip02,ip03 + + # the atuned grpc listening port + # the port can be set between 0 to 65535 which not be used + # port = 60001 + + # the rest service listening port, default is 8383 + # the port can be set between 0 to 65535 which not be used + rest_host = localhost + rest_port = 8383 + + # the tuning optimizer host and port, start by engine.service + # if engine_host is same as rest_host, two ports cannot be same + # the port can be set between 0 to 65535 which not be used + engine_host = localhost + engine_port = 3838 + + # when run analysis command, the numbers of collected data. + # default is 20 + sample_num = 20 + + # interval for collecting data, default is 5s + interval = 5 + + # enable gRPC authentication SSL/TLS + # default is false + # grpc_tls = false + # tlsservercafile = /etc/atuned/grpc_certs/ca.crt + # tlsservercertfile = /etc/atuned/grpc_certs/server.crt + # tlsserverkeyfile = /etc/atuned/grpc_certs/server.key + + # enable rest server authentication SSL/TLS + # default is true + rest_tls = true + tlsrestcacertfile = /etc/atuned/rest_certs/ca.crt + tlsrestservercertfile = /etc/atuned/rest_certs/server.crt + tlsrestserverkeyfile = /etc/atuned/rest_certs/server.key + + # enable engine server authentication SSL/TLS + # default is true + engine_tls = true + tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt + tlsengineclientcertfile = /etc/atuned/engine_certs/client.crt + tlsengineclientkeyfile = /etc/atuned/engine_certs/client.key + + + #################################### log ############################### + [log] + # either "debug", "info", "warn", "error", "critical", default is "info" + level = info + + #################################### monitor ############################### + [monitor] + # with the module and format of the MPI, the format is {module}_{purpose} + # the module is Either "mem", "net", "cpu", "storage" + # the purpose is "topo" + module = mem_topo, cpu_topo + + #################################### system ############################### + # you can add arbitrary key-value here, just like key = value + # you can use the key in the profile + [system] + # the disk to be analysis + disk = sda + + # the network to be analysis + network = enp189s0f0 + + user = root + + #################################### tuning ############################### + # tuning configs + [tuning] + noise = 0.000000001 + sel_feature = false +``` + +A-Tune engine配置文件/etc/atuned/engine.cnf的配置项说明如下: + +- A-Tune engine服务启动配置 + + 可根据需要进行修改。 + + - engine_host:系统atune engine service的侦听地址,默认为localhost。 + - engine_port:系统atune engine service的侦听端口,范围为0~65535未使用的端口,默认为3838。 + - engine_tls:系统atune engine service的SSL/TLS证书校验开关,默认开启。 + - tlsenginecacertfile:系统atune engine service的服务端CA证书路径。 + - tlsengineservercertfile:系统atune engine service的服务端证书路径 + - tlsengineserverkeyfile:系统atune engine service的服务端秘钥路径。 + +- 日志信息 + + 根据情况修改日志的级别,默认为info级别,日志信息打印在/var/log/messages中。 + +### 配置示例 + +``` + #################################### engine ############################### + [server] + # the tuning optimizer host and port, start by engine.service + # if engine_host is same as rest_host, two ports cannot be same + # the port can be set between 0 to 65535 which not be used + engine_host = localhost + engine_port = 3838 + + # enable engine server authentication SSL/TLS + # default is true + engine_tls = true + tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt + tlsengineservercertfile = /etc/atuned/engine_certs/server.crt + tlsengineserverkeyfile = /etc/atuned/engine_certs/server.key + + #################################### log ############################### + [log] + # either "debug", "info", "warn", "error", "critical", default is "info" + level = info ``` ## 启动A-Tune @@ -230,6 +329,25 @@ A-Tune安装完成后,需要启动A-Tune服务才能使用。 若回显为如下,则服务启动成功。 - ![](figures/zh-cn_image_0214540398.png) + ![](./figures/zh-cn_image_0214540398.png) + +## 启动A-Tune engine + +若需要使用AI相关的功能,需要启动A-Tune engine服务才能使用。 + +- 启动atune-engine服务: + + ``` + # systemctl start atune-engine + ``` + + +- 查询atune-engine服务状态: + + ``` + # systemctl status atune-engine + ``` + 若回显为如下,则服务启动成功。 + ![](./figures/zh-cn_image_0245342444.png) \ No newline at end of file diff --git "a/content/zh/docs/A-Tune/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" "b/docs/zh/docs/A-Tune/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" similarity index 100% rename from "content/zh/docs/A-Tune/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to "docs/zh/docs/A-Tune/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" diff --git "a/content/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" "b/docs/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" similarity index 72% rename from "content/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" rename to "docs/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" index 25ad1784b7ae566694af07a31cb79e5974d068e2..4553464fe538a2be8b316fc72ea40d000f0f4878 100644 --- "a/content/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" +++ "b/docs/zh/docs/A-Tune/\350\256\244\350\257\206A-Tune.md" @@ -19,17 +19,17 @@ A-Tune是一款基于AI开发的系统性能优化引擎,它利用人工智能技术,对业务场景建立精准的系统画像,感知并推理出业务特征,进而做出智能决策,匹配并推荐最佳的系统参数配置组合,使业务处于最佳运行状态。 -![](figures/zh-cn_image_0227497000.png) +![](./figures/zh-cn_image_0227497000.png) ## 架构 A-Tune核心技术架构如下图,主要包括智能决策、系统画像和交互系统三层。 - 智能决策层:包含感知和决策两个子系统,分别完成对应用的智能感知和对系统的调优决策。 -- 系统画像层:主要包括标注和学习系统,标注系统用于业务模型的聚类,学习系统用于业务模型的学习和分类。 +- 系统画像层:主要包括自动特征工程和两层分类模型,自动特征工程用于业务特征的自动选择,两层分类模型用于业务模型的学习和分类。 - 交互系统层:用于各类系统资源的监控和配置,调优策略执行在本层进行。 -![](figures/zh-cn_image_0227497343.png) +![](./figures/zh-cn_image_0227497343.png) ## 支持特性与业务模型 @@ -48,14 +48,14 @@ A-Tune支持的主要特性、特性成熟度以及使用建议请参见[表1](#

七大类11款应用负载类型自动优化

+

11大类15款应用负载类型自动优化

已测试

试用

自定义负载类型和业务模型

+

自定义profile和业务模型

已测试
+ ### 支持业务模型 -根据应用的负载特征,A-Tune将业务分为七大类,各类型的负载特征和A-Tune支持的应用请参见[表2](#table2819164611311)。 +根据应用的负载特征,A-Tune将业务分为11大类,各类型的负载特征和A-Tune支持的应用请参见[表2](#table2819164611311)。 **表 2** 支持的业务类型和应用 - - - - +

负载模型

+ - @@ -93,87 +94,102 @@ A-Tune支持的主要特性、特性成熟度以及使用建议请参见[表1](# - - - - - - - - - - - - - - - - - - + + + + + - - - - - - - - - - - + + + + +

业务大类

业务类型

负载特征

+

瓶颈点

支持的应用

默认类型

CPU、内存带宽、网络、IO各维度资源使用率都不高

+

算力、内存、网络、IO各维度资源使用率都不高

N/A

webserver

https应用

+

web应用

CPU使用率高

+

算力瓶颈、网络瓶颈

Nginx

+

Nginx、Apache Traffic Server

big_database

+

database

数据库

  • 关系型数据库

    读: CPU、内存带宽、网络使用率高

    -

    写:IO使用率高

    -
-
  • 非关系型数据库

    CPU、IO使用率高

    -
+		算力瓶颈、内存瓶颈、IO瓶颈

MongoDB、MySQL、PostgreSQL、MariaDB

+

Mongodb、Mysql、Postgresql、Mariadb

big_data

+

big-data

大数据

CPU、IO使用率较高

+

算力瓶颈、内存瓶颈

Hadoop、Spark

+

Hadoop-hdfs、Hadoop-spark

in-memory_computing

+

middleware

内存密集型应用

+

中间件框架

CPU、内存带宽使用率高

+

算力瓶颈、网络瓶颈

SPECjbb2015

+

Dubbo

in-memory_database

+

in-memory-database

计算+网络密集型应用

+

内存数据库

CPU单核使用率高,多实例下网络使用率高

+

内存瓶颈、IO瓶颈

Redis

single_computer_intensive_jobs

+

basic-test-suite

+

基础测试套

+

算力瓶颈、内存瓶颈

+

SPECCPU2006、SPECjbb2015

+

hpc

计算密集型应用

+

人类基因组

CPU单核使用率高,部分子项内存带宽使用率高

+

算力瓶颈、内存瓶颈、IO瓶颈

SPECCPU2006

+

Gatk4

communication

+

storage

网络密集型应用

+

存储

CPU、网络使用率高

+

网络瓶颈、IO瓶颈

Dubbo

+

Ceph

idle

+

virtualization

系统idle

+

虚拟化

系统处于空闲状态,无任何应用运行

+

算力瓶颈、内存瓶颈、IO瓶颈

N/A

+

Consumer-cloud、Mariadb

+

docker

+

容器

+

算力瓶颈、内存瓶颈、IO瓶颈

+

Mariadb
+ diff --git "a/content/zh/docs/A-Tune/\351\231\204\345\275\225.md" "b/docs/zh/docs/A-Tune/\351\231\204\345\275\225.md" similarity index 69% rename from "content/zh/docs/A-Tune/\351\231\204\345\275\225.md" rename to "docs/zh/docs/A-Tune/\351\231\204\345\275\225.md" index f533f90985f5861224579785e2ea25a8bfcba1a9..80c87bad98827cce03e146ba202bad25b65b32fa 100644 --- "a/content/zh/docs/A-Tune/\351\231\204\345\275\225.md" +++ "b/docs/zh/docs/A-Tune/\351\231\204\345\275\225.md" @@ -17,11 +17,7 @@

workload_type

-

负载类型,用于标记具有相同特征的一类业务

-

profile

优化项集合,最佳的参数配置

@@ -29,3 +25,4 @@
+ diff --git a/content/zh/docs/Administration/FAQ-54.md b/docs/zh/docs/Administration/FAQ-54.md similarity index 48% rename from content/zh/docs/Administration/FAQ-54.md rename to docs/zh/docs/Administration/FAQ-54.md index 4f2b420466c5793add418c2f551ce62c12d405cc..0a0fffd6d069d6d80f3c2f2a4f9653423aab37d4 100644 --- a/content/zh/docs/Administration/FAQ-54.md +++ b/docs/zh/docs/Administration/FAQ-54.md @@ -7,6 +7,11 @@ - [使用rpmbuild编译mariadb失败](#使用rpmbuild编译mariadb失败) - [使用默认配置启动SNTP服务失败](#使用默认配置启动sntp服务失败) - [安装时出现软件包冲突、文件冲突或缺少软件包导致安装失败](#安装时出现软件包冲突文件冲突或缺少软件包导致安装失败) + - [通过dnf update 默认方式升级openssh软件包时无法安装openssh相关包](#通过dnf-update-默认方式升级openssh软件包时无法安装openssh相关包) + - [libiscsi降级失败](#libiscsi降级失败) + - [xfsprogs降级失败](#xfsprogs降级失败) + - [不合理使用glibc正则表达式引起ReDoS攻击](#不合理使用glibc正则表达式引起ReDoS攻击) + - [emacs编辑文件时会存在缓存文件](#emacs编辑文件时会存在缓存文件) @@ -177,3 +182,153 @@ Error: ``` 3. 重新进行升级操作。 + + +## 通过dnf update 默认方式升级openssh软件包时无法安装openssh相关包 + +### 问题现象 + +通过dnf update 默认方式升级openssh软件包时会出现无法安装openssh相关包,提示如下: + + + ``` + cannot install both openssh-7.8p1-8.oe1.aarch64 and openssh-8.2p1-5.oe1.aarch64 + cannot install both openssh-7.8p1-8.oe1.aarch64 and openssh-8.2p1-4.oe1.aarch64 + cannot install the best update condidate for package openssh-clients-8.2p1-5.oe1.aarch64 + cannot install the best update condidate for package openssh-8.2p1-5.oe1.aarch64 + + ``` + +### 原因分析 + +DNF 默认情况下会启用DNF包管理器的“best”模式(对应的参数为--best),该默认选型将始终尝试将升级的包升级到可用的最高版本,即使最高版本无法完全满足它需要的依赖关系。如果使用默认启用的DNF best模式,将提醒用户更新的软件包版本可用但不能满足依赖性。如果出现问题,DNF会提示用户相关依赖问题,以便用户知道。openEuler社区开发人员正在寻求进行此默认更改,以防由于依赖性问题导致无法进行安全修复程序包升级,在当前前提下,它可能会被默默忽略而用户不会意识到。此外,使用DNF最佳模式将迅速提醒开发人员升级路径中的问题。 + +### 解决方案 + +DNF的--nobest选项可用于覆盖/关闭默认的“best”行为,以使用户需要升级的包存在依赖问题的场景下可以正常进行安全修改程序包的升级。 +本次openEuler 20.03 LTS SP1 版本中开发人员已识别到在openssh包安全修复版本升级过程中会存在该场景,建议用户了解上面的分析的情况下,选择合理的升级方式,openEuler同步给出具体升级示例操作: + + + ``` + dnf update –y –nobest openssh + + ``` + +## libiscsi降级失败 + +### 问题现象 + +libiscsi-1.19.2 版本及以上降级到 libiscsi-1.19.1 及以下版本时失败。 + +``` +Error: Transaction test error: +file /usr/bin/iscsi-inq from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-ls from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-perf from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-readcapacity16 from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-swp from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +file /usr/bin/iscsi-test-cu from install of libiscsi-1.19.0-1.eulerosv2r9.x86_64 conflicts with file from package libiscsi-utils-1.19.0-2.eulerosv2r9.x86_64 +``` + +### 原因分析 + +libiscsi-1.19.1 之前的版本把 iscsi-xxx 等二进制文件打包进了主包 libiscsi,而这些二进制文件引入了不合理的依赖 CUnit, 为了解决这种不合理的依赖,在 libiscsi-1.19.2 版本把这些二进制文件单独拆分出来一个子包 libiscsi-utils,主包弱依赖于子包,产品可以根据自己的需求在做镜像时是否集成该子包;不集成或卸载子包不会影响 libiscsi 主包的功能。 + +如果系统中安装了 libiscsi-utils 子包,libiscsi-1.19.2 及以上版本降级到 libiscsi-1.19.1 及以下版本时,由于 libiscsi-1.19.1 及以下版本无法提供对应的 libiscsi-utils,因此 libiscsi-utils 不会降级,但 libiscsi-utils 依赖于降级前的 libiscsi 主包,导致依赖问题无法解决,最终导致降级失败。 + +### 解决方案 + +执行以下命令,卸载 libiscsi-utils 子包,卸载成功后再进行降级操作。 + +``` +yum remove libiscsi-utils +``` + +## xfsprogs降级失败 + +### 问题现象 + +xfsprogs-5.6.0-2 及以上版本降级到 xfsprogs-5.6.0-1 及以下版本时失败。 + +``` +Error: +Problem: problem with installed package xfsprogs-xfs_scrub-5.6.0-2.oe1.x86_64 +- package xfsprogs-xfs_scrub-5.6.0-2.oe1.x86_64 requires xfsprogs = 5.6.0-2.oe1, but none of the providers can be installed +- cannot install both xfsprogs-5.6.0-1.oe1.x86_64 and xfsprogs-5.6.0-2.oe1.x86_64 +- cannot install both xfsprogs-5.6.0-2.oe1.x86_64 and xfsprogs-5.6.0-1.oe1.x86_64 +- conflicting requests +``` + +### 原因分析 + +在 xfsprogs-5.6.0-2 版本中,为了减少 xfsprogs 主包的不合理依赖,同时将实验性质的命令从主包中分来,我们将 xfs_scrub* 命令拆分到单独的 xfsprogs-xfs_scrub 子包中。而 xfsprogs 主包弱依赖于 xfsprogs-xfs_scrub 子包,所以产品可以根据自己的需求在做镜像时是否集成该子包,或者是否卸载该子包。不集成或卸载该子包不会影响 xfsprogs 主包功能。 + +如果系统中安装了 xfsprogs-xfs_scrub 子包,从 xfsprogs-5.6.0-2 及以上版本降级到 xfsprogs-5.6.0-1 及以下版本时,由于 xfsprogs-5.6.0-1 及以下版本无法提供对应的 xfsprogs-xfs_scrub,因此 xfsprogs-xfs_scrub 不会降级,但 xfsprogs-xfs_scrub 依赖于降级前的 xfsprogs 主包,导致依赖问题无法解决,最终导致降级失败。 + +### 解决方案 + +执行以下命令,卸载 xfsprogs-xfs_scrub 子包,卸载成功后再进行降级操作。 + +``` +yum remove xfsprogs-xfs_scrub +``` + +## 不合理使用glibc正则表达式引起ReDoS攻击 + +### 问题现象 + +使用glibc的regcomp/regexec接口编程,或者grep/sed等应用glibc正则表达式的shell命令,不合理的正则表达式或输入会造成ReDoS攻击(CVE-2019-9192/CVE-2018-28796)。 +典型正则表达式pattern为“反向引用”(\1表示)与“*”(匹配零次或多次)、“+”(匹配一次或多次)、“{m,n}”(最小匹配m次,最多匹配n次)的组合,或者配合超长字符串输入,示例如下: +``` +# echo D | grep -E "$(printf '(\0|)(\\1\\1)*')"Segmentation fault (core dumped) +# grep -E "$(printf '(|)(\\1\\1)*')" +Segmentation fault (core dumped) +# echo A | sed '/\(\)\(\1\1\)*/p' +Segmentation fault (core dumped) +# time python -c 'print "a"*40000' | grep -E "a{1,32767}" +Segmentation fault (core dumped) +# time python -c 'print "a"*40900' | grep -E "(a)\\1" +Segmentation fault (core dumped) +``` + +### 原因分析 + +使用正则表达式的进程coredump。具体原因为glibc正则表达式的实现为NFA/DFA混合算法,内部原理是使用贪婪算法进行递归查找,目的是尽可能匹配更多的字符串,贪婪算法在处理递归正则表达式时会导致ReDoS。 + +### 解决方案 + +1. 需要对用户做严格的权限控制,减少攻击面。 +2. 用户需保证正则表达式的正确性,不输入无效正则表达式,或者超长字符串配合正则的“引用” “*”等容易触发无限递归的组合。 + ``` + # ()(\1\1)* + # "a"*400000 + ``` +3. 用户程序在检测到进程异常之后,通过重启进程等手段恢复业务,提升程序的可靠性。 + +## emacs编辑文件时会存在缓存文件 + +### 问题现象 + +emacs未进行配置时,编辑文件保存后会存在以“~”结尾的缓存文件。 + +### 原因分析 + +emacs未进行配置,或者未生成有效的配置文件,会导致存在缓存文件,缓存文件的功能是为了防止系统意外关闭导致的数据丢失,用户可自行决定是否启用该功能。 + +### 解决方案 + +1. 安装好emacs后进入emacs界面。 +2. 在emacs界面输入alt键加x键。 +3. 输入customize后可进行各种设置,对任一功能设置后会生成一个.emacs配置文件,会显示出相应的配置文件路径,如/root/.emacs(自行创建的.emacs无功能作用)。 +4. 若需更改缓存文件配置,有如下方案,可自选: + + * 复制如下代码到/root/.emacs,关闭缓存文件功能: + ``` + (setq make-backup-files nil) + ``` + + + * 复制如下代码到/root/.emacs,指定集中保存备份文件的目录: + ``` + (setq backup-directory-alist (quote (("." . "/.emacs-backups")))) + ``` diff --git a/content/zh/docs/Administration/administration.md b/docs/zh/docs/Administration/administration.md similarity index 100% rename from content/zh/docs/Administration/administration.md rename to docs/zh/docs/Administration/administration.md diff --git "a/content/zh/docs/Administration/figures/\346\220\255\345\273\272\346\225\260\346\215\256\347\233\230-0.png" b/docs/zh/docs/Administration/figures/Creating_DataDisk-0.png similarity index 100% rename from "content/zh/docs/Administration/figures/\346\220\255\345\273\272\346\225\260\346\215\256\347\233\230-0.png" rename to docs/zh/docs/Administration/figures/Creating_DataDisk-0.png diff --git "a/content/zh/docs/Administration/figures/\346\220\255\345\273\272\346\225\260\346\215\256\347\233\230.png" b/docs/zh/docs/Administration/figures/Creating_DataDisk.png similarity index 100% rename from "content/zh/docs/Administration/figures/\346\220\255\345\273\272\346\225\260\346\215\256\347\233\230.png" rename to docs/zh/docs/Administration/figures/Creating_DataDisk.png diff --git a/content/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png b/docs/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png similarity index 100% rename from content/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png rename to docs/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png diff --git a/content/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png b/docs/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png similarity index 100% rename from content/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png rename to docs/zh/docs/Administration/figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png diff --git "a/content/zh/docs/Administration/figures/MariaDB\351\200\273\350\276\221\346\236\266\346\236\204.png" b/docs/zh/docs/Administration/figures/Logical_architecture_MariaDB.png similarity index 100% rename from "content/zh/docs/Administration/figures/MariaDB\351\200\273\350\276\221\346\236\266\346\236\204.png" rename to docs/zh/docs/Administration/figures/Logical_architecture_MariaDB.png diff --git "a/content/zh/docs/Administration/figures/PostgreSql\346\236\266\346\236\204.png" b/docs/zh/docs/Administration/figures/PostgreSQL_architecture.png similarity index 100% rename from "content/zh/docs/Administration/figures/PostgreSql\346\236\266\346\236\204.png" rename to docs/zh/docs/Administration/figures/PostgreSQL_architecture.png diff --git "a/content/zh/docs/Administration/figures/top\346\230\276\347\244\272.png" b/docs/zh/docs/Administration/figures/Top_Display.png similarity index 100% rename from "content/zh/docs/Administration/figures/top\346\230\276\347\244\272.png" rename to docs/zh/docs/Administration/figures/Top_Display.png diff --git "a/content/zh/docs/Administration/figures/\347\231\273\345\275\225.png" b/docs/zh/docs/Administration/figures/login.png similarity index 100% rename from "content/zh/docs/Administration/figures/\347\231\273\345\275\225.png" rename to docs/zh/docs/Administration/figures/login.png diff --git "a/content/zh/docs/Administration/figures/nginx\351\203\250\347\275\262\346\210\220\345\212\237.png" b/docs/zh/docs/Administration/figures/nginx-deploy-success.png similarity index 100% rename from "content/zh/docs/Administration/figures/nginx\351\203\250\347\275\262\346\210\220\345\212\237.png" rename to docs/zh/docs/Administration/figures/nginx-deploy-success.png diff --git "a/content/zh/docs/Administration/figures/nginx\346\234\215\345\212\241\345\220\257\345\212\250\345\244\261\350\264\245.png" b/docs/zh/docs/Administration/figures/nginx-start-failed.png similarity index 100% rename from "content/zh/docs/Administration/figures/nginx\346\234\215\345\212\241\345\220\257\345\212\250\345\244\261\350\264\245.png" rename to docs/zh/docs/Administration/figures/nginx-start-failed.png diff --git "a/content/zh/docs/Administration/figures/nginx\346\234\215\345\212\241\345\220\257\345\212\250\346\210\220\345\212\237.png" b/docs/zh/docs/Administration/figures/nginx-start-success.png similarity index 100% rename from "content/zh/docs/Administration/figures/nginx\346\234\215\345\212\241\345\220\257\345\212\250\346\210\220\345\212\237.png" rename to docs/zh/docs/Administration/figures/nginx-start-success.png diff --git a/content/zh/docs/Administration/figures/postgres.png b/docs/zh/docs/Administration/figures/postgres.png similarity index 100% rename from content/zh/docs/Administration/figures/postgres.png rename to docs/zh/docs/Administration/figures/postgres.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0229622729.png b/docs/zh/docs/Administration/figures/zh-cn_image_0229622729.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0229622729.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0229622729.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0229622789.png b/docs/zh/docs/Administration/figures/zh-cn_image_0229622789.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0229622789.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0229622789.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0230050789.png b/docs/zh/docs/Administration/figures/zh-cn_image_0230050789.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0230050789.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0230050789.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143176.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143176.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143176.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143176.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143177.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143177.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143177.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143177.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143178.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143178.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143178.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143178.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143180.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143180.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143180.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143180.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143181.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143181.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143181.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143181.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143183.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143183.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143183.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143183.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143185.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143185.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143185.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143185.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143187.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143187.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143187.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143187.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143189.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143189.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143189.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143189.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143191.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143191.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143191.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143191.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143193.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143193.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143193.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143193.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143195.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143195.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143195.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143195.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143196.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143196.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143196.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143196.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143197.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143197.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143197.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143197.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231143198.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231143198.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231143198.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231143198.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231563132.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231563132.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231563132.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231563132.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231563134.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231563134.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231563134.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231563134.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231563135.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231563135.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231563135.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231563135.png diff --git a/content/zh/docs/Administration/figures/zh-cn_image_0231563136.png b/docs/zh/docs/Administration/figures/zh-cn_image_0231563136.png similarity index 100% rename from content/zh/docs/Administration/figures/zh-cn_image_0231563136.png rename to docs/zh/docs/Administration/figures/zh-cn_image_0231563136.png diff --git a/content/zh/docs/ApplicationDev/public_sys-resources/icon-caution.gif b/docs/zh/docs/Administration/public_sys-resources/icon-caution.gif similarity index 100% rename from content/zh/docs/ApplicationDev/public_sys-resources/icon-caution.gif rename to docs/zh/docs/Administration/public_sys-resources/icon-caution.gif diff --git a/content/zh/docs/ApplicationDev/public_sys-resources/icon-danger.gif b/docs/zh/docs/Administration/public_sys-resources/icon-danger.gif similarity index 100% rename from content/zh/docs/ApplicationDev/public_sys-resources/icon-danger.gif rename to docs/zh/docs/Administration/public_sys-resources/icon-danger.gif diff --git a/content/zh/docs/ApplicationDev/public_sys-resources/icon-note.gif b/docs/zh/docs/Administration/public_sys-resources/icon-note.gif similarity index 100% rename from content/zh/docs/ApplicationDev/public_sys-resources/icon-note.gif rename to docs/zh/docs/Administration/public_sys-resources/icon-note.gif diff --git a/content/zh/docs/ApplicationDev/public_sys-resources/icon-notice.gif b/docs/zh/docs/Administration/public_sys-resources/icon-notice.gif similarity index 100% rename from content/zh/docs/ApplicationDev/public_sys-resources/icon-notice.gif rename to docs/zh/docs/Administration/public_sys-resources/icon-notice.gif diff --git a/content/zh/docs/ApplicationDev/public_sys-resources/icon-tip.gif b/docs/zh/docs/Administration/public_sys-resources/icon-tip.gif similarity index 100% rename from content/zh/docs/ApplicationDev/public_sys-resources/icon-tip.gif rename to docs/zh/docs/Administration/public_sys-resources/icon-tip.gif diff --git a/content/zh/docs/ApplicationDev/public_sys-resources/icon-warning.gif b/docs/zh/docs/Administration/public_sys-resources/icon-warning.gif similarity index 100% rename from content/zh/docs/ApplicationDev/public_sys-resources/icon-warning.gif rename to docs/zh/docs/Administration/public_sys-resources/icon-warning.gif diff --git "a/content/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" "b/docs/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" similarity index 93% rename from "content/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" rename to "docs/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" index 91cffb82946202d9805fc1d6d2a53be00374398f..dc3fcbaee947910de43fa737c8a45087a056a81c 100644 --- "a/content/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" +++ "b/docs/zh/docs/Administration/\344\275\277\347\224\250DNF\347\256\241\347\220\206\350\275\257\344\273\266\345\214\205.md" @@ -1,598 +1,597 @@ -# 使用DNF管理软件包 - -DNF是一款Linux软件包管理工具,用于管理RPM软件包。DNF可以查询软件包信息,从指定软件库获取软件包,自动处理依赖关系以安装或卸载软件包,以及更新系统到最新可用版本。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->- DNF与YUM完全兼容,提供了YUM兼容的命令行以及为扩展和插件提供的API。 ->- 使用DNF需要管理员权限,本章所有命令需要在管理员权限下执行。 - - -- [使用DNF管理软件包](#使用dnf管理软件包) - - [配置DNF](#配置dnf) - - [DNF配置文件](#dnf配置文件) - - [创建本地软件源仓库](#创建本地软件源仓库) - - [添加、启用和禁用软件源](#添加启用和禁用软件源) - - [管理软件包](#管理软件包) - - [搜索软件包](#搜索软件包) - - [列出软件包清单](#列出软件包清单) - - [显示RPM包信息](#显示rpm包信息) - - [安装RPM包](#安装rpm包) - - [下载软件包](#下载软件包) - - [删除软件包](#删除软件包) - - [管理软件包组](#管理软件包组) - - [列出软件包组清单](#列出软件包组清单) - - [显示软件包组信息](#显示软件包组信息) - - [安装软件包组](#安装软件包组) - - [删除软件包组](#删除软件包组) - - [检查并更新](#检查并更新) - - [检查更新](#检查更新) - - [升级](#升级) - - [更新所有的包和它们的依赖](#更新所有的包和它们的依赖) - - - -## 配置DNF - - - -### DNF配置文件 - -DNF 的主要配置文件是 /etc/dnf/dnf.conf,该文件包含两部分: - -- “main”部分保存着DNF的全局设置。 - -- “repository”部分保存着软件源的设置,可以有一个或多个“repository”。 - -另外,在/etc/yum.repos.d 目录中保存着一个或多个repo源相关文件,它们也可以定义不同的“repository”。 - -所以openEuler软件源的配置一般有两种方式,一种是直接配置/etc/dnf/dnf.conf文件中的“repository”部分,另外一种是在/etc/yum.repos.d目录下增加.repo文件。 - -#### 配置main部分 - -/etc/dnf/dnf.conf 文件包含的“main”部分,配置示例如下: - -``` -[main] -gpgcheck=1 -installonly_limit=3 -clean_requirements_on_remove=True -best=True -``` - -常用选项说明: - -**表 1** main参数说明 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

参数

-

说明

-

cachedir

-

缓存目录,该目录用于存储RPM包和数据库文件。

-

keepcache

-

可选值是1和0,表示是否要缓存已安装成功的那些RPM包及头文件,默认值为0,即不缓存。

-

debuglevel

-

设置dnf生成的debug信息。取值范围:[0-10],数值越大会输出越详细的debug信息。默认值为2,设置为0表示不输出debug信息。

-

clean_requirements_on_remove

-

删除在dnf remove期间不再使用的依赖项,如果软件包是通过DNF安装的,而不是通过显式用户请求安装的,则只能通过clean_requirements_on_remove删除软件包,即它是作为依赖项引入的。 默认值为True。

-

best

-

升级包时,总是尝试安装其最高版本,如果最高版本无法安装,则提示无法安装的原因并停止安装。默认值为True。

-

obsoletes

-

可选值1和0,设置是否允许更新陈旧的RPM包。默认值为1,表示允许更新。

-

gpgcheck

-

可选值1和0,设置是否进行gpg校验。默认值为1,表示需要进行校验。

-

plugins

-

可选值1和0,表示启用或禁用dnf插件。默认值为1,表示启用dnf插件。

-

installonly_limit

-

设置可以同时安装“installonlypkgs”指令列出包的数量。默认值为3,不建议降低此值。

-
- -#### 配置repository部分 - -repository部分允许您定义定制化的openEuler软件源仓库,各个仓库的名称不能相同,否则会引起冲突。配置repository部分有两种方式,一种是直接配置/etc/dnf/dnf.conf文件中的“repository”部分,另外一种是配置/etc/yum.repos.d目录下的.repo文件。 - -- 直接配置/etc/dnf/dnf.conf文件中的“repository”部分 - - 下面是\[repository\]部分的一个最小配置示例: - - ``` - [repository] - name=repository_name - baseurl=repository_url - ``` - - >![](public_sys-resources/icon-note.gif) **说明:** - >openEuler提供在线的镜像源,地址:[https://repo.openeuler.org/](https://repo.openeuler.org/)。以 openEuler 20.03的aarch64版本为例,baseurl可配置为[https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/](https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/)。 - - 选项说明: - - **表 2** repository参数说明 - - - - - - - - - - - -

参数

-

说明

-

name=repository_name

-

软件仓库(repository )描述的字符串。

-

baseurl=repository_url

-

软件仓库(repository )的地址。

-
  • 使用http协议的网络位置:例如 http://path/to/repo
  • 使用ftp协议的网络位置:例如 ftp://path/to/repo
  • 本地位置:例如 file:///path/to/local/repo
-
- - -- 配置/etc/yum.repos.d目录下的.repo文件 - - openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装]({{< relref "../Releasenotes/系统安装.md" >}}),以AArch64架构的OS repo源为例。使用root权限在openEuler_aarch64.repo文件中添加openEuler repo源,示例如下: - - ``` - # vi /etc/yum.repos.d/openEuler_aarch64.repo - ``` - - ``` - [osrepo] - name=osrepo - baseurl=https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/ - enabled=1 - gpgcheck=1 - gpgkey=https://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler - - ``` - - >![](public_sys-resources/icon-note.gif) **说明:** - > - enabled为是否启用该软件源仓库,可选值为1和0。默认值为1,表示启用该软件源仓库。 - > - gpgkey为验证签名用的公钥。 - - -#### 显示当前配置 - -- 要显示当前的配置信息: - - ``` - dnf config-manager --dump - ``` - -- 要显示相应软件源的配置,首先查询repo id: - - ``` - dnf repolist - ``` - - 然后执行如下命令,显示对应id的软件源配置,其中 _repository_ 为查询得到的repo id: - - ``` - dnf config-manager --dump repository - ``` - -- 您也可以使用一个全局正则表达式,来显示所有匹配部分的配置: - - ``` - dnf config-manager --dump glob_expression - ``` - - -### 创建本地软件源仓库 - -要建立一个本地软件源仓库,请按照下列步骤操作。 - -1. 安装createrepo软件包。在root权限下执行如下命令: - - ``` - dnf install createrepo - ``` - -2. 将需要的软件包复制到一个目录下,如/mnt/local\_repo/ 。 -3. 创建软件源,执行以下命令: - - ``` - createrepo --database /mnt/local_repo - ``` - - -### 添加、启用和禁用软件源 - -本节将介绍如何通过“dnf config-manager”命令添加、启用和禁用软件源仓库。 - -#### 添加软件源 - -要定义一个新的软件源仓库,您可以在 /etc/dnf/dnf.conf 文件中添加“repository”部分,或者在/etc/yum.repos.d/目录下添加“.repo”文件进行说明。建议您通过添加“.repo”的方式,每个软件源都有自己对应的“.repo”文件,以下介绍该方式的操作方法。 - -要在您的系统中添加一个这样的源,请在root权限下执行如下命令,执行完成之后会在/etc/yum.repos.d/目录下生成对应的repo文件。其中 _repository\_url_ 为repo源地址,详情请参见[表2](#zh-cn_topic_0151921080_t2df9dceb0ff64b2f8db8ec5cd779792a)。 - -``` -dnf config-manager --add-repo repository_url -``` - -#### 启用软件源 - -要启用软件源,请在root权限下执行如下命令,其中 _repository_ 为新增.repo文件中的repo id(可通过dnf repolist查询): - -``` -dnf config-manager --set-enable repository -``` - -您也可以使用一个全局正则表达式,来启用所有匹配的软件源。其中 _glob\_expression_ 为对应的正则表达式,用于同时匹配多个repo id: - -``` -dnf config-manager --set-enable glob_expression -``` - -#### 禁用软件源 - -要禁用软件源,请在root权限下执行如下命令: - -``` -dnf config-manager --set-disable repository -``` - -同样的,您也可以使用一个全局正则表达式来禁用所有匹配的软件源: - -``` -dnf config-manager --set-disable glob_expression -``` - -## 管理软件包 - -使用dnf能够让您方便的进行查询、安装、删除软件包等操作。 - -### 搜索软件包 - -您可以使用rpm包名称、缩写或者描述搜索需要的RPM包,使用命令如下: - -``` -dnf search term -``` - -示例如下: - -``` -$ dnf search httpd -========================================== N/S matched: httpd ========================================== -httpd.aarch64 : Apache HTTP Server -httpd-devel.aarch64 : Development interfaces for the Apache HTTP server -httpd-manual.noarch : Documentation for the Apache HTTP server -httpd-tools.aarch64 : Tools for use with the Apache HTTP Server -libmicrohttpd.aarch64 : Lightweight library for embedding a webserver in applications -mod_auth_mellon.aarch64 : A SAML 2.0 authentication module for the Apache Httpd Server -mod_dav_svn.aarch64 : Apache httpd module for Subversion server -``` - -### 列出软件包清单 - -要列出系统中所有已安装的以及可用的RPM包信息,使用命令如下: - -``` -dnf list all -``` - -要列出系统中特定的RPM包信息,使用命令如下: - -``` -dnf list glob_expression... -``` - -示例如下: - -``` -$ dnf list httpd -Available Packages -httpd.aarch64 2.4.34-8.h5.oe1 Local -``` - -### 显示RPM包信息 - -要显示一个或者多个RPM包信息,使用命令如下: - -``` -dnf info package_name... -``` - -例如搜索,命令如下: - -``` -$ dnf info httpd -Available Packages -Name : httpd -Version : 2.4.34 -Release : 8.h5.oe1 -Arch : aarch64 -Size : 1.2 M -Repo : Local -Summary : Apache HTTP Server -URL : http://httpd.apache.org/ -License : ASL 2.0 -Description : The Apache HTTP Server is a powerful, efficient, and extensible - : web server. -``` - -### 安装RPM包 - -要安装一个软件包及其所有未安装的依赖,请在root权限下执行如下命令: - -``` -dnf install package_name -``` - -您也可以通过添加软件包名字同时安装多个软件包。配置文件/etc/dnf/dnf.conf添加参数strict=False,运行dnf命令参数添加\-\-setopt=strict=0。请在root权限下执行如下命令: - -``` -dnf install package_name package_name... --setopt=strict=0 -``` - -示例如下: - -``` -# dnf install httpd -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->安装RPM包过程中,若出现安装失败,可参考[安装时出现软件包冲突、文件冲突或缺少软件包导致安装失败](FAQ-54.html#安装时出现软件包冲突文件冲突或缺少软件包导致安装失败)。 - -### 下载软件包 - -使用dnf下载软件包,请在root权限下输入如下命令: - -``` -dnf download package_name -``` - -如果需要同时下载未安装的依赖,则加上\-\-resolve,使用命令如下: - -``` -dnf download --resolve package_name -``` - -示例如下: - -``` -# dnf download --resolve httpd -``` - -### 删除软件包 - -要卸载软件包以及相关的依赖软件包,请在root权限下执行如下命令: - -``` -dnf remove package_name... -``` - -示例如下: - -``` -# dnf remove totem -``` - -## 管理软件包组 - -软件包集合是服务于一个共同的目的一组软件包,例如系统工具集等。使用dnf可以对软件包组进行安装/删除等操作,使相关操作更高效。 - -### 列出软件包组清单 - -使用summary参数,可以列出系统中所有已安装软件包组、可用的组,可用的环境组的数量,命令如下: - -``` -dnf groups summary -``` - -使用示例如下: - -``` -# dnf groups summary -Last metadata expiration check: 0:11:56 ago on Sat 17 Aug 2019 07:45:14 PM CST. -Available Groups: 8 -``` - -要列出所有软件包组和它们的组ID ,命令如下: - -``` -dnf group list -``` - -使用示例如下: - -``` -# dnf group list -Last metadata expiration check: 0:10:32 ago on Sat 17 Aug 2019 07:45:14 PM CST. -Available Environment Groups: - Minimal Install - Custom Operating System - Server -Available Groups: - Development Tools - Graphical Administration Tools - Headless Management - Legacy UNIX Compatibility - Network Servers - Scientific Support - Security Tools - System Tools - -``` - -### 显示软件包组信息 - -要列出包含在一个软件包组中必须安装的包和可选包,使用命令如下: - -``` -dnf group info glob_expression... -``` - -例如显示Development Tools信息,示例如下: - -``` -# dnf group info "Development Tools" -Last metadata expiration check: 0:14:54 ago on Wed 05 Jun 2019 08:38:02 PM CST. - -Group: Development Tools - Description: A basic development environment. - Mandatory Packages: - binutils - glibc-devel - make - pkgconf - pkgconf-m4 - pkgconf-pkg-config - rpm-sign - Optional Packages: - expect -``` - -### 安装软件包组 - -每一个软件包组都有自己的名称以及相应的ID(groupid),您可以使用软件包组名称或它的ID进行安装。 - -要安装一个软件包组,请在root权限下执行如下命令: - -``` -dnf group install group_name -``` - -``` -dnf group install groupid -``` - -例如安装Development Tools相应的软件包组,命令如下: - -``` -# dnf group install "Development Tools" -``` - -``` -# dnf group install development -``` - -### 删除软件包组 - -要卸载软件包组,您可以使用软件包组名称或它的ID,在root权限下执行如下命令: - -``` -dnf group remove group_name -``` - -``` -dnf group remove groupid -``` - -例如删除Development Tools相应的软件包组,命令如下: - -``` -# dnf group remove "Development Tools" -``` - -``` -# dnf group remove development -``` - -## 检查并更新 - -dnf可以检查您的系统中是否有软件包需要更新。您可以通过dnf列出需要更新的软件包,并可以选择一次性全部更新或者只对指定包进行更新。 - -### 检查更新 - -如果您需要显示当前系统可用的更新,使用命令如下: - -``` -dnf check-update -``` - -使用实例如下: - -``` -# dnf check-update -Last metadata expiration check: 0:02:10 ago on Sun 01 Sep 2019 11:28:07 PM CST. - -anaconda-core.aarch64 19.31.123-1.14 updates -anaconda-gui.aarch64 19.31.123-1.14 updates -anaconda-tui.aarch64 19.31.123-1.14 updates -anaconda-user-help.aarch64 19.31.123-1.14 updates -anaconda-widgets.aarch64 19.31.123-1.14 updates -bind-libs.aarch64 32:9.9.4-29.3 updates -bind-libs-lite.aarch64 32:9.9.4-29.3 updates -bind-license.noarch 32:9.9.4-29.3 updates -bind-utils.aarch64 32:9.9.4-29.3 updates -... -``` - -### 升级 - -如果您需要升级单个软件包,在root权限下执行如下命令: - -``` -dnf update package_name -``` - -例如升级rpm包,示例如下: - -``` -# dnf update anaconda-gui.aarch64 -Last metadata expiration check: 0:02:10 ago on Sun 01 Sep 2019 11:30:27 PM CST. -Dependencies Resolved -================================================================================ - Package Arch Version Repository Size -================================================================================ -Updating: - anaconda-gui aarch64 19.31.123-1.14 updates 461 k - anaconda-core aarch64 19.31.123-1.14 updates 1.4 M - anaconda-tui aarch64 19.31.123-1.14 updates 274 k - anaconda-user-help aarch64 19.31.123-1.14 updates 315 k - anaconda-widgets aarch64 19.31.123-1.14 updates 748 k - -Transaction Summary -================================================================================ -Upgrade 5 Package - -Total download size: 3.1 M -Is this ok [y/N]: -``` - -类似的,如果您需要升级软件包组,在root权限下执行如下命令: - -``` -dnf group update group_name -``` - -### 更新所有的包和它们的依赖 - -要更新所有的包和它们的依赖,在root权限下执行如下命令: - -``` -dnf update -``` +# 使用DNF管理软件包 + +DNF是一款Linux软件包管理工具,用于管理RPM软件包。DNF可以查询软件包信息,从指定软件库获取软件包,自动处理依赖关系以安装或卸载软件包,以及更新系统到最新可用版本。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>- DNF与YUM完全兼容,提供了YUM兼容的命令行以及为扩展和插件提供的API。 +>- 使用DNF需要管理员权限,本章所有命令需要在管理员权限下执行。 + + +- [使用DNF管理软件包](#使用dnf管理软件包) + - [配置DNF](#配置dnf) + - [DNF配置文件](#dnf配置文件) + - [创建本地软件源仓库](#创建本地软件源仓库) + - [添加、启用和禁用软件源](#添加启用和禁用软件源) + - [管理软件包](#管理软件包) + - [搜索软件包](#搜索软件包) + - [列出软件包清单](#列出软件包清单) + - [显示RPM包信息](#显示rpm包信息) + - [安装RPM包](#安装rpm包) + - [下载软件包](#下载软件包) + - [删除软件包](#删除软件包) + - [管理软件包组](#管理软件包组) + - [列出软件包组清单](#列出软件包组清单) + - [显示软件包组信息](#显示软件包组信息) + - [安装软件包组](#安装软件包组) + - [删除软件包组](#删除软件包组) + - [检查并更新](#检查并更新) + - [检查更新](#检查更新) + - [升级](#升级) + - [更新所有的包和它们的依赖](#更新所有的包和它们的依赖) + + + +## 配置DNF + + + +### DNF配置文件 + +DNF 的主要配置文件是 /etc/dnf/dnf.conf,该文件包含两部分: + +- “main”部分保存着DNF的全局设置。 + +- “repository”部分保存着软件源的设置,可以有一个或多个“repository”。 + +另外,在/etc/yum.repos.d 目录中保存着一个或多个repo源相关文件,它们也可以定义不同的“repository”。 + +所以openEuler软件源的配置一般有两种方式,一种是直接配置/etc/dnf/dnf.conf文件中的“repository”部分,另外一种是在/etc/yum.repos.d目录下增加.repo文件。 + +#### 配置main部分 + +/etc/dnf/dnf.conf 文件包含的“main”部分,配置示例如下: + +``` +[main] +gpgcheck=1 +installonly_limit=3 +clean_requirements_on_remove=True +best=True +``` + +常用选项说明: + +**表 1** main参数说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

参数

+

说明

+

cachedir

+

缓存目录,该目录用于存储RPM包和数据库文件。

+

keepcache

+

可选值是1和0,表示是否要缓存已安装成功的那些RPM包及头文件,默认值为0,即不缓存。

+

debuglevel

+

设置dnf生成的debug信息。取值范围:[0-10],数值越大会输出越详细的debug信息。默认值为2,设置为0表示不输出debug信息。

+

clean_requirements_on_remove

+

删除在dnf remove期间不再使用的依赖项,如果软件包是通过DNF安装的,而不是通过显式用户请求安装的,则只能通过clean_requirements_on_remove删除软件包,即它是作为依赖项引入的。 默认值为True。

+

best

+

升级包时,总是尝试安装其最高版本,如果最高版本无法安装,则提示无法安装的原因并停止安装。默认值为True。

+

obsoletes

+

可选值1和0,设置是否允许更新陈旧的RPM包。默认值为1,表示允许更新。

+

gpgcheck

+

可选值1和0,设置是否进行gpg校验。默认值为1,表示需要进行校验。

+

plugins

+

可选值1和0,表示启用或禁用dnf插件。默认值为1,表示启用dnf插件。

+

installonly_limit

+

设置可以同时安装“installonlypkgs”指令列出包的数量。默认值为3,不建议降低此值。

+
+ +#### 配置repository部分 + +repository部分允许您定义定制化的openEuler软件源仓库,各个仓库的名称不能相同,否则会引起冲突。配置repository部分有两种方式,一种是直接配置/etc/dnf/dnf.conf文件中的“repository”部分,另外一种是配置/etc/yum.repos.d目录下的.repo文件。 + +- 直接配置/etc/dnf/dnf.conf文件中的“repository”部分 + + 下面是\[repository\]部分的一个最小配置示例: + + ``` + [repository] + name=repository_name + baseurl=repository_url + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >openEuler提供在线的镜像源,地址:[https://repo.openeuler.org/](https://repo.openeuler.org/)。以 openEuler 20.03 的aarch64版本为例,baseurl可配置为[https://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/](https://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/)。 + + 选项说明: + + **表 2** repository参数说明 + + + + + + + + + + + +

参数

+

说明

+

name=repository_name

+

软件仓库(repository )描述的字符串。

+

baseurl=repository_url

+

软件仓库(repository )的地址。

+
  • 使用http协议的网络位置:例如 http://path/to/repo
  • 使用ftp协议的网络位置:例如 ftp://path/to/repo
  • 本地位置:例如 file:///path/to/local/repo
+
+ + +- 配置/etc/yum.repos.d目录下的.repo文件 + + openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](./../Releasenotes/系统安装.md),使用管理员权限添加openEuler repo源,示例如下: + + ``` + # vi /etc/yum.repos.d/openEuler.repo + ``` + + ``` + [OS] + name=openEuler-$releasever - OS + baseurl=https://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/$basearch/ + enabled=1 + gpgcheck=1 + gpgkey=https://repo.openeuler.org/openEuler-20.09/OS/$basearch/RPM-GPG-KEY-openEuler + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + > - enabled为是否启用该软件源仓库,可选值为1和0。默认值为1,表示启用该软件源仓库。 + > - gpgkey为验证签名用的公钥。 + + +#### 显示当前配置 + +- 要显示当前的配置信息: + + ``` + dnf config-manager --dump + ``` + +- 要显示相应软件源的配置,首先查询repo id: + + ``` + dnf repolist + ``` + + 然后执行如下命令,显示对应id的软件源配置,其中 _repository_ 为查询得到的repo id: + + ``` + dnf config-manager --dump repository + ``` + +- 您也可以使用一个全局正则表达式,来显示所有匹配部分的配置: + + ``` + dnf config-manager --dump glob_expression + ``` + + +### 创建本地软件源仓库 + +要建立一个本地软件源仓库,请按照下列步骤操作。 + +1. 安装createrepo软件包。在root权限下执行如下命令: + + ``` + dnf install createrepo + ``` + +2. 将需要的软件包复制到一个目录下,如/mnt/local\_repo/ 。 +3. 创建软件源,执行以下命令: + + ``` + createrepo --database /mnt/local_repo + ``` + + +### 添加、启用和禁用软件源 + +本节将介绍如何通过“dnf config-manager”命令添加、启用和禁用软件源仓库。 + +#### 添加软件源 + +要定义一个新的软件源仓库,您可以在 /etc/dnf/dnf.conf 文件中添加“repository”部分,或者在/etc/yum.repos.d/目录下添加“.repo”文件进行说明。建议您通过添加“.repo”的方式,每个软件源都有自己对应的“.repo”文件,以下介绍该方式的操作方法。 + +要在您的系统中添加一个这样的源,请在root权限下执行如下命令,执行完成之后会在/etc/yum.repos.d/目录下生成对应的repo文件。其中 _repository\_url_ 为repo源地址,详情请参见[表2](#zh-cn_topic_0151921080_t2df9dceb0ff64b2f8db8ec5cd779792a)。 + +``` +dnf config-manager --add-repo repository_url +``` + +#### 启用软件源 + +要启用软件源,请在root权限下执行如下命令,其中 _repository_ 为新增.repo文件中的repo id(可通过dnf repolist查询): + +``` +dnf config-manager --set-enable repository +``` + +您也可以使用一个全局正则表达式,来启用所有匹配的软件源。其中 _glob\_expression_ 为对应的正则表达式,用于同时匹配多个repo id: + +``` +dnf config-manager --set-enable glob_expression +``` + +#### 禁用软件源 + +要禁用软件源,请在root权限下执行如下命令: + +``` +dnf config-manager --set-disable repository +``` + +同样的,您也可以使用一个全局正则表达式来禁用所有匹配的软件源: + +``` +dnf config-manager --set-disable glob_expression +``` + +## 管理软件包 + +使用dnf能够让您方便的进行查询、安装、删除软件包等操作。 + +### 搜索软件包 + +您可以使用rpm包名称、缩写或者描述搜索需要的RPM包,使用命令如下: + +``` +dnf search term +``` + +示例如下: + +``` +$ dnf search httpd +========================================== N/S matched: httpd ========================================== +httpd.aarch64 : Apache HTTP Server +httpd-devel.aarch64 : Development interfaces for the Apache HTTP server +httpd-manual.noarch : Documentation for the Apache HTTP server +httpd-tools.aarch64 : Tools for use with the Apache HTTP Server +libmicrohttpd.aarch64 : Lightweight library for embedding a webserver in applications +mod_auth_mellon.aarch64 : A SAML 2.0 authentication module for the Apache Httpd Server +mod_dav_svn.aarch64 : Apache httpd module for Subversion server +``` + +### 列出软件包清单 + +要列出系统中所有已安装的以及可用的RPM包信息,使用命令如下: + +``` +dnf list all +``` + +要列出系统中特定的RPM包信息,使用命令如下: + +``` +dnf list glob_expression... +``` + +示例如下: + +``` +$ dnf list httpd +Available Packages +httpd.aarch64 2.4.34-8.h5.oe1 Local +``` + +### 显示RPM包信息 + +要显示一个或者多个RPM包信息,使用命令如下: + +``` +dnf info package_name... +``` + +例如搜索,命令如下: + +``` +$ dnf info httpd +Available Packages +Name : httpd +Version : 2.4.34 +Release : 8.h5.oe1 +Arch : aarch64 +Size : 1.2 M +Repo : Local +Summary : Apache HTTP Server +URL : http://httpd.apache.org/ +License : ASL 2.0 +Description : The Apache HTTP Server is a powerful, efficient, and extensible + : web server. +``` + +### 安装RPM包 + +要安装一个软件包及其所有未安装的依赖,请在root权限下执行如下命令: + +``` +dnf install package_name +``` + +您也可以通过添加软件包名字同时安装多个软件包。配置文件/etc/dnf/dnf.conf添加参数strict=False,运行dnf命令参数添加\-\-setopt=strict=0。请在root权限下执行如下命令: + +``` +dnf install package_name package_name... --setopt=strict=0 +``` + +示例如下: + +``` +# dnf install httpd +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>安装RPM包过程中,若出现安装失败,可参考[安装时出现软件包冲突、文件冲突或缺少软件包导致安装失败](./FAQ-54.html#安装时出现软件包冲突文件冲突或缺少软件包导致安装失败)。 + +### 下载软件包 + +使用dnf下载软件包,请在root权限下输入如下命令: + +``` +dnf download package_name +``` + +如果需要同时下载未安装的依赖,则加上\-\-resolve,使用命令如下: + +``` +dnf download --resolve package_name +``` + +示例如下: + +``` +# dnf download --resolve httpd +``` + +### 删除软件包 + +要卸载软件包以及相关的依赖软件包,请在root权限下执行如下命令: + +``` +dnf remove package_name... +``` + +示例如下: + +``` +# dnf remove totem +``` + +## 管理软件包组 + +软件包集合是服务于一个共同的目的一组软件包,例如系统工具集等。使用dnf可以对软件包组进行安装/删除等操作,使相关操作更高效。 + +### 列出软件包组清单 + +使用summary参数,可以列出系统中所有已安装软件包组、可用的组,可用的环境组的数量,命令如下: + +``` +dnf groups summary +``` + +使用示例如下: + +``` +# dnf groups summary +Last metadata expiration check: 0:11:56 ago on Sat 17 Aug 2019 07:45:14 PM CST. +Available Groups: 8 +``` + +要列出所有软件包组和它们的组ID ,命令如下: + +``` +dnf group list +``` + +使用示例如下: + +``` +# dnf group list +Last metadata expiration check: 0:10:32 ago on Sat 17 Aug 2019 07:45:14 PM CST. +Available Environment Groups: + Minimal Install + Custom Operating System + Server +Available Groups: + Development Tools + Graphical Administration Tools + Headless Management + Legacy UNIX Compatibility + Network Servers + Scientific Support + Security Tools + System Tools + +``` + +### 显示软件包组信息 + +要列出包含在一个软件包组中必须安装的包和可选包,使用命令如下: + +``` +dnf group info glob_expression... +``` + +例如显示Development Tools信息,示例如下: + +``` +# dnf group info "Development Tools" +Last metadata expiration check: 0:14:54 ago on Wed 05 Jun 2019 08:38:02 PM CST. + +Group: Development Tools + Description: A basic development environment. + Mandatory Packages: + binutils + glibc-devel + make + pkgconf + pkgconf-m4 + pkgconf-pkg-config + rpm-sign + Optional Packages: + expect +``` + +### 安装软件包组 + +每一个软件包组都有自己的名称以及相应的ID(groupid),您可以使用软件包组名称或它的ID进行安装。 + +要安装一个软件包组,请在root权限下执行如下命令: + +``` +dnf group install group_name +``` + +``` +dnf group install groupid +``` + +例如安装Development Tools相应的软件包组,命令如下: + +``` +# dnf group install "Development Tools" +``` + +``` +# dnf group install development +``` + +### 删除软件包组 + +要卸载软件包组,您可以使用软件包组名称或它的ID,在root权限下执行如下命令: + +``` +dnf group remove group_name +``` + +``` +dnf group remove groupid +``` + +例如删除Development Tools相应的软件包组,命令如下: + +``` +# dnf group remove "Development Tools" +``` + +``` +# dnf group remove development +``` + +## 检查并更新 + +dnf可以检查您的系统中是否有软件包需要更新。您可以通过dnf列出需要更新的软件包,并可以选择一次性全部更新或者只对指定包进行更新。 + +### 检查更新 + +如果您需要显示当前系统可用的更新,使用命令如下: + +``` +dnf check-update +``` + +使用实例如下: + +``` +# dnf check-update +Last metadata expiration check: 0:02:10 ago on Sun 01 Sep 2019 11:28:07 PM CST. + +anaconda-core.aarch64 19.31.123-1.14 updates +anaconda-gui.aarch64 19.31.123-1.14 updates +anaconda-tui.aarch64 19.31.123-1.14 updates +anaconda-user-help.aarch64 19.31.123-1.14 updates +anaconda-widgets.aarch64 19.31.123-1.14 updates +bind-libs.aarch64 32:9.9.4-29.3 updates +bind-libs-lite.aarch64 32:9.9.4-29.3 updates +bind-license.noarch 32:9.9.4-29.3 updates +bind-utils.aarch64 32:9.9.4-29.3 updates +... +``` + +### 升级 + +如果您需要升级单个软件包,在root权限下执行如下命令: + +``` +dnf update package_name +``` + +例如升级rpm包,示例如下: + +``` +# dnf update anaconda-gui.aarch64 +Last metadata expiration check: 0:02:10 ago on Sun 01 Sep 2019 11:30:27 PM CST. +Dependencies Resolved +================================================================================ + Package Arch Version Repository Size +================================================================================ +Updating: + anaconda-gui aarch64 19.31.123-1.14 updates 461 k + anaconda-core aarch64 19.31.123-1.14 updates 1.4 M + anaconda-tui aarch64 19.31.123-1.14 updates 274 k + anaconda-user-help aarch64 19.31.123-1.14 updates 315 k + anaconda-widgets aarch64 19.31.123-1.14 updates 748 k + +Transaction Summary +================================================================================ +Upgrade 5 Package + +Total download size: 3.1 M +Is this ok [y/N]: +``` + +类似的,如果您需要升级软件包组,在root权限下执行如下命令: + +``` +dnf group update group_name +``` + +### 更新所有的包和它们的依赖 + +要更新所有的包和它们的依赖,在root权限下执行如下命令: + +``` +dnf update +``` diff --git "a/content/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" "b/docs/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" similarity index 96% rename from "content/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" rename to "docs/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" index da7e0e65396e5d3b6ec0186f2d591df1fd2e27ff..3e9fa973ecf0a9a3c5f1c690573e97b76fa854af 100644 --- "a/content/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" +++ "b/docs/zh/docs/Administration/\344\275\277\347\224\250KAE\345\212\240\351\200\237\345\274\225\346\223\216.md" @@ -80,12 +80,12 @@ KAE加速引擎主要有以下应用场景,如[表1](#table11915824163418)所 - TaiShan 200服务器,开启加速引擎功能 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 需要导入加速器许可证,具体操作请参考《[TaiShan 机架服务器 iBMC \(V500及以上\) 用户指南](https://support.huawei.com/enterprise/zh/doc/EDOC1100121687)》中“许可证管理”章节。 >- 物理机场景使用加速器需要关闭SMMU,具体操作请参考《[TaiShan 200服务器BIOS参数参考](https://support.huawei.com/enterprise/zh/doc/EDOC1100088653)》。 - CPU:Kunpeng 920 -- 操作系统:openEuler-20.03-LTS-aarch64-dvd.iso +- 操作系统:openEuler-20.03-LTS-SP1-aarch64-dvd.iso ##### KAE加速引擎软件说明 @@ -141,7 +141,7 @@ KAE加速引擎主要有以下应用场景,如[表1](#table11915824163418)所 3. 使用SSH远程登录工具,将所有加速引擎软件包拷贝到已建好的目录下。 4. 在存放加速引擎软件包目录下,使用rpm -ivh命令安装加速器引擎软件包。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >由于libkae包的安装依赖libwd包,所以libwd的安装必须先于libkae。 ``` @@ -286,7 +286,7 @@ hisi_zip-1.2.10-4.oe1.aarch64 ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >使用KAE引擎加速后签名性能从724.1 sign/s提升到2819sign/s。 - 使用OpenSSL的软件算法测试异步RSA性能。 @@ -308,7 +308,7 @@ hisi_zip-1.2.10-4.oe1.aarch64 ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >使用KAE引擎加速后异步RSA签名性能从735.7 sign/s提升到 54384.1sign/s。 - 使用OpenSSL的软件算法测试SM4 CBC模式性能。 @@ -336,7 +336,7 @@ hisi_zip-1.2.10-4.oe1.aarch64 ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >使用KAE加速后SM4 CBC模式在输入数据块大小为8M时,从82312.53k/s提升到383317.33k/s。 - 使用OpenSSL的软件算法测试SM3模式性能。 @@ -363,7 +363,7 @@ hisi_zip-1.2.10-4.oe1.aarch64 ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >使用KAE加速后SM3算法在输入数据块大小为8M时,从52428.80 k/s提升到668292.44k/s。 - 使用OpenSSL软件算法测试AES算法CBC模式异步性能。 @@ -392,7 +392,7 @@ hisi_zip-1.2.10-4.oe1.aarch64 ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- AES仅支持数据长度为256KB及以下场景的异步使用。 >- 使用KAE加速后AES算法在输入数据块为100K大小时,从1123328.00k/s提升到3996774.40 k/s 。 @@ -411,15 +411,15 @@ hisi_zip-1.2.10-4.oe1.aarch64 命令和信息回显如下所示。 - ![](figures/zh-cn_image_0231143189.png) + ![](./figures/zh-cn_image_0231143189.png) - ![](figures/zh-cn_image_0231143191.png) + ![](./figures/zh-cn_image_0231143191.png) 5. 使用rpm -qa 命令查询是否升级成功。确认查询到的版本是最新的升级后版本。 - ![](figures/zh-cn_image_0231143193.png) + ![](./figures/zh-cn_image_0231143193.png) - ![](figures/zh-cn_image_0231143195.png) + ![](./figures/zh-cn_image_0231143195.png) 6. 重启系统或通过命令行手动卸载旧版本驱动,然后加载新版本驱动,并查看是否加载成功 @@ -466,16 +466,16 @@ hisi_zip-1.2.10-4.oe1.aarch64 3. 通过rpm -e 命令卸载加速引擎软件包。示例如下。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >由于存在依赖关系,卸载libwd前须先卸载libkae引擎软件包。 - ![](figures/zh-cn_image_0231143196.png) + ![](./figures/zh-cn_image_0231143196.png) - ![](figures/zh-cn_image_0231143197.png) + ![](./figures/zh-cn_image_0231143197.png) 4. 使用rpm -qa |grep 软件包名命令查询是否卸载成功。 - ![](figures/zh-cn_image_0231143198.png) + ![](./figures/zh-cn_image_0231143198.png) ## 日志查询 @@ -519,7 +519,7 @@ hisi_zip-1.2.10-4.oe1.aarch64 ## 加速引擎的应用 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >如果用户未购买引擎许可证,建议用户不要通过kae引擎调用相应算法,否则可能会影响openssl加密算法的性能。 ### KAE引擎使用示例代码 diff --git "a/content/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" "b/docs/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" similarity index 99% rename from "content/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" rename to "docs/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" index 3add822aacd8b9d070e747d11a9de35cb7c464bc..08be596ebd0403fabd21c2642755cad5e8c22ec0 100644 --- "a/content/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" +++ "b/docs/zh/docs/Administration/\344\275\277\347\224\250LVM\347\256\241\347\220\206\347\241\254\347\233\230.md" @@ -61,10 +61,10 @@ LVM是逻辑卷管理(Logical Volume Manager)的简称,它是Linux环境 ## 安装 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >openEuler操作系统默认已安装LVM。可通过**rpm -qa | grep lvm2**命令查询,若打印信息中包含“lvm2”信息,则表示已安装LVM,可跳过本章节内;若无任何打印信息,则表示未安装,可参考本章节内容进行安装。 -1. 配置本地yum源,详细信息请参考[搭建repo服务器](搭建repo服务器.html)。 +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。 2. 清除缓存。 ``` @@ -372,7 +372,7 @@ lvdisplay [option] [lvname] - lvname:指定要显示属性的逻辑卷对应的设备文件。如果省略,则显示所有的逻辑卷属性。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >逻辑卷对应的设备文件保存在卷组目录下,例如:在卷组vg1上创建一个逻辑卷lv1,则此逻辑卷对应的设备文件为/dev/vg1/lv1。 diff --git "a/content/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" "b/docs/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" similarity index 60% rename from "content/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" rename to "docs/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" index 316b2356e1af95e44845e63a785082a96d0ab422..a59f166caecf52c74f474ccfd37df4476c35bc31 100644 --- "a/content/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" +++ "b/docs/zh/docs/Administration/\345\237\272\347\241\200\351\205\215\347\275\256.md" @@ -1,470 +1,426 @@ -# 基础配置 - - -- [基础配置](#基础配置) - - [设置语言环境](#设置语言环境) - - [显示当前语言环境状态](#显示当前语言环境状态) - - [列出可用的语言环境](#列出可用的语言环境) - - [设置语言环境](#设置语言环境-1) - - [设置键盘](#设置键盘) - - [显示当前设置](#显示当前设置) - - [列出可用的键盘布局](#列出可用的键盘布局) - - [设置键盘布局](#设置键盘布局) - - [设置日期和时间](#设置日期和时间) - - [使用timedatectl命令设置](#使用timedatectl命令设置) - - [使用date命令设置](#使用date命令设置) - - [使用hwclock命令设置](#使用hwclock命令设置) - - [设置kdump](#设置kdump) - - [设置kdump预留内存](#设置kdump预留内存) - - [预留内存推荐值](#预留内存推荐值) - - [禁用网络相关驱动](#禁用网络相关驱动) - - - - -## 设置语言环境 - -您可以通过localectl修改系统的语言环境,对应的参数设置保存在/etc/locale.conf文件中。这些参数会在系统启动过程中被systemd的守护进程读取。 - -### 显示当前语言环境状态 - -显示当前语言环境,命令如下: - -``` -$ localectl status -``` - -例如显示系统当前的设置,命令和输出如下: - -``` -$ localectl status - System Locale: LANG=zh_CN.UTF-8 - VC Keymap: cn - X11 Layout: cn -``` - -### 列出可用的语言环境 - -显示当前可用的语言环境,命令如下: - -``` -$ localectl list-locales -``` - -例如显示当前系统中所有可用的中文环境,命令和输出如下: - -``` -$ localectl list-locales | grep zh -zh_CN.UTF-8 -``` - -### 设置语言环境 - -要设置语言环境,在root权限下执行如下命令,其中 _locale_ 是您要设置的语言类型,取值范围可通过**localectl list-locales**获取,请根据实际情况修改。 - -``` -# localectl set-locale LANG=locale -``` - -例如设置为简体中文语言环境,在root权限下执行如下命令: - -``` -# localectl set-locale LANG=zh_CN.UTF-8 -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->修改后需要重新登录或者在root权限下执行`source /etc/locale.conf`命令刷新配置文件,使修改生效。 - - -## 设置键盘 - -您可以通过localectl修改系统的键盘设置,对应的参数设置保存在/etc/locale.conf文件中。这些参数,会在系统启动的早期被systemd的守护进程读取。 - -### 显示当前设置 - -显示当前键盘设置,命令如下: - -``` -$ localectl status -``` - -例如显示系统当前的设置,命令和输出如下: - -``` -$ localectl status - System Locale: LANG=zh_CN.UTF-8 - VC Keymap: cn - X11 Layout: cn -``` - -### 列出可用的键盘布局 - -显示当前可用的键盘布局,命令如下: - -``` -$ localectl list-keymaps -``` - -例如显示系统当前的中文键盘布局,命令和输出如下: - -``` -$ localectl list-keymaps | grep cn -cn -``` - -### 设置键盘布局 - -设置键盘布局,在root权限下执行如下命令,其中 _map_ 是您想要设置的键盘类型,取值范围可通过**localectl list-keymaps**获取,请根据实际情况修改: - -``` -# localectl set-keymap map -``` - -此时设置的键盘布局同样也会应用到图形界面中。 - -设置完成后,查看当前状态: - -``` -$ localectl status - System Locale: LANG=zh_CN.UTF-8 - VC Keymap: cn - X11 Layout: us -``` - -## 设置日期和时间 - -本节介绍如何通过timedatectl、date、hwclock命令来设置系统的日期、时间和时区等。 - - - -### 使用timedatectl命令设置 - -#### 显示日期和时间 - -显示当前的日期和时间,命令如下: - -``` -$ timedatectl -``` - -例如显示系统当前的日期和时间,命令和输出如下: - -``` -$ timedatectl - Local time: Mon 2019-09-30 04:05:00 EDT - Universal time: Mon 2019-09-30 08:05:00 UTC - RTC time: Mon 2019-09-30 08:05:00 - Time zone: America/New_York (EDT, -0400) -System clock synchronized: no - NTP service: inactive - RTC in local TZ: no -``` - -#### 通过远程服务器进行时间同步 - -您可以启用NTP远程服务器进行系统时钟的自动同步。是否启用NTP,可在root权限下执行如下命令进行设置。其中 _boolean_ 可取值yes和no,分别表示启用和不启用NTP进行系统时钟自动同步,请根据实际情况修改。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->若启用了NTP远程服务器进行系统时钟自动同步,则不能手动修改日期和时间。若需要手动修改日期或时间,则需确保已经关闭NTP系统时钟自动同步。可执行**timedatectl set-ntp** no命令进行关闭。 - -``` -# timedatectl set-ntp boolean -``` - -例如开启自动远程时间同步,命令如下: - -``` -# timedatectl set-ntp yes -``` - -#### 修改日期 - ->![](public_sys-resources/icon-note.gif) **说明:** ->修改日期前,请确保已经关闭NTP系统时钟自动同步。 - -修改当前的日期,在root权限下执行如下命令,其中 _YYYY_ 代表年份,_MM_ 代表月份,_DD_ 代表某天,请根据实际情况修改: - -``` -# timedatectl set-time YYYY-MM-DD -``` - -例如修改当前的日期为2019年8月14号,命令如下: - -``` -# timedatectl set-time '2019-08-14' -``` - -#### 修改时间 - ->![](public_sys-resources/icon-note.gif) **说明:** ->修改时间前,请确保已经关闭NTP系统时钟自动同步。 - -修改当前的时间,在root权限下执行如下命令,其中 _HH_ 代表小时,_MM_ 代表分钟,_SS_ 代表秒,请根据实际情况修改: - -``` -# timedatectl set-time HH:MM:SS -``` - -例如修改当前的时间为15点57分24秒,命令如下: - -``` -# timedatectl set-time 15:57:24 -``` - -#### 修改时区 - -显示当前可用时区,命令如下: - -``` -$ timedatectl list-timezones -``` - -要修改当前的时区,在root权限下执行如下命令,其中 _time\_zone_ 是您想要设置的时区,请根据实际情况修改: - -``` -# timedatectl set-timezone time_zone -``` - -例如修改当前的时区,首先查询所在地域的可用时区,此处以Asia为例: - -``` -# timedatectl list-timezones | grep Asia -Asia/Aden -Asia/Almaty -Asia/Amman -Asia/Anadyr -Asia/Aqtau -Asia/Aqtobe -Asia/Ashgabat -Asia/Baghdad -Asia/Bahrain -…… - -Asia/Seoul -Asia/Shanghai -Asia/Singapore -Asia/Srednekolymsk -Asia/Taipei -Asia/Tashkent -Asia/Tbilisi -Asia/Tehran -Asia/Thimphu -Asia/Tokyo -``` - -然后修改当前的时区为“Asia/Shanghai”,命令如下: - -``` -# timedatectl set-timezone Asia/Shanghai -``` - -### 使用date命令设置 - -#### 显示当前的日期和时间 - -显示当前的日期和时间,命令如下: - -``` -$ date -``` - -默认情况下,date命令显示本地时间。要显示UTC时间,添加\-\-utc或-u参数: - -``` -$ date --utc -``` - -要自定义对应的输出信息格式,添加 +"format" 参数: - -``` -$ date +"format" -``` - -**表 1** 参数说明 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

格式参数

-

说明

-

%H

-

小时以HH格式(例如 17)。

-

%M

-

分钟以MM格式(例如 37)。

-

%S

-

秒以SS格式(例如 25)。

-

%d

-

日期以DD格式(例如 15)。

-

%m

-

月份以MM格式(例如 07)。

-

%Y

-

年份以YYYY格式(例如 2019)。

-

%Z

-

时区缩写(例如CEST)。

-

%F

-

日期整体格式为YYYY-MM-DD(例如 2019-7-15),等同%Y-%m-%d。

-

%T

-

时间整体格式为HH:MM:SS(例如 18:30:25),等同%H:%M:%S。

-
- -实际使用示例如下: - -- 显示当前的日期和本地时间。 - - ``` - $ date - 2019年 08月 17日 星期六 17:26:34 CST - ``` - -- 显示当前的日期和UTC时间。 - - ``` - $ date --utc - 2019年 08月 17日 星期六 09:26:18 UTC - ``` - -- 自定义date命令的输出。 - - ``` - $ date +"%Y-%m-%d %H:%M" - 2019-08-17 17:24 - ``` - - -#### 修改时间 - -要修改当前的时间,添加\-\-set或者-s参数。在root权限下执行如下命令,其中 _HH_ 代表小时,_MM_ 代表分钟,_SS_ 代表秒,请根据实际情况修改: - -``` -# date --set HH:MM:SS -``` - -默认情况下, date命令设置本地时间。要设置UTC时间,添加\-\-utc或-u参数: - -``` -# date --set HH:MM:SS --utc -``` - -例如修改当前的时间为23点26分00秒,在root权限下执行如下命令: - -``` -# date --set 23:26:00 -``` - -#### 修改日期 - -修改当前的日期,添加\-\-set或者-s参数。在root权限下执行如下命令,其中 _YYYY_ 代表年份,_MM_ 代表月份,_DD_ 代表某天,请根据实际情况修改: - -``` -# date --set YYYY-MM-DD -``` - -例如修改当前的日期为2019年11月2日,命令如下: - -``` -# date --set 2019-11-02 -``` - -### 使用hwclock命令设置 - -可以使用 hwclock 命令设置硬件时钟RTC \(Real Time Clock\) 。 - -#### 硬件时钟和系统时钟 - -Linux 将时钟分为: - -- 系统时钟 \(System Clock\) :当前Linux Kernel中的时钟。 -- 硬件时钟 RTC:主板上由电池供电的主板硬件时钟,该时钟可以在BIOS的 "Standard BIOS Feature" 项中进行设置。 - -当Linux启动时,会读取硬件时钟,并根据硬件时间来设置系统时间。 - -#### 显示日期和时间 - -显示当前硬件的日期和时间,在root权限下执行如下命令: - -``` -# hwclock -``` - -例如显示当前硬件的日期和时间,命令和输出如下: - -``` -# hwclock -2019-08-26 10:18:42.528948+08:00 -``` - -#### 设置日期和时间 - -修改当前硬件的日期和时间,在root权限下执行如下命令,其中 _dd_ 表示日,_mm_ 表示月份,_yyyy_ 表示年份,_HH_ 表示小时,_MM_ 表示分钟,请根据实际情况修改: - -``` -# hwclock --set --date "dd mm yyyy HH:MM" -``` - -例如修改当前的时间为2019年10月21日21点17分,命令如下: - -``` -# hwclock --set --date "21 Oct 2019 21:17" --utc -``` - -## 设置kdump -本节介绍如何设置kdump预留内存及kdump配置文件参数修改。 - - - -### 设置kdump预留内存 -#### 预留内存参数格式 - -kdump预留内存参数必须添加到内核启动参数中,配置文件为/boot/efi/EFI/openEuler/grub.cfg,openEuler发布版本中默认已经添加,可以根据实际使用情况调整。添加和修改启动参数后,重启系统生效。kdump预留内存参数格式如下: - -| 内核启动参数 | 描述 | 默认值 | 备注 | -|--------------------|-------------------------------------------|---------------|------------------------------------------------------------| -| crashkernel=x | 在4G以下的物理内存预留x大小的内存给kdump使用。 | x86版本默认配置512M | 该配置方法只在4G以下内存预留,必须保证4G以下连续可用内存足够预留。 | -| crashkernel=x@y | 在y起始地址预留x大小的内存给kdump使用。 | 未使用 | 需要确保y起始地址的x大小的内存未被其他模块预留。 | -| crashkernel=x,high | 在4G以下的物理内存中预留256M内存,在4G以上预留x大小内存给kdump使用。 | arm64版本默认配置1024M,high | 需要确保4G以下有256M连续可用的物理内存,4G以上有连续的x大小的连续物理内存。实际预留内存大小为256M+x。 | -| crashkernel=x,low crashkernel=y,high | 在4G以下的物理内存中预留x大小,在4G以上预留y大小内存给kdump使用。 | 未使用 | 需要确保4G以下有连续的x大小物理内存,4G以上有连续的y大小物理内存。 | - - -### 预留内存推荐值 -| 推荐方案 | 预留参数 | 参数说明 | -|------|------------------------|----------------------------------------------| -| 通用方案 | crashkernel=2048M,high | 4G以下预留256M,4G以上预留2048M内存给kdump使用。共256+2048M。 | -| 经济方案 | crashkernel=1024M,high | 4G以下预留256M,4G以上预留1024M内存给kdump使用。共256+1024M。 推荐系统512G内存以内的场景,并不使用网络转储kdump文件。对于虚拟机场景,可以适当减少内存预留值,推荐虚拟机设置为crashkernel=512M或者crashkernel=256M,high | ->![](public_sys-resources/icon-note.gif) **说明:** ->不通过网络转储kdump文件时,需要设置kdump文件系统不打包网络相关驱动。网络驱动加载需要申请较大内存,可能导致预留内存不足,kdump失败。因此建议禁用网络相关驱动。 - - -### 禁用网络相关驱动 -kdump配置文件(/etc/kdump.conf)中,dracut参数可以设置裁剪的驱动模块,可以将网络驱动配置到裁剪驱动列表中,让kdump文件系统中不加载该驱动,修改配置文件后,重启kdump服务生效。dracut参数配置如下所示: - -`dracut_args --omit-drivers "mdio-gpi usb_8dev et1011c rt2x00usb bcm-phy-lib mac80211_hwsim rtl8723be rndis_host hns3_cae amd vrf rtl8192cu mt76x02-lib int51x1 ppp_deflate team_mode_loadbalance smsc911x aweth bonding mwifiex_usb hnae dnet rt2x00pci vaser_pci hdlc_ppp marvell rtl8xxxu mlxsw_i2c ath9k_htc rtl8150 smc91x cortina at803x rockchip cxgb4 spi_ks8995 mt76x2u smsc9420 mdio-cavium bnxt_en ch9200 dummy macsec ice mt7601u rtl8188ee ixgbevf net1080 liquidio_vf be2net mlxsw_switchx2 gl620a xilinx_gmii2rgmii ppp_generic rtl8192de sja1000_platform ath10k_core cc770_platform realte igb c_can_platform c_can ethoc dm9601 smsc95xx lg-vl600 ifb enic ath9 mdio-octeon ppp_mppe ath10k_pci cc770 team_mode_activebackup marvell10g hinic rt2x00lib mlx4_en iavf broadcom igc c_can_pci alx rtl8192se rtl8723ae microchip lan78xx atl1c rtl8192c-common almia ax88179_178a qed netxen_nic brcmsmac rt2800usb e1000 qla3xxx mdio-bitbang qsemi mdio-mscc-miim plx_pci ipvlan r8152 cx82310_eth slhc mt76x02-usb ems_pci xen-netfront usbnet pppoe mlxsw_minimal mlxsw_spectrum cdc_ncm rt2800lib rtl_usb hnae3 ath9k_common ath9k_hw catc mt76 hns_enet_drv ppp_async huawei_cdc_ncm i40e rtl8192ce dl2 qmi_wwan mii peak_usb plusb can-dev slcan amd-xgbe team_mode_roundrobin ste10Xp thunder_xcv pptp thunder_bgx ixgbe davicom icplus tap tun smsc75xx smsc dlci hns_dsaf mlxsw_core rt2800mmi softing uPD60620 vaser_usb dp83867 brcmfmac mwifiex_pcie mlx4_core micrel team macvlan bnx2 virtio_net rtl_pci zaurus hns_mdi libcxgb hv_netvsc nicvf mt76x0u teranetics mlxfw cdc_eem qcom-emac pppox mt76-usb sierra_net i40evf bcm87xx mwifiex pegasus rt2x00mmi sja1000 ena hclgevf cnic cxgb4vf ppp_synctty iwlmvm team_mode_broadcast vxlan vsockmon hdlc_cisc rtl8723-common bsd_comp fakelb dp83822 dp83tc811 cicada fm10 8139t sfc hs geneve hclge xgene-enet-v2 cdc_mbim hdlc asix netdevsim rt2800pci team_mode_random lxt ems_usb mlxsw_pci sr9700 mdio-thunder mlxsw_switchib macvtap atlantic cdc_ether mcs7830 nicpf mdi peak_pci atl1e cdc_subset ipvtap btcoexist mt76x0-common veth slip iwldvm bcm7xxx vitesse netconsole epic100 myri10ge r8169 qede microchip_t1 liquidi bnx2x brcmutil mwifiex_sdi mlx5_core rtlwifi vmxnet3 nlmon hns3 hdlc_raw esd_usb2 atl2 mt76x2-common iwlwifi mdio-bcm-unimac national ath rtwpci rtw88 nfp rtl8821ae fjes thunderbolt-net 8139cp atl1 mscc vcan dp83848 dp83640 hdlc_fr e1000e ipheth net_failover aquantia rtl8192ee igbvf rocker intel-xway tg3" --omit "ramdisk network ifcfg qemu-net" --install "chmod" --nofscks` +# 基础配置 + +[[toc]] + +## 设置语言环境 + +您可以通过localectl修改系统的语言环境,对应的参数设置保存在/etc/locale.conf文件中。这些参数会在系统启动过程中被systemd的守护进程读取。 + +### 显示当前语言环境状态 + +显示当前语言环境,命令如下: + +``` +$ localectl status +``` + +例如显示系统当前的设置,命令和输出如下: + +``` +$ localectl status + System Locale: LANG=zh_CN.UTF-8 + VC Keymap: cn + X11 Layout: cn +``` + +### 列出可用的语言环境 + +显示当前可用的语言环境,命令如下: + +``` +$ localectl list-locales +``` + +例如显示当前系统中所有可用的中文环境,命令和输出如下: + +``` +$ localectl list-locales | grep zh +zh_CN.UTF-8 +``` + +### 设置语言环境 + +要设置语言环境,在root权限下执行如下命令,其中 _locale_ 是您要设置的语言类型,取值范围可通过**localectl list-locales**获取,请根据实际情况修改。 + +``` +# localectl set-locale LANG=locale +``` + +例如设置为简体中文语言环境,在root权限下执行如下命令: + +``` +# localectl set-locale LANG=zh_CN.UTF-8 +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>修改后需要重新登录或者在root权限下执行`source /etc/locale.conf`命令刷新配置文件,使修改生效。 + + +## 设置键盘 + +您可以通过localectl修改系统的键盘设置,对应的参数设置保存在/etc/locale.conf文件中。这些参数,会在系统启动的早期被systemd的守护进程读取。 + +### 显示当前设置 + +显示当前键盘设置,命令如下: + +``` +$ localectl status +``` + +例如显示系统当前的设置,命令和输出如下: + +``` +$ localectl status + System Locale: LANG=zh_CN.UTF-8 + VC Keymap: cn + X11 Layout: cn +``` + +### 列出可用的键盘布局 + +显示当前可用的键盘布局,命令如下: + +``` +$ localectl list-keymaps +``` + +例如显示系统当前的中文键盘布局,命令和输出如下: + +``` +$ localectl list-keymaps | grep cn +cn +``` + +### 设置键盘布局 + +设置键盘布局,在root权限下执行如下命令,其中 _map_ 是您想要设置的键盘类型,取值范围可通过**localectl list-keymaps**获取,请根据实际情况修改: + +``` +# localectl set-keymap map +``` + +此时设置的键盘布局同样也会应用到图形界面中。 + +设置完成后,查看当前状态: + +``` +$ localectl status + System Locale: LANG=zh_CN.UTF-8 + VC Keymap: cn + X11 Layout: us +``` + +## 设置日期和时间 + +本节介绍如何通过timedatectl、date、hwclock命令来设置系统的日期、时间和时区等。 + + + +### 使用timedatectl命令设置 + +#### 显示日期和时间 + +显示当前的日期和时间,命令如下: + +``` +$ timedatectl +``` + +例如显示系统当前的日期和时间,命令和输出如下: + +``` +$ timedatectl + Local time: Mon 2019-09-30 04:05:00 EDT + Universal time: Mon 2019-09-30 08:05:00 UTC + RTC time: Mon 2019-09-30 08:05:00 + Time zone: America/New_York (EDT, -0400) +System clock synchronized: no + NTP service: inactive + RTC in local TZ: no +``` + +#### 通过远程服务器进行时间同步 + +您可以启用NTP远程服务器进行系统时钟的自动同步。是否启用NTP,可在root权限下执行如下命令进行设置。其中 _boolean_ 可取值yes和no,分别表示启用和不启用NTP进行系统时钟自动同步,请根据实际情况修改。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>若启用了NTP远程服务器进行系统时钟自动同步,则不能手动修改日期和时间。若需要手动修改日期或时间,则需确保已经关闭NTP系统时钟自动同步。可执行**timedatectl set-ntp** no命令进行关闭。 + +``` +# timedatectl set-ntp boolean +``` + +例如开启自动远程时间同步,命令如下: + +``` +# timedatectl set-ntp yes +``` + +#### 修改日期 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>修改日期前,请确保已经关闭NTP系统时钟自动同步。 + +修改当前的日期,在root权限下执行如下命令,其中 _YYYY_ 代表年份,_MM_ 代表月份,_DD_ 代表某天,请根据实际情况修改: + +``` +# timedatectl set-time YYYY-MM-DD +``` + +例如修改当前的日期为2019年8月14号,命令如下: + +``` +# timedatectl set-time '2019-08-14' +``` + +#### 修改时间 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>修改时间前,请确保已经关闭NTP系统时钟自动同步。 + +修改当前的时间,在root权限下执行如下命令,其中 _HH_ 代表小时,_MM_ 代表分钟,_SS_ 代表秒,请根据实际情况修改: + +``` +# timedatectl set-time HH:MM:SS +``` + +例如修改当前的时间为15点57分24秒,命令如下: + +``` +# timedatectl set-time 15:57:24 +``` + +#### 修改时区 + +显示当前可用时区,命令如下: + +``` +$ timedatectl list-timezones +``` + +要修改当前的时区,在root权限下执行如下命令,其中 _time\_zone_ 是您想要设置的时区,请根据实际情况修改: + +``` +# timedatectl set-timezone time_zone +``` + +例如修改当前的时区,首先查询所在地域的可用时区,此处以Asia为例: + +``` +# timedatectl list-timezones | grep Asia +Asia/Aden +Asia/Almaty +Asia/Amman +Asia/Anadyr +Asia/Aqtau +Asia/Aqtobe +Asia/Ashgabat +Asia/Baghdad +Asia/Bahrain +…… + +Asia/Seoul +Asia/Shanghai +Asia/Singapore +Asia/Srednekolymsk +Asia/Taipei +Asia/Tashkent +Asia/Tbilisi +Asia/Tehran +Asia/Thimphu +Asia/Tokyo +``` + +然后修改当前的时区为“Asia/Shanghai”,命令如下: + +``` +# timedatectl set-timezone Asia/Shanghai +``` + +### 使用date命令设置 + +#### 显示当前的日期和时间 + +显示当前的日期和时间,命令如下: + +``` +$ date +``` + +默认情况下,date命令显示本地时间。要显示UTC时间,添加\-\-utc或-u参数: + +``` +$ date --utc +``` + +要自定义对应的输出信息格式,添加 +"format" 参数: + +``` +$ date +"format" +``` + +**表 1** 参数说明 + +| 格式参数 | 说明 | +| :---- | :---- | +| %H | 小时以HH格式(例如 17) | +| %M | 分钟以MM格式(例如 37) | +| %S | 秒以SS格式(例如 25) | +| %d | 日期以DD格式(例如 15) | +| %m | 月份以MM格式(例如 07) | +| %Y | 年份以YYYY格式(例如 2019) | +| %Z | 时区缩写(例如CEST) | +| %F | 日期整体格式为YYYY-MM-DD(例如 2019-7-15),等同%Y-%m-%d | +| %T | 时间整体格式为HH:MM:SS(例如 18:30:25),等同%H:%M:%S | + +实际使用示例如下: + +- 显示当前的日期和本地时间。 + + ``` + $ date + 2019年 08月 17日 星期六 17:26:34 CST + ``` + +- 显示当前的日期和UTC时间。 + + ``` + $ date --utc + 2019年 08月 17日 星期六 09:26:18 UTC + ``` + +- 自定义date命令的输出。 + + ``` + $ date +"%Y-%m-%d %H:%M" + 2019-08-17 17:24 + ``` + + +#### 修改时间 + +要修改当前的时间,添加\-\-set或者-s参数。在root权限下执行如下命令,其中 _HH_ 代表小时,_MM_ 代表分钟,_SS_ 代表秒,请根据实际情况修改: + +``` +# date --set HH:MM:SS +``` + +默认情况下, date命令设置本地时间。要设置UTC时间,添加\-\-utc或-u参数: + +``` +# date --set HH:MM:SS --utc +``` + +例如修改当前的时间为23点26分00秒,在root权限下执行如下命令: + +``` +# date --set 23:26:00 +``` + +#### 修改日期 + +修改当前的日期,添加\-\-set或者-s参数。在root权限下执行如下命令,其中 _YYYY_ 代表年份,_MM_ 代表月份,_DD_ 代表某天,请根据实际情况修改: + +``` +# date --set YYYY-MM-DD +``` + +例如修改当前的日期为2019年11月2日,命令如下: + +``` +# date --set 2019-11-02 +``` + +### 使用hwclock命令设置 + +可以使用 hwclock 命令设置硬件时钟RTC \(Real Time Clock\) 。 + +#### 硬件时钟和系统时钟 + +Linux 将时钟分为: + +- 系统时钟 \(System Clock\) :当前Linux Kernel中的时钟。 +- 硬件时钟 RTC:主板上由电池供电的主板硬件时钟,该时钟可以在BIOS的 "Standard BIOS Feature" 项中进行设置。 + +当Linux启动时,会读取硬件时钟,并根据硬件时间来设置系统时间。 + +#### 显示日期和时间 + +显示当前硬件的日期和时间,在root权限下执行如下命令: + +``` +# hwclock +``` + +例如显示当前硬件的日期和时间,命令和输出如下: + +``` +# hwclock +2019-08-26 10:18:42.528948+08:00 +``` + +#### 设置日期和时间 + +修改当前硬件的日期和时间,在root权限下执行如下命令,其中 _dd_ 表示日,_mm_ 表示月份,_yyyy_ 表示年份,_HH_ 表示小时,_MM_ 表示分钟,请根据实际情况修改: + +``` +# hwclock --set --date "dd mm yyyy HH:MM" +``` + +例如修改当前的时间为2019年10月21日21点17分,命令如下: + +``` +# hwclock --set --date "21 Oct 2019 21:17" --utc +``` + +## 设置kdump +本节介绍如何设置kdump预留内存及kdump配置文件参数修改。 + + + +### 设置kdump预留内存 +#### 预留内存参数格式 + +kdump预留内存参数必须添加到内核启动参数中,配置文件为/boot/efi/EFI/openEuler/grub.cfg,openEuler发布版本中默认已经添加,可以根据实际使用情况调整。添加和修改启动参数后,重启系统生效。kdump预留内存参数格式如下: + +| 内核启动参数 | 描述 | 默认值 | 备注 | +|--------------------|-------------------------------------------|---------------|------------------------------------------------------------| +| crashkernel=x | 在4G以下的物理内存预留x大小的内存给kdump使用。 | x86版本默认配置512M | 该配置方法只在4G以下内存预留,必须保证4G以下连续可用内存足够预留。 | +| crashkernel=x@y | 在y起始地址预留x大小的内存给kdump使用。 | 未使用 | 需要确保y起始地址的x大小的内存未被其他模块预留。 | +| crashkernel=x,high | 在4G以下的物理内存中预留256M内存,在4G以上预留x大小内存给kdump使用。 | arm64版本默认配置1024M,high | 需要确保4G以下有256M连续可用的物理内存,4G以上有连续的x大小的连续物理内存。实际预留内存大小为256M+x。 | +| crashkernel=x,low crashkernel=y,high | 在4G以下的物理内存中预留x大小,在4G以上预留y大小内存给kdump使用。 | 未使用 | 需要确保4G以下有连续的x大小物理内存,4G以上有连续的y大小物理内存。 | + + +### 预留内存推荐值 +| 推荐方案 | 预留参数 | 参数说明 | +|------|------------------------|----------------------------------------------| +| 通用方案 | crashkernel=2048M,high | 4G以下预留256M,4G以上预留2048M内存给kdump使用。共256+2048M。 | +| 经济方案 | crashkernel=1024M,high | 4G以下预留256M,4G以上预留1024M内存给kdump使用。共256+1024M。 推荐系统512G内存以内的场景,并不使用网络转储kdump文件。对于虚拟机场景,可以适当减少内存预留值,推荐虚拟机设置为crashkernel=512M或者crashkernel=256M,high | +>![](./public_sys-resources/icon-note.gif) **说明:** +>不通过网络转储kdump文件时,需要设置kdump文件系统不打包网络相关驱动。网络驱动加载需要申请较大内存,可能导致预留内存不足,kdump失败。因此建议禁用网络相关驱动。 + + +### 禁用网络相关驱动 +kdump配置文件(/etc/kdump.conf)中,dracut参数可以设置裁剪的驱动模块,可以将网络驱动配置到裁剪驱动列表中,让kdump文件系统中不加载该驱动,修改配置文件后,重启kdump服务生效。dracut参数配置如下所示: + +`dracut_args --omit-drivers "mdio-gpi usb_8dev et1011c rt2x00usb bcm-phy-lib mac80211_hwsim rtl8723be rndis_host hns3_cae amd vrf rtl8192cu mt76x02-lib int51x1 ppp_deflate team_mode_loadbalance smsc911x aweth bonding mwifiex_usb hnae dnet rt2x00pci vaser_pci hdlc_ppp marvell rtl8xxxu mlxsw_i2c ath9k_htc rtl8150 smc91x cortina at803x rockchip cxgb4 spi_ks8995 mt76x2u smsc9420 mdio-cavium bnxt_en ch9200 dummy macsec ice mt7601u rtl8188ee ixgbevf net1080 liquidio_vf be2net mlxsw_switchx2 gl620a xilinx_gmii2rgmii ppp_generic rtl8192de sja1000_platform ath10k_core cc770_platform realte igb c_can_platform c_can ethoc dm9601 smsc95xx lg-vl600 ifb enic ath9 mdio-octeon ppp_mppe ath10k_pci cc770 team_mode_activebackup marvell10g hinic rt2x00lib mlx4_en iavf broadcom igc c_can_pci alx rtl8192se rtl8723ae microchip lan78xx atl1c rtl8192c-common almia ax88179_178a qed netxen_nic brcmsmac rt2800usb e1000 qla3xxx mdio-bitbang qsemi mdio-mscc-miim plx_pci ipvlan r8152 cx82310_eth slhc mt76x02-usb ems_pci xen-netfront usbnet pppoe mlxsw_minimal mlxsw_spectrum cdc_ncm rt2800lib rtl_usb hnae3 ath9k_common ath9k_hw catc mt76 hns_enet_drv ppp_async huawei_cdc_ncm i40e rtl8192ce dl2 qmi_wwan mii peak_usb plusb can-dev slcan amd-xgbe team_mode_roundrobin ste10Xp thunder_xcv pptp thunder_bgx ixgbe davicom icplus tap tun smsc75xx smsc dlci hns_dsaf mlxsw_core rt2800mmi softing uPD60620 vaser_usb dp83867 brcmfmac mwifiex_pcie mlx4_core micrel team macvlan bnx2 virtio_net rtl_pci zaurus hns_mdi libcxgb hv_netvsc nicvf mt76x0u teranetics mlxfw cdc_eem qcom-emac pppox mt76-usb sierra_net i40evf bcm87xx mwifiex pegasus rt2x00mmi sja1000 ena hclgevf cnic cxgb4vf ppp_synctty iwlmvm team_mode_broadcast vxlan vsockmon hdlc_cisc rtl8723-common bsd_comp fakelb dp83822 dp83tc811 cicada fm10 8139t sfc hs geneve hclge xgene-enet-v2 cdc_mbim hdlc asix netdevsim rt2800pci team_mode_random lxt ems_usb mlxsw_pci sr9700 mdio-thunder mlxsw_switchib macvtap atlantic cdc_ether mcs7830 nicpf mdi peak_pci atl1e cdc_subset ipvtap btcoexist mt76x0-common veth slip iwldvm bcm7xxx vitesse netconsole epic100 myri10ge r8169 qede microchip_t1 liquidi bnx2x brcmutil mwifiex_sdi mlx5_core rtlwifi vmxnet3 nlmon hns3 hdlc_raw esd_usb2 atl2 mt76x2-common iwlwifi mdio-bcm-unimac national ath rtwpci rtw88 nfp rtl8821ae fjes thunderbolt-net 8139cp atl1 mscc vcan dp83848 dp83640 hdlc_fr e1000e ipheth net_failover aquantia rtl8192ee igbvf rocker intel-xway tg3" --omit "ramdisk network ifcfg qemu-net" --install "chmod" --nofscks` + +## 设置磁盘调度算法 +本节介绍如何设置磁盘调度算法。 + + + +### 临时修改调度策略 + +例如将所有IO调度算法修改为mq-deadline,此修改重启后会失效。 +``` +echo mq-deadline > /sys/block/sd*/queue/scheduler +``` + +### 永久设置调度策略 + +可以通过在内核启动配置文件grub.cfg中的kernel行追加:elevator=mq-deadline,重启后生效。 +``` +linux /vmlinuz-4.19.90-2003.4.0.0036.oe1.x86_64 root=/dev/mapper/openeuler-root ro resume=/dev/mapper/openeuler-swap rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap quiet crashkernel=512M elevator=mq-deadline +``` diff --git "a/content/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" "b/docs/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" similarity index 99% rename from "content/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" rename to "docs/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" index f77d385e17dec27ef5d1fccce199932bca11d848..d1cbc9f4337f20bf1a976623d797d9225cc3fa6b 100644 --- "a/content/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" +++ "b/docs/zh/docs/Administration/\346\220\255\345\273\272FTP\346\234\215\345\212\241\345\231\250.md" @@ -92,7 +92,7 @@ FTP的正常工作需要使用到多个网络端口,服务器端会使用到 tcp6 0 0 :::21 :::* LISTEN 19716/vsftpd ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >如果没有**netstat**命令,可以执行**dnf install net-tools**命令安装后再使用**netstat**命令。 - 停止vsftpd服务 @@ -173,7 +173,7 @@ FTP的正常工作需要使用到多个网络端口,服务器端会使用到 ### 默认配置说明 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >文档中的配置内容仅供参考,请用户根据实际情况(例如安全加固需要)进行修改。 openEuler系统中 ,vsftpd默认不开放匿名用户,使用vim命令查看主配置文件,其内容如下: @@ -390,7 +390,7 @@ ftp> bye 221 Goodbye. ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >如果没有**ftp**命令,可以在root权限下执行**dnf install ftp**命令安装后再使用**ftp**命令。 @@ -488,7 +488,7 @@ ftp> ftp> mget *.* ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >- 此时每下载一个文件,都会有提示信息。如果要屏蔽提示信息,则在 **mget \*.\*** 命令前先执行**prompt off** >- 文件都被下载到Linux主机的当前目录下。比如,在/home/myopenEuler/下运行的ftp命令,则文件都下载到/home/myopenEuler/下。 diff --git "a/content/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" "b/docs/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" similarity index 83% rename from "content/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" rename to "docs/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" index dcc2d240f784cbf274403312525b67d3ae6da91f..81860830379a5c3131a9094a27fdde8d3d9090f7 100644 --- "a/content/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" +++ "b/docs/zh/docs/Administration/\346\220\255\345\273\272repo\346\234\215\345\212\241\345\231\250.md" @@ -1,400 +1,400 @@ -# 搭建repo服务器 - ->![](public_sys-resources/icon-note.gif) **说明:** ->openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](../Releasenotes/系统安装.md)。若用户无法在线获取openEuler repo源,则可使用openEuler提供的ISO发布包创建为本地openEuler repo源。本章节中以openEuler-20.03-LTS-aarch64-dvd.iso发布包为例,请根据实际需要的ISO发布包进行修改。 - - - -- [搭建repo服务器](#搭建repo服务器) - - [概述](#概述) - - [创建/更新本地repo源](#创建更新本地repo源) - - [获取ISO发布包](#获取iso发布包) - - [挂载ISO创建repo源](#挂载iso创建repo源) - - [创建本地repo源](#创建本地repo源) - - [更新repo源](#更新repo源) - - [部署远端repo源](#部署远端repo源) - - [nginx安装与配置](#nginx安装与配置) - - [启动nginx服务](#启动nginx服务) - - [repo源部署](#repo源部署) - - [使用repo源](#使用repo源) - - [repo配置为yum源(软件源)](#repo配置为yum源软件源) - - [repo优先级](#repo优先级) - - [dnf相关命令](#dnf相关命令) - - - -## 概述 - -将openEuler提供的ISO发布包openEuler-20.03-LTS-aarch64-dvd.iso创建为repo源,如下以使用nginx进行repo源部署,提供http服务为例进行说明。 - -## 创建/更新本地repo源 - -使用mount挂载,将openEuler的ISO发布包openEuler-20.03-LTS-aarch64-dvd.iso创建为repo源,并能够对repo源进行更新。 -### 获取ISO发布包 - -请从如下网址获取openEuler的ISO发布包: - -[https://repo.openeuler.org/openEuler-20.03-LTS/ISO/](https://repo.openeuler.org/openEuler-20.03-LTS/ISO/) - -### 挂载ISO创建repo源 - -在root权限下使用mount命令挂载ISO发布包。 - -示例如下: - -``` -# mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ -``` - -挂载好的mnt目录如下: - -``` -. -│── boot.catalog -│── docs -│── EFI -│── images -│── Packages -│── repodata -│── TRANS.TBL -└── RPM-GPG-KEY-openEuler -``` - -其中,Packages为rpm包所在的目录,repodata为repo源元数据所在的目录,RPM-GPG-KEY-openEuler为openEuler的签名公钥。 - -### 创建本地repo源 - -可以拷贝ISO发布包中相关文件至本地目录以创建本地repo源,示例如下: - -``` -# mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ -$ mkdir -p ~/srv/repo/ -$ cp -r /mnt/Packages ~/srv/repo/ -$ cp -r /mnt/repodata ~/srv/repo/ -$ cp -r /mnt/RPM-GPG-KEY-openEuler ~/srv/repo/ -``` - -从而本地repo目录如下: - -``` -. -│── Packages -│── repodata -└── RPM-GPG-KEY-openEuler -``` - -Packages为rpm包所在的目录,repodata为repo源元数据所在的目录,RPM-GPG-KEY-openEuler为openEuler的签名公钥。 - -### 更新repo源 - -更新repo源有两种方式: - -- 通过新版本的ISO更新已有的repo源,与创建repo源的方式相同,即挂载ISO发布包或重新拷贝ISO发布包至本地目录。 - -- 在repo源的Packages目录下添加rpm包,然后通过createrepo命令更新repo源 - - ``` - $ createrepo --update --workers=10 ~/srv/repo - ``` - - 其中,\-\-update表示更新,\-\-workers表示线程数,可自定义。 - - >![](public_sys-resources/icon-note.gif) **说明:** - >若命令打印信息为“createrepo:未找到命令”,则表示未安装createrepo软件,可在root权限下执行**dnf install createrepo**进行安装。 - - -## 部署远端repo源 - -安装openEuler操作系统,在openEuler上通过nginx部署repo源。 -### nginx安装与配置 - -1. 请自行下载nginx工具并在root权限下安装nginx。 -2. 安装nginx之后,在root权限下配置/etc/nginx/nginx.conf。 - - >![](public_sys-resources/icon-note.gif) **说明:** - >文档中的配置内容仅供参考,请用户根据实际情况(例如安全加固需要)进行配置。 - - ``` - user nginx; - worker_processes auto; # 建议设置为core-1 - error_log /var/log/nginx/error.log warn; # log存放位置 - pid /var/run/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - sendfile on; - keepalive_timeout 65; - - server { - listen 80; - server_name localhost; # 服务器名(url) - client_max_body_size 4G; - root /usr/share/nginx/repo; # 服务默认目录 - - location / { - autoindex on; # 开启访问目录下层文件 - autoindex_exact_size on; - autoindex_localtime on; - } - - } - - } - ``` - - -### 启动nginx服务 - -1. 在root权限下通过systemd启动nginx服务: - - ``` - # systemctl enable nginx - # systemctl start nginx - ``` - -2. nginx是否启动成功可通过下面命令查看: - - ``` - $ systemctl status nginx - ``` - - - [图1](#zh-cn_topic_0151920971_fd25e3f1d664b4087ae26631719990a71)表示nginx服务启动成功 - - **图 1** nginx服务启动成功 - ![](figures/nginx服务启动成功.png "nginx服务启动成功") - - - 若nginx服务启动失败,查看错误信息: - - ``` - $ systemctl status nginx.service --full - ``` - - **图 2** nginx服务启动失败 - ![](figures/nginx服务启动失败.png "nginx服务启动失败") - - 如[图2](#zh-cn_topic_0151920971_f1f9f3d086e454b9cba29a7cae96a4c54)所示nginx服务创建失败,是由于目录/var/spool/nginx/tmp/client\_body创建失败,在root权限下手动进行创建,类似的问题也这样处理: - - ``` - # mkdir -p /var/spool/nginx/tmp/client_body - # mkdir -p /var/spool/nginx/tmp/proxy - # mkdir -p /var/spool/nginx/tmp/fastcgi - # mkdir -p /usr/share/nginx/uwsgi_temp - # mkdir -p /usr/share/nginx/scgi_temp - ``` - - -### repo源部署 - -1. 在root权限下创建nginx配置文件/etc/nginx/nginx.conf中指定的目录/usr/share/nginx/repo: - - ``` - # mkdir -p /usr/share/nginx/repo - ``` - -2. 在root权限下修改目录/usr/share/nginx/repo的权限: - - ``` - # chmod -R 755 /usr/share/nginx/repo - ``` - -3. 设置防火墙规则,开启nginx设置的端口(此处为80端口),在root权限下通过firewall设置端口开启: - - ``` - # firewall-cmd --add-port=80/tcp --permanent - # firewall-cmd --reload - ``` - - 在root权限下查询80端口是否开启成功,输出为yes则表示80端口开启成功: - - ``` - # firewall-cmd --query-port=80/tcp - ``` - - 也可在root权限下通过iptables来设置80端口开启: - - ``` - # iptables -I INPUT -p tcp --dport 80 -j ACCEPT - ``` - -4. nginx服务设置好之后,即可通过ip直接访问网页,如[图3](#zh-cn_topic_0151921017_fig1880404110396): - - **图 3** nginx部署成功 - ![](figures/nginx部署成功.png "nginx部署成功") - -5. 通过下面几种方式将repo源放入到/usr/share/nginx/repo下: - - 在root权限下拷贝镜像中相关文件至/usr/share/nginx/repo下,并修改目录权限。 - - ``` - # mount /home/openEuler/openEuler-20.03-LTS-aarch64-dvd.iso /mnt/ - # cp -r /mnt/Packages /usr/share/nginx/repo - # cp -r /mnt/repodata /usr/share/nginx/repo - # cp -r /mnt/RPM-GPG-KEY-openEuler /usr/share/nginx/repo - # chmod -R 755 /usr/share/nginx/repo - ``` - - openEuler-20.03-LTS-aarch64-dvd.iso存放在/home/openEuler目录下。 - - - 使用root在/usr/share/nginx/repo下创建repo源的软链接。 - - ``` - # ln -s /mnt /usr/share/nginx/repo/os - ``` - - /mnt为已经创建好的repo源,/usr/share/nginx/repo/os将指向/mnt。 - - - -## 使用repo源 - -repo可配置为yum源,yum(全称为 Yellow dog Updater, Modified)是一个Shell前端软件包管理器。基于RPM包管理,能够从指定的服务器自动下载RPM包并且安装,可以自动处理依赖性关系,并且一次安装所有依赖的软体包,无须繁琐地一次次下载和安装。 -### repo配置为yum源(软件源) - -构建好的repo可以配置为yum源使用,在/etc/yum.repos.d/目录下使用root权限创建\*\*\*.repo的配置文件(必须以.repo为扩展名),分为本地和http服务器配置yum源两种方式: - -- 配置本地yum源 - - 在/etc/yum.repos.d目录下创建openEuler.repo文件,使用构建的本地repo源作为yum源,openEuler.repo的内容如下: - - ``` - [base] - name=base - baseurl=file:///home/openEuler/srv/repo - enabled=1 - gpgcheck=1 - gpgkey=file:///home/openEuler/srv/repo/RPM-GPG-KEY-openEuler - ``` - - >![](public_sys-resources/icon-note.gif) **说明:** - > - \[*repoid*\]中的repoid为软件仓库(repository)的ID号,所有.repo配置文件中的各repoid不能重复,必须唯一。示例中repoid设置为**base**。 - > - name为软件仓库描述的字符串。 - > - baseurl为软件仓库的地址。 - > - enabled为是否启用该软件源仓库,可选值为1和0。默认值为1,表示启用该软件源仓库。 - > - gpgcheck可设置为1或0,1表示进行gpg(GNU Private Guard)校验,0表示不进行gpg校验,gpgcheck可以确定rpm包的来源是有效和安全的。 - > - gpgkey为验证签名用的公钥。 - -- 配置http服务器yum源 - - 在/etc/yum.repos.d目录下创建openEuler.repo文件。 - - - 若使用用户部署的http服务端的repo源作为yum源,openEuler.repo的内容如下: - - ``` - [base] - name=base - baseurl=http://192.168.139.209/ - enabled=1 - gpgcheck=1 - gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler - ``` - - >![](public_sys-resources/icon-note.gif) **说明:** - >“192.168.139.209”为示例地址,请用户根据实际情况进行配置。 - - - 若使用openEuler提供的openEuler repo源作为yum源,以AArch64架构的OS repo源为例,openEuler.repo的内容如下: - - ``` - [base] - name=base - baseurl=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/ - enabled=1 - gpgcheck=1 - gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS/OS/aarch64/RPM-GPG-KEY-openEuler - ``` - - - -### repo优先级 - -当有多个repo源时,可通过在.repo文件的priority参数设置repo的优先级(如果不设置,默认优先级是99,当相同优先级的源中存在相同rpm包时,会安装最新的版本)。其中,1为最高优先级,99为最低优先级,如给openEuler.repo配置优先级为2: - -``` -[base] -name=base -baseurl=http://192.168.139.209/ -enabled=1 -priority=2 -gpgcheck=1 -gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler -``` - -### dnf相关命令 - -dnf命令在安装升级时能够自动解析包的依赖关系,一般的使用方式如下: - -``` -dnf -``` - -常用的命令如下: - -- 安装,需要在root权限下执行。 - - ``` - # dnf install - ``` - -- 升级,需要在root权限下执行。 - - ``` - # dnf update - ``` - -- 回退,需要在root权限下执行。 - - ``` - # dnf downgrade - ``` - -- 检查更新 - - ``` - $ dnf check-update - ``` - -- 卸载,需要在root权限下执行。 - - ``` - # dnf remove - ``` - -- 查询 - - ``` - $ dnf search - ``` - -- 本地安装,需要在root权限下执行。 - - ``` - # dnf localinstall - ``` - -- 查看历史记录 - - ``` - $ dnf history - ``` - -- 清除缓存目录 - - ``` - $ dnf clean all - ``` - -- 更新缓存 - - ``` - $ dnf makecache - ``` - +# 搭建repo服务器 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](./../Releasenotes/系统安装.md)。若用户无法在线获取openEuler repo源,则可使用openEuler提供的ISO发布包创建为本地openEuler repo源。本章节中以openEuler-20.03-LTS-SP1-aarch64-dvd.iso发布包为例,请根据实际需要的ISO发布包进行修改。 + + + +- [搭建repo服务器](#搭建repo服务器) + - [概述](#概述) + - [创建/更新本地repo源](#创建更新本地repo源) + - [获取ISO发布包](#获取iso发布包) + - [挂载ISO创建repo源](#挂载iso创建repo源) + - [创建本地repo源](#创建本地repo源) + - [更新repo源](#更新repo源) + - [部署远端repo源](#部署远端repo源) + - [nginx安装与配置](#nginx安装与配置) + - [启动nginx服务](#启动nginx服务) + - [repo源部署](#repo源部署) + - [使用repo源](#使用repo源) + - [repo配置为yum源(软件源)](#repo配置为yum源软件源) + - [repo优先级](#repo优先级) + - [dnf相关命令](#dnf相关命令) + + + +## 概述 + +将openEuler提供的ISO发布包openEuler-20.03-LTS-SP1-aarch64-dvd.iso创建为repo源,如下以使用nginx进行repo源部署,提供http服务为例进行说明。 + +## 创建/更新本地repo源 + +使用mount挂载,将openEuler的ISO发布包openEuler-20.03-LTS-SP1-aarch64-dvd.iso创建为repo源,并能够对repo源进行更新。 +### 获取ISO发布包 + +请从如下网址获取openEuler的ISO发布包: + +[https://repo.openeuler.org/openEuler-20.03-LTS-SP1/ISO/](https://repo.openeuler.org/openEuler-20.03-LTS-SP1/ISO/) + +### 挂载ISO创建repo源 + +在root权限下使用mount命令挂载ISO发布包。 + +示例如下: + +``` +# mount /home/openEuler/openEuler-20.03-LTS-SP1-aarch64-dvd.iso /mnt/ +``` + +挂载好的mnt目录如下: + +``` +. +│── boot.catalog +│── docs +│── EFI +│── images +│── Packages +│── repodata +│── TRANS.TBL +└── RPM-GPG-KEY-openEuler +``` + +其中,Packages为rpm包所在的目录,repodata为repo源元数据所在的目录,RPM-GPG-KEY-openEuler为openEuler的签名公钥。 + +### 创建本地repo源 + +可以拷贝ISO发布包中相关文件至本地目录以创建本地repo源,示例如下: + +``` +# mount /home/openEuler/openEuler-20.03-LTS-SP1-aarch64-dvd.iso /mnt/ +$ mkdir -p ~/srv/repo/ +$ cp -r /mnt/Packages ~/srv/repo/ +$ cp -r /mnt/repodata ~/srv/repo/ +$ cp -r /mnt/RPM-GPG-KEY-openEuler ~/srv/repo/ +``` + +从而本地repo目录如下: + +``` +. +│── Packages +│── repodata +└── RPM-GPG-KEY-openEuler +``` + +Packages为rpm包所在的目录,repodata为repo源元数据所在的目录,RPM-GPG-KEY-openEuler为openEuler的签名公钥。 + +### 更新repo源 + +更新repo源有两种方式: + +- 通过新版本的ISO更新已有的repo源,与创建repo源的方式相同,即挂载ISO发布包或重新拷贝ISO发布包至本地目录。 + +- 在repo源的Packages目录下添加rpm包,然后通过createrepo命令更新repo源 + + ``` + $ createrepo --update --workers=10 ~/srv/repo + ``` + + 其中,\-\-update表示更新,\-\-workers表示线程数,可自定义。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >若命令打印信息为“createrepo:未找到命令”,则表示未安装createrepo软件,可在root权限下执行**dnf install createrepo**进行安装。 + + +## 部署远端repo源 + +安装openEuler操作系统,在openEuler上通过nginx部署repo源。 +### nginx安装与配置 + +1. 请自行下载nginx工具并在root权限下安装nginx。 +2. 安装nginx之后,在root权限下配置/etc/nginx/nginx.conf。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >文档中的配置内容仅供参考,请用户根据实际情况(例如安全加固需要)进行配置。 + + ``` + user nginx; + worker_processes auto; # 建议设置为core-1 + error_log /var/log/nginx/error.log warn; # log存放位置 + pid /var/run/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + sendfile on; + keepalive_timeout 65; + + server { + listen 80; + server_name localhost; # 服务器名(url) + client_max_body_size 4G; + root /usr/share/nginx/repo; # 服务默认目录 + + location / { + autoindex on; # 开启访问目录下层文件 + autoindex_exact_size on; + autoindex_localtime on; + } + + } + + } + ``` + + +### 启动nginx服务 + +1. 在root权限下通过systemd启动nginx服务: + + ``` + # systemctl enable nginx + # systemctl start nginx + ``` + +2. nginx是否启动成功可通过下面命令查看: + + ``` + $ systemctl status nginx + ``` + + - [图1](#zh-cn_topic_0151920971_fd25e3f1d664b4087ae26631719990a71)表示nginx服务启动成功 + + **图 1** nginx服务启动成功 + ![](./figures/nginx-start-success.png "nginx服务启动成功") + + - 若nginx服务启动失败,查看错误信息: + + ``` + $ systemctl status nginx.service --full + ``` + + **图 2** nginx服务启动失败 + ![](./figures/nginx-start-failed.png "nginx服务启动失败") + + 如[图2](#zh-cn_topic_0151920971_f1f9f3d086e454b9cba29a7cae96a4c54)所示nginx服务创建失败,是由于目录/var/spool/nginx/tmp/client\_body创建失败,在root权限下手动进行创建,类似的问题也这样处理: + + ``` + # mkdir -p /var/spool/nginx/tmp/client_body + # mkdir -p /var/spool/nginx/tmp/proxy + # mkdir -p /var/spool/nginx/tmp/fastcgi + # mkdir -p /usr/share/nginx/uwsgi_temp + # mkdir -p /usr/share/nginx/scgi_temp + ``` + + +### repo源部署 + +1. 在root权限下创建nginx配置文件/etc/nginx/nginx.conf中指定的目录/usr/share/nginx/repo: + + ``` + # mkdir -p /usr/share/nginx/repo + ``` + +2. 在root权限下修改目录/usr/share/nginx/repo的权限: + + ``` + # chmod -R 755 /usr/share/nginx/repo + ``` + +3. 设置防火墙规则,开启nginx设置的端口(此处为80端口),在root权限下通过firewall设置端口开启: + + ``` + # firewall-cmd --add-port=80/tcp --permanent + # firewall-cmd --reload + ``` + + 在root权限下查询80端口是否开启成功,输出为yes则表示80端口开启成功: + + ``` + # firewall-cmd --query-port=80/tcp + ``` + + 也可在root权限下通过iptables来设置80端口开启: + + ``` + # iptables -I INPUT -p tcp --dport 80 -j ACCEPT + ``` + +4. nginx服务设置好之后,即可通过ip直接访问网页,如[图3](#zh-cn_topic_0151921017_fig1880404110396): + + **图 3** nginx部署成功 + ![](./figures/nginx-deploy-success.png "nginx部署成功") + +5. 通过下面几种方式将repo源放入到/usr/share/nginx/repo下: + - 在root权限下拷贝镜像中相关文件至/usr/share/nginx/repo下,并修改目录权限。 + + ``` + # mount /home/openEuler/openEuler-20.03-LTS-SP1-aarch64-dvd.iso /mnt/ + # cp -r /mnt/Packages /usr/share/nginx/repo + # cp -r /mnt/repodata /usr/share/nginx/repo + # cp -r /mnt/RPM-GPG-KEY-openEuler /usr/share/nginx/repo + # chmod -R 755 /usr/share/nginx/repo + ``` + + openEuler-20.03-LTS-SP1-aarch64-dvd.iso存放在/home/openEuler目录下。 + + - 使用root在/usr/share/nginx/repo下创建repo源的软链接。 + + ``` + # ln -s /mnt /usr/share/nginx/repo/os + ``` + + /mnt为已经创建好的repo源,/usr/share/nginx/repo/os将指向/mnt。 + + + +## 使用repo源 + +repo可配置为yum源,yum(全称为 Yellow dog Updater, Modified)是一个Shell前端软件包管理器。基于RPM包管理,能够从指定的服务器自动下载RPM包并且安装,可以自动处理依赖性关系,并且一次安装所有依赖的软体包,无须繁琐地一次次下载和安装。 +### repo配置为yum源(软件源) + +构建好的repo可以配置为yum源使用,在/etc/yum.repos.d/目录下使用root权限创建\*\*\*.repo的配置文件(必须以.repo为扩展名),分为本地和http服务器配置yum源两种方式: + +- 配置本地yum源 + + 在/etc/yum.repos.d目录下创建openEuler.repo文件,使用构建的本地repo源作为yum源,openEuler.repo的内容如下: + + ``` + [base] + name=base + baseurl=file:///home/openEuler/srv/repo + enabled=1 + gpgcheck=1 + gpgkey=file:///home/openEuler/srv/repo/RPM-GPG-KEY-openEuler + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + > - \[*repoid*\]中的repoid为软件仓库(repository)的ID号,所有.repo配置文件中的各repoid不能重复,必须唯一。示例中repoid设置为**base**。 + > - name为软件仓库描述的字符串。 + > - baseurl为软件仓库的地址。 + > - enabled为是否启用该软件源仓库,可选值为1和0。默认值为1,表示启用该软件源仓库。 + > - gpgcheck可设置为1或0,1表示进行gpg(GNU Private Guard)校验,0表示不进行gpg校验,gpgcheck可以确定rpm包的来源是有效和安全的。 + > - gpgkey为验证签名用的公钥。 + +- 配置http服务器yum源 + + 在/etc/yum.repos.d目录下创建openEuler.repo文件。 + + - 若使用用户部署的http服务端的repo源作为yum源,openEuler.repo的内容如下: + + ``` + [base] + name=base + baseurl=http://192.168.139.209/ + enabled=1 + gpgcheck=1 + gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >“192.168.139.209”为示例地址,请用户根据实际情况进行配置。 + + - 若使用openEuler提供的openEuler repo源作为yum源,以AArch64架构的OS repo源为例,openEuler.repo的内容如下: + + ``` + [base] + name=base + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/ + enabled=1 + gpgcheck=1 + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/RPM-GPG-KEY-openEuler + ``` + + + +### repo优先级 + +当有多个repo源时,可通过在.repo文件的priority参数设置repo的优先级(如果不设置,默认优先级是99,当相同优先级的源中存在相同rpm包时,会安装最新的版本)。其中,1为最高优先级,99为最低优先级,如给openEuler.repo配置优先级为2: + +``` +[base] +name=base +baseurl=http://192.168.139.209/ +enabled=1 +priority=2 +gpgcheck=1 +gpgkey=http://192.168.139.209/RPM-GPG-KEY-openEuler +``` + +### dnf相关命令 + +dnf命令在安装升级时能够自动解析包的依赖关系,一般的使用方式如下: + +``` +dnf +``` + +常用的命令如下: + +- 安装,需要在root权限下执行。 + + ``` + # dnf install + ``` + +- 升级,需要在root权限下执行。 + + ``` + # dnf update + ``` + +- 回退,需要在root权限下执行。 + + ``` + # dnf downgrade + ``` + +- 检查更新 + + ``` + $ dnf check-update + ``` + +- 卸载,需要在root权限下执行。 + + ``` + # dnf remove + ``` + +- 查询 + + ``` + $ dnf search + ``` + +- 本地安装,需要在root权限下执行。 + + ``` + # dnf localinstall + ``` + +- 查看历史记录 + + ``` + $ dnf history + ``` + +- 清除缓存目录 + + ``` + $ dnf clean all + ``` + +- 更新缓存 + + ``` + $ dnf makecache + ``` + diff --git "a/content/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" "b/docs/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" similarity index 98% rename from "content/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" rename to "docs/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" index b0878f072c7e5585f45877ba0756ea253b75a119..47a06bc374adce4ce9442eb593b1a7a6778dbe88 100644 --- "a/content/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" +++ "b/docs/zh/docs/Administration/\346\220\255\345\273\272web\346\234\215\345\212\241\345\231\250.md" @@ -39,7 +39,7 @@ openEuler系统中的web服务器版本是Apache HTTP服务器2.4版本,即htt # dnf install httpd ``` - 更多关于管理服务的内容,请参见[管理服务](管理服务.html)。 + 更多关于管理服务的内容,请参见[管理服务](./管理服务.html)。 - 启动、停止和重启httpd服务,需要使用root权限。 @@ -60,7 +60,7 @@ openEuler系统中的web服务器版本是Apache HTTP服务器2.4版本,即htt ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >假如正在运行的Apache HTTP服务器作为一个安全服务器,系统开机启动后需要密码,这个密码使用的是加密的私有SSL密钥。 #### 停止服务 @@ -157,7 +157,7 @@ $ systemctl is-active httpd Syntax OK ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 在修改配置文件之前,请先备份原始文件,以便出现问题时能够快速恢复配置文件。 >- 需要重启web服务,才能使修改后的配置文件生效。 @@ -198,7 +198,7 @@ httpd服务是一个模块化的应用,它和许多动态共享对象DSO(Dyn ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >**httpd 的常用命令** > >- httpd -v : 查看httpd的版本号。 @@ -316,7 +316,7 @@ Nginx 是一款轻量级的 Web 服务器/反向代理服务器及电子邮件 ### 安装 -1. 配置本地yum源,详细信息请参考[搭建repo服务器](搭建repo服务器.html)。 +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。 2. 清除缓存。 ``` @@ -352,7 +352,7 @@ Nginx 是一款轻量级的 Web 服务器/反向代理服务器及电子邮件 - 为了能够使用nginx服务,请确保您的系统中已经安装nginx服务。若未安装,可参考[安装](#安装)进行安装。 - 更多关于管理服务的内容,请参见[管理服务](管理服务.html)。 + 更多关于管理服务的内容,请参见[管理服务](./管理服务.html)。 - 启动、停止和重启nginx服务,需要使用root权限。 @@ -373,7 +373,7 @@ Nginx 是一款轻量级的 Web 服务器/反向代理服务器及电子邮件 ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >假如正在运行的nginx服务器作为一个安全服务器,系统开机启动后需要密码,这个密码使用的是加密的私有SSL密钥。 #### 停止服务 @@ -466,7 +466,7 @@ $ systemctl is-active nginx 如果回显信息中有“syntax is ok”,说明配置文件语法正确。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 在修改配置文件之前,请先备份原始文件,以便出现问题时能够快速恢复配置文件。 >- 需要重启web服务,才能使修改后的配置文件生效。 diff --git "a/content/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" "b/docs/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" similarity index 93% rename from "content/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" rename to "docs/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" index a6a66a23842316b8a1329110c09784b8b207e0c1..c53c5a12ba51408eaffbb676585ca645cdfc8686 100644 --- "a/content/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" +++ "b/docs/zh/docs/Administration/\346\220\255\345\273\272\346\225\260\346\215\256\345\272\223\346\234\215\345\212\241\345\231\250.md" @@ -28,7 +28,7 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1](#table62020913417)所示。 **图 1** PostgreSql架构 -![](figures/PostgreSql架构.png "PostgreSql架构") +![](./figures/PostgreSQL_architecture.png) **表 1** PostgreSql中的主要进程说明 @@ -105,11 +105,11 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1 ### 配置环境 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >以下环境配置仅为参考示例,具体配置视实际需求做配置 #### 关闭防火墙并取消开机自启动 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 1. 在root权限下停止防火墙。 @@ -124,7 +124,7 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1 # systemctl disable firewalld ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >执行disable命令关闭防火墙的同时,也取消了开机自启动。 @@ -139,7 +139,7 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1 #### 创建组和用户 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 1. 在root权限下创建PostgreSQL用户(组)。 @@ -161,7 +161,7 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1 #### 搭建数据盘 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 测试极限性能时,建议单独挂载IO性能更优的NVME SSD存储介质创建PostgreSQL测试实例,避免磁盘IO对性能测试结果的影响,本文以单独挂载NVME SSD为例,参考步骤1\~步骤4。 >- 非性能测试时,在root权限下执行以下命令,创建数据目录即可。然后跳过本小节: > \# mkdir /data @@ -194,10 +194,10 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1 ``` -### 安装、运行和卸载 +### 安装、运行和卸载 #### 安装 -1. 配置本地yum源,详细信息请参考[搭建repo服务器](搭建repo服务器.html)。 +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。 2. 清除缓存。 ``` @@ -226,7 +226,7 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1 #### 运行 ##### 初始化数据库 ->![](public_sys-resources/icon-notice.gif) **须知:** +>![](./public_sys-resources/icon-notice.gif) **须知:** >此步骤在postgres用户下操作。 1. 切换到已创建的PostgreSQL用户。 @@ -258,7 +258,7 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1 命令执行后,打印信息如下图所示,PostgreSQL相关进程已经正常启动了。 - ![](figures/postgres.png) + ![](./figures/postgres.png) ##### 登录数据库 @@ -269,9 +269,9 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1 $ /usr/bin/psql -U postgres ``` - ![](figures/登录.png) + ![](./figures/login.png) - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >初次登录数据库,无需密码。 @@ -283,7 +283,7 @@ PostgreSQL的架构如[图1](#fig26022387391)所示,主要进程说明如[表1 postgres=#alter user postgres with password '123456'; ``` - ![](figures/zh-cn_image_0230050789.png) + ![](./figures/zh-cn_image_0230050789.png) ##### 退出数据库 @@ -702,7 +702,7 @@ postgres=# \l; 可以使用DROP DATABASE语句或dropdb来删除数据库。dropdb是对DROP DATABASE命令的封装,需要在shell界面执行,而不是在数据库界面。 ->![](public_sys-resources/icon-caution.gif) **注意:** +>![](./public_sys-resources/icon-caution.gif) **注意:** >删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 ``` @@ -790,14 +790,14 @@ psql命令不会自动创建databasename数据库,所以在执行psql恢复数 ``` ## Mariadb服务器 -### 软件介绍 +### 软件介绍 MariaDB数据库管理系统是MySQL的一个分支,主要由开源社区在维护,采用GPL授权许可。MariaDB的目的是完全兼容MySQL,包括API和命令行,使之能轻松成为MySQL的代替品,MariaDB还提供了许多更好的新特性。 MariaDB的架构如[图2](#fig13492418164520)所示。 **图 2** MariaDB逻辑架构 -![](figures/MariaDB逻辑架构.png "MariaDB逻辑架构") +![](./figures/Logical_architecture_MariaDB.png "MariaDB逻辑架构") 当Mariadb接受到Sql语句时,其详细的执行过程如下: @@ -817,13 +817,13 @@ MariaDB的架构如[图2](#fig13492418164520)所示。 - MEMORY,将数据存储在内存当中。 - CSV,将数据存储为CSV格式。 -### 配置环境 +### 配置环境 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >以下环境配置仅为参考示例,具体配置视实际需求做配置 #### 关闭防火墙并取消开机自启动 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 1. 在root权限下停止防火墙。 @@ -838,7 +838,7 @@ MariaDB的架构如[图2](#fig13492418164520)所示。 # systemctl disable firewalld ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >执行disable命令关闭防火墙的同时,也取消了开机自启动。 @@ -853,7 +853,7 @@ MariaDB的架构如[图2](#fig13492418164520)所示。 #### 创建组和用户 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 1. 在root权限下创建MySQL用户(组)。 @@ -877,7 +877,7 @@ MariaDB的架构如[图2](#fig13492418164520)所示。 #### 搭建数据盘 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 进行性能测试时,数据目录使用单独硬盘,需要对硬盘进行格式化并挂载,参考方法一或者方法二 >- 非性能测试时,在root权限下执行以下命令,创建数据目录即可。然后跳过本小节: > \#mkdir /data @@ -916,15 +916,15 @@ MariaDB的架构如[图2](#fig13492418164520)所示。 其中,/dev/nvme0n1p1为示例,具体名称以实际情况为准。 - ![](figures/搭建数据盘.png) + ![](./figures/Creating_DataDisk.png) ##### 方法二:在root权限下使用LVM进行磁盘管理 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >此步骤需要安装镜像中的lvm2相关包,步骤如下: > ->1. 配置本地yum源,详细信息请参考[搭建repo服务器](搭建repo服务器.html)。如果已经执行,则可跳过此步。 +>1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。如果已经执行,则可跳过此步。 >2. 在root权限下执行命令安装lvm2。 > **\# yum install lvm2** @@ -966,7 +966,7 @@ MariaDB的架构如[图2](#fig13492418164520)所示。 其中,/dev/datavg/datalv为示例,具体名称以实际情况为准。 - ![](figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png) + ![](./figures/D1376B2A-D036-41C4-B852-E8368F363B5E.png) #### 创建数据库目录并且授权 @@ -981,10 +981,10 @@ MariaDB的架构如[图2](#fig13492418164520)所示。 ``` -### 安装、运行和卸载 +### 安装、运行和卸载 #### 安装 -1. 配置本地yum源,详细信息请参考[搭建repo服务器](搭建repo服务器.html)。 +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。 2. 清除缓存。 ``` @@ -1034,7 +1034,7 @@ MariaDB的架构如[图2](#fig13492418164520)所示。 命令执行后提示输入密码。密码为[2](#li197143190587)中设置的密码。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >执行 **\\q** 或者 **exit** 可退出数据库。 @@ -1054,7 +1054,7 @@ MariaDB的架构如[图2](#fig13492418164520)所示。 ``` -### 管理数据库用户 +### 管理数据库用户 #### 创建用户 可以使用CREATE USER语句来创建一个或多个用户,并设置相应的口令。 @@ -1169,7 +1169,7 @@ SET PASSWORD FOR 'username'@'hostname' = PASSWORD('newpassword'); - FOR 'username'@'hostname':FOR字句,可选项,指定欲修改密码的用户名及主机名。 - PASSWORD\('newpassword'\):表示使用函数PASSWORD\(\)设置新口令,即新口令必须传递到函数PASSWORD\(\)中进行加密。 ->![](public_sys-resources/icon-caution.gif) **注意:** +>![](./public_sys-resources/icon-caution.gif) **注意:** >PASSWORD\(\)函数为单向加密函数,一旦加密后不能解密出原明文。 在SET PASSWORD语句中,若不加上FOR子句,表示修改当前用户的密码。 @@ -1194,7 +1194,7 @@ FOR字句中必须以'username'@'hostname'的格式给定,username为账户的 DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']…; ``` ->![](public_sys-resources/icon-caution.gif) **注意:** +>![](./public_sys-resources/icon-caution.gif) **注意:** >用户的删除不会影响他们之前所创建的表、索引或其他数据库对象,因为数据库并不会记录创建了这些对象的账号。 DROP USER语句可用于删除一个或多个数据库账号,并删除其原有权限。 @@ -1263,7 +1263,7 @@ REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; > REVOKE INSERT ON *.* FROM 'userexample'@'localhost'; ``` -### 管理数据库 +### 管理数据库 #### 创建数据库 可以使用CREATE DATABASE语句来创建数据库。 @@ -1320,7 +1320,7 @@ USE databasename; 可以使用DROP DATABASE语句来删除数据库。 ->![](public_sys-resources/icon-caution.gif) **注意:** +>![](./public_sys-resources/icon-caution.gif) **注意:** >删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 ``` @@ -1416,7 +1416,7 @@ mysqldump [options] -all-databases > outputfile 可以在root权限下使用mysql命令恢复数据库。 -备份一个或多个表: +恢复一个或多个表: ``` mysql -h hostname -P portnumber -u username -ppassword databasename < infile @@ -1440,7 +1440,7 @@ mysql -h hostname -P portnumber -u username -ppassword databasename < infile ``` ## MySQL服务器 -### 软件介绍 +### 软件介绍 MySQL是一个关系型数据库管理系统,由瑞典MySQL AB公司开发,目前属于Oracle旗下产品。MySQL是业界最流行的RDBMS \(Relational Database Management System,关系数据库管理系统\)之一,尤其在WEB应用方面。 @@ -1448,13 +1448,13 @@ MySQL是一个关系型数据库管理系统,由瑞典MySQL AB公司开发, MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。MySQL软件采用了双授权模式,分为社区版和商业版,由于其体积小、速度快、总体拥有成本低,尤其是开放源码这一特点,一般中小型网站的开发都选择MySQL作为网站数据库。 -### 配置环境 +### 配置环境 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >以下环境配置仅为参考示例,具体配置视实际需求做配置 #### 关闭防火墙并取消开机自启动 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >测试环境下通常会关闭防火墙以避免部分网络因素影响,视实际需求做配置。 1. 在root权限下停止防火墙。 @@ -1469,7 +1469,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 # systemctl disable firewalld ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >执行disable命令关闭防火墙的同时,也取消了开机自启动。 @@ -1484,7 +1484,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 #### 创建组和用户 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >服务器环境下,为了系统安全,通常会为进程分配单独的用户,以实现权限隔离。本章节创建的组和用户都是操作系统层面的,不是数据库层面的。 1. 在root权限下创建MySQL用户(组)。 @@ -1508,7 +1508,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 #### 搭建数据盘 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 进行性能测试时,数据目录使用单独硬盘,需要对硬盘进行格式化并挂载,参考方法一或者方法二 >- 非性能测试时,在root权限下执行以下命令,创建数据目录即可。然后跳过本小节: > \# mkdir /data @@ -1547,14 +1547,14 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 其中,/dev/nvme0n1p1为示例,具体名称以实际情况为准。 - ![](figures/搭建数据盘-0.png) + ![](./figures/Creating_DataDisk-0.png) ##### 方法二:在root权限下使用LVM进行磁盘管理 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >此步骤需要安装镜像中的lvm2相关包,步骤如下: ->1. 配置本地yum源,详细信息请参考[搭建repo服务器](搭建repo服务器.html)。如果已经执行,则可跳过此步。 +>1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)。如果已经执行,则可跳过此步。 >2. 执行命令安装lvm2。 > **\#yum install lvm2** @@ -1596,7 +1596,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 其中,/dev/datavg/datalv为示例,具体名称以实际情况为准。 - ![](figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png) + ![](./figures/D1376B2A-D036-41C4-B852-E8368F363B5E-1.png) #### 创建数据库目录并且授权 @@ -1611,10 +1611,23 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 ``` -### 安装、运行和卸载 +### 安装、运行和卸载 #### 安装 +>![](./public_sys-resources/icon-note.gif) **说明:** +>针对20.03 LTS SP1 版本,如果用户从mysql-8.0.17-3.oe1版本升级到较新版本,使用rpm -Uvh xxx(其中XXX指具体的版本,例如mysql-8.0.21-1.oe1.aarch64.rpm)命令,升级后功能不可用,可以通过以下两种方式进行版本升级(以mysql-8.0.17-3.oe1升级到mysql-8.0.21-1.oe1举例): +> +>方法1,执行如下升级命令实现: + ``` + # rpm -Uvh mysql-8.0.21-1.oe1.aarch64.rpm --noscripts + ``` +> +>方法2,先卸载旧版本的mysql,再安装新版本的mysql,命令如下: + ``` + # rpm -e mysql-8.0.17-3.oe1 + # rpm -ivh mysql-8.0.21-1.oe1.aarch64.rpm + ``` -1. 配置本地yum源,详细信息请参考[搭建repo服务器](搭建repo服务器.html)章节。 +1. 配置本地yum源,详细信息请参考[搭建repo服务器](./搭建repo服务器.html)章节。 2. 清除缓存。 ``` @@ -1630,13 +1643,13 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 4. 在root权限下安装MySQL服务器。 ``` - # dnf install mysql + # dnf install mysql-server ``` 5. 查看安装后的rpm包。 ``` - $ rpm -qa | grep mysql + $ rpm -qa | grep mysql-server ``` @@ -1677,9 +1690,9 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 $ cat /etc/my.cnf ``` - ![](figures/zh-cn_image_0231563132.png) + ![](./figures/zh-cn_image_0231563132.png) - >![](public_sys-resources/icon-caution.gif) **注意:** + >![](./public_sys-resources/icon-caution.gif) **注意:** >其中basedir为软件安装路径,请根据实际情况修改。 3. 在root权限下修改/etc/my.cnf文件的组和用户为mysql:mysql @@ -1695,7 +1708,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 # echo export PATH=$PATH:/usr/local/mysql/bin >> /etc/profile ``` - >![](public_sys-resources/icon-caution.gif) **注意:** + >![](./public_sys-resources/icon-caution.gif) **注意:** >其中PATH中的“/usr/local/mysql/bin“路径,为MySQL软件安装目录下的bin文件的绝对路径。请根据实际情况修改。 2. 在root权限下使环境变量配置生效。 @@ -1706,7 +1719,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 3. 在root权限下初始化数据库。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >本步骤倒数第2行中有初始密码,请注意保存,登录数据库时需要使用。 ``` @@ -1720,7 +1733,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 4. 启动数据库。 - >![](public_sys-resources/icon-caution.gif) **注意:** + >![](./public_sys-resources/icon-caution.gif) **注意:** >如果第一次启动数据库服务,以root用户启动数据库,则启动时会提示缺少mysql.log文件而导致失败。使用mysql用户启动之后,会在/data/mysql/log目录下生成mysql.log文件,再次使用root用户启动则不会报错。 1. 在root权限下修改文件权限。 @@ -1745,7 +1758,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 5. 登录数据库。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >- 提示输入密码时,请输入[3](#li15634560582)产生的初始密码。 >- 如果采用官网RPM安装方式,则mysql文件在/usr/bin目录下。登录数据库的命令根据实际情况修改。 @@ -1753,7 +1766,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 $ /usr/local/mysql/bin/mysql -uroot -p -S /data/mysql/run/mysql.sock ``` - ![](figures/zh-cn_image_0231563134.png) + ![](./figures/zh-cn_image_0231563134.png) 6. 配置数据库帐号密码。 1. 登录数据库以后,修改通过root用户登录数据库的密码。 @@ -1775,7 +1788,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 mysql> flush privileges; ``` - ![](figures/zh-cn_image_0231563135.png) + ![](./figures/zh-cn_image_0231563135.png) 7. 退出数据库。 @@ -1785,7 +1798,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 mysql> exit ``` - ![](figures/zh-cn_image_0231563136.png) + ![](./figures/zh-cn_image_0231563136.png) #### 卸载 @@ -1804,7 +1817,7 @@ MySQL所使用的SQL语言是用于访问数据库的最常用标准化语言。 ``` -### 管理数据库用户 +### 管理数据库用户 #### 创建用户 可以使用CREATE USER语句来创建一个或多个用户,并设置相应的口令。 @@ -1941,7 +1954,7 @@ FOR字句中必须以'username'@'hostname'的格式给定,username为账户的 DROP USER 'username1'@'hostname1' [,'username2'@'hostname2']…; ``` ->![](public_sys-resources/icon-caution.gif) **注意:** +>![](./public_sys-resources/icon-caution.gif) **注意:** >用户的删除不会影响他们之前所创建的表、索引或其他数据库对象,因为数据库并不会记录创建了这些对象的账号。 DROP USER语句可用于删除一个或多个数据库账号,并删除其原有权限。 @@ -2010,7 +2023,7 @@ REVOKE privilege ON databasename.tablename FROM 'username'@'hostname'; > REVOKE INSERT ON *.* FROM 'userexample'@'localhost'; ``` -### 管理数据库 +### 管理数据库 #### 创建数据库 可以使用CREATE DATABASE语句来创建数据库。 @@ -2067,7 +2080,7 @@ USE databasename; 可以使用DROP DATABASE语句来删除数据库。 ->![](public_sys-resources/icon-caution.gif) **注意:** +>![](./public_sys-resources/icon-caution.gif) **注意:** >删除数据库要谨慎操作,一旦删除,数据库中的所有表和数据都会删除。 ``` @@ -2163,7 +2176,7 @@ mysqldump [options] -all-databases > outputfile 可以在root权限下使用mysql命令恢复数据库。 -备份一个或多个表: +恢复一个或多个表: ``` mysql -h hostname -P portnumber -u username -ppassword databasename < infile diff --git "a/content/zh/docs/Administration/\346\220\255\345\273\272\346\234\215\345\212\241.md" "b/docs/zh/docs/Administration/\346\220\255\345\273\272\346\234\215\345\212\241.md" similarity index 100% rename from "content/zh/docs/Administration/\346\220\255\345\273\272\346\234\215\345\212\241.md" rename to "docs/zh/docs/Administration/\346\220\255\345\273\272\346\234\215\345\212\241.md" diff --git "a/content/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" "b/docs/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" similarity index 75% rename from "content/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" rename to "docs/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" index c96e6112cdf7d80a9728c91607f194c1e810d926..b39442fe9ae3b06880a5a7ba45841bc7c8ce2ad4 100644 --- "a/content/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" +++ "b/docs/zh/docs/Administration/\346\237\245\347\234\213\347\263\273\347\273\237\344\277\241\346\201\257.md" @@ -1,46 +1,46 @@ -# 查看系统信息 - -- 查看系统信息,命令如下: - - ``` - $ cat /etc/os-release - ``` - - 例如,命令和输出如下: - - ``` - $ cat /etc/os-release - NAME="openEuler" - VERSION="20.09" - ID="openEuler" - VERSION_ID="20.09" - PRETTY_NAME="openEuler 20.09" - ANSI_COLOR="0;31" - ``` - - -- 查看系统相关的资源信息。 - - 查看CPU信息,命令如下: - - ``` - $ lscpu - ``` - - 查看内存信息,命令如下: - - ``` - $ free - ``` - - 查看磁盘信息,命令如下: - - ``` - $ fdisk -l - ``` - -- 查看系统资源实时信息,命令如下: - - ``` - $ top - ``` +# 查看系统信息 + +- 查看系统信息,命令如下: + + ``` + $ cat /etc/os-release + ``` + + 例如,命令和输出如下: + + ``` + $ cat /etc/os-release + NAME="openEuler" + VERSION="20.03 (LTS)" + ID="openEuler" + VERSION_ID="20.03" + PRETTY_NAME="openEuler 20.03 (LTS)" + ANSI_COLOR="0;31" + ``` + + +- 查看系统相关的资源信息。 + + 查看CPU信息,命令如下: + + ``` + $ lscpu + ``` + + 查看内存信息,命令如下: + + ``` + $ free + ``` + + 查看磁盘信息,命令如下: + + ``` + $ fdisk -l + ``` + 查看系统资源实时信息,命令如下: + + ``` + $ top + ``` + diff --git "a/content/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" "b/docs/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" similarity index 98% rename from "content/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" rename to "docs/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" index 4ad3fba84371272ea948a9ef2a52d4af97faf311..9ad11554dbbc02828fb74e04f65b703e2af51382 100644 --- "a/content/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" +++ "b/docs/zh/docs/Administration/\347\256\241\347\220\206\346\234\215\345\212\241.md" @@ -53,148 +53,89 @@ systemd开启和监督整个系统是基于unit的概念。unit是由一个与 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

unit名称

后缀名

描述

Service unit

.service

系统服务。

Target unit

.target

一组systemd units。

Automount unit

.automount

文件系统挂载点。

Device unit

.device

内核识别的设备文件。

Mount unit

.mount

文件系统挂载点。

Path unit

.path

在一个文件系统中的文件或目录。

Scope unit

.scope

外部创建的进程。

Slice unit

.slice

一组用于管理系统进程分层组织的units。

Snapshot unit

-

.snapshot

-

systemd manager的保存状态。

-

Socket unit

.socket

一个进程间通信的Socket。

Swap unit

.swap

swap设备或者swap文件。

Timer unit

.timer

systemd计时器。
@@ -205,37 +146,25 @@ systemd开启和监督整个系统是基于unit的概念。unit是由一个与 - - - - - - - - - - - -

路径

描述

/usr/lib/systemd/system/

随安装的RPM产生的systemd units。

/run/systemd/system/

在运行时创建systemd units。

/etc/systemd/system/

由系统管理员创建和管理的systemd units。
@@ -795,7 +724,7 @@ Give root password for maintenance (or press Control-D to continue): ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >用户需要重启系统,从救援模式进入正常模式。 ### 切换到紧急模式 @@ -814,7 +743,7 @@ Give root password for maintenance (or press Control-D to continue): ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >用户需要重启系统,从紧急模式进入正常模式。 ## 关闭、暂停和休眠系统 diff --git "a/content/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" "b/docs/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" similarity index 97% rename from "content/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" rename to "docs/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" index f207145e2f27c81a56a4999da2bc1637ef2d19a2..200ffcae1af23f3d10bbdceb857e541d88a3c630 100644 --- "a/content/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" +++ "b/docs/zh/docs/Administration/\347\256\241\347\220\206\347\224\250\346\210\267\345\222\214\347\224\250\346\210\267\347\273\204.md" @@ -52,7 +52,7 @@ useradd [options] username # useradd userexample ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >没有任何提示,表明用户建立成功。这时并没有设置用户的口令,请使用passwd命令修改用户的密码,没有设置密码的新账号不能登录系统。 @@ -101,7 +101,7 @@ Retype new password: passwd: all authentication tokens updated successfully. ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >若打印信息中出现“BAD PASSWORD: The password fails the dictionary check - it is too simplistic/sytematic”,表示设置的密码过于简单,建议设置复杂度较高的密码。 ### 修改用户账号 @@ -171,7 +171,7 @@ usermod -e MM/DD/YY username 如果想同时删除该用户的主目录以及其中所有内容,要使用-r参数递归删除。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >不建议直接删除已经进入系统的用户,如果需要强制删除,请使用 userdel -f _Test_ 命令。 ### 管理员账户授权 @@ -223,7 +223,7 @@ sudo /usr/sbin/useradd newuserl 这一句说明ted1主机上的newuser1具有以root用户权限执行useradd,userdel命令的功能。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >- 可以在一行定义多个别名,中间用冒号 \(:\) 隔开。 >- 可在命令或命令别名之前加上感叹号 \(!\),使该命令或命令别名无效。 >- 有两个关键词:ALL和NOPASSWD。ALL意味着“所有”(所有文件、所有主机或所有命令),NOPASSWD意味着不用密码。 @@ -312,7 +312,7 @@ groupmod -n newgroupname oldgroupname # groupdel Test ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >groupdel不能直接删除用户的主组,如果需要强制删除用户主组,请使用 groupdel -f _Test_ 命令。 ### 将用户加入用户组或从用户组中移除 diff --git "a/content/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" "b/docs/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" similarity index 98% rename from "content/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" rename to "docs/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" index e966f9c0d46a438942975c562345ec3b1bc4d99b..d2ed83f8847d12f953ef9290261e2d9e62538d25 100644 --- "a/content/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" +++ "b/docs/zh/docs/Administration/\347\256\241\347\220\206\350\277\233\347\250\213.md" @@ -1,350 +1,350 @@ -# 管理进程 - -操作系统管理多个用户的请求和多个任务。大多数系统都只有一个CPU和一个主要存储,但一个系统可能有多个二级存储磁盘和多个输入/输出设备。操作系统管理这些资源并在多个用户间共享资源,当用户提出一个请求时,造成好像系统被用户独占的假象。实际上操作系统监控着一个等待执行的任务队列,这些任务包括用户任务、操作系统任务、邮件和打印任务等。本章节将从用户的角度讲述如何控制进程。 - - -- [管理进程](#管理进程) - - [查看进程](#查看进程) - - [who命令](#who命令) - - [ps命令](#ps命令) - - [top命令](#top命令) - - [kill命令](#kill命令) - - [调度启动进程](#调度启动进程) - - [定时运行一批程序(at)](#定时运行一批程序at) - - [周期性运行一批程序(cron)](#周期性运行一批程序cron) - - [挂起/恢复进程](#挂起恢复进程) - - -## 查看进程 - -Linux是一个多任务系统,经常需要对这些进程进行一些调配和管理。要进行管理,首先就要知道现在的进程情况:有哪些进程、进程的状态如何等。Linux提供了多种命令来了解进程的状况。 - -### who命令 - -who命令主要用于查看当前系统中的用户情况。如果用户想和其他用户建立即时通讯,比如使用talk命令,那么首先要确定的就是该用户确实在线上,不然talk进程就无法建立起来。又如,系统管理员希望监视每个登录的用户此时此刻的所作所为,也要使用who命令。who命令应用起来非常简单,可以比较准确地掌握用户的情况,所以使用非常广泛。 - -例如查看系统中的用户及其状态。使用如下: - -``` -$ who -admin tty1 Jul 28 15:55 -admin pts/0 Aug 5 15:46 (192.168.0.110) -admin pts/2 Jul 29 19:52 (192.168.0.110) -root pts/3 Jul 30 12:07 (192.168.0.110) -root pts/4 Jul 31 10:29 (192.168.0.144) -root pts/5 Jul 31 14:52 (192.168.0.11) -root pts/6 Aug 6 10:12 (192.168.0.234) -root pts/8 Aug 6 11:34 (192.168.0.234) -``` - -### ps命令 - -ps命令是最基本又非常强大的进程查看命令。使用该命令可以确定有哪些进程正在运行和运行的状态、进程是否结束、进程有没有僵尸、哪些进程占用了过多的资源等,大部分进程信息都是可以通过执行该命令得到的。 - -ps命令最常用的还是用来监控后台进程的工作情况,因为后台进程是不与屏幕、键盘这些标准输入/输出设备进行通信的,所以如果需要检测其状况,就可使用ps命令。ps命令的常见选项如[表1](#zh-cn_topic_0151921029_t34619d964a3d41ad8694189ec383359c)所示。 - -**表 1** 选项说明 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

选项

-

描述

-

-e

-

显示所有进程。

-

-f

-

全格式。

-

-h

-

不显示标题。

-

-l

-

使用长格式。

-

-w

-

宽行输出。

-

-a

-

显示终端上的所有进程,包括其他用户的进程。

-

-r

-

只显示正在运行的进程。

-

-x

-

显示没有控制终端的进程。

-
- -例如显示系统中终端上的所有进行进程。命令如下: - -``` -$ ps -a - PID TTY TIME CMD -12175 pts/6 00:00:00 bash -24526 pts/0 00:00:00 vsftpd -29478 pts/5 00:00:00 ps -32461 pts/0 1-01:58:33 sh -``` - -### top命令 - -top命令和ps命令的基本作用是相同的,显示系统当前的进程和其他状况,但是top是一个动态显示过程,即可以通过用户按键来不断刷新进程的当前状态,如果在前台执行该命令,它将独占前台,直到用户终止该程序为止。其实top命令提供了实时的对系统处理器的状态监视。它将显示系统中CPU的任务列表。该命令可以按CPU使用、内存使用和执行时间对任务进行排序,而且该命令的很多特性都可以通过交互式命令或者在定制文件中进行设定。 - -top命令输出的实例如[图1](#zh-cn_topic_0151921029_f289234fcdbac453796200d80e9889cd1)所示: - -**图 1** top显示 -![](figures/top显示.png "top显示") - -### kill命令 - -当需要中断一个前台进程的时候,通常足使用“Ctrl+c”组合键,而对于后台进程不能用组合键来终止,这时就可以使用kill命令。该命令可以终止前台和后台进程。终止后台进程的原因包括:该进程占用CPU的时间过多、该进程已经死锁等。 - -kill命令是通过向进程发送指定的信号来结束进程的。如果没有指定发送的信号,那么默认值为TERM信号。TERM信号将终止所有不能捕获该信号的进程。至于那些可以捕获该信号的进程可能就需要使用KILL信号(它的编号为9),而该信号不能被捕捉。 - -kill命令的浯法格式有以下两种方式: - -``` -kill [-s 信号 | -p] [-a] 进程号… -kill -l [信号] -``` - -其中进程号可以通过ps命令的输出得到。-s选项是给程序发送指定的信号,详细的信号可以用“kill -l”命令查看;-p选项只显示指定进程的ID号。 - -杀死pid为1409的进程,在root权限下执行如下命令: - -``` -# kill -9 1409 -``` - -显示所有的信号及其编号对应关系,示例如下: - -``` -$ kill -l - 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP - 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 -11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM -16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP -21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ -26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR -31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3 -38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8 -43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13 -48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 -53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 -58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 -63) SIGRTMAX-1 64) SIGRTMAX -``` - -## 调度启动进程 - -有时候需要对系统进行一些比较费时而且占用资源的维护工作,这些工作适合在深夜进行,这时候用户就可以事先进行调度安排,指定任务运行的时间或者场合,到时候系统会自动完成这些任务。要使用自动启动进程的功能,就需要掌握以下几个启动命令。 - - - -### 定时运行一批程序(at) - -#### at命令 - -用户使用at命令在指定时刻执行指定的命令序列。该命令至少需要指定一个命令和一个执行时间。at命令可以只指定时间,也可以时间和日期一起指定。 - -at命令的语法格式如下: - -``` - at [-V] [-q 队列] [-f 文件名] [-mldbv] 时间 - at -c 作业 [作业…] -``` - -#### 设置时间 - -at允许使用一套相当复杂的时间指定方法,比如: - -- 接受在当天的hh:mm(小时:分钟)式的时间指定。如果该时间已经过去,那么就放存第二天执行。 -- 使用midnight(深夜)、noon(中午)、teatime(饮茶时间,一般是下午4点)等比较模糊的词语来指定时间。 -- 采用12小时计时制,即在时间后面加上AM(上午)或者PM(下午)来说明是上午还是下午。 -- 指定命令执行的具体日期,指定格式为month day(月日)或者mm/dd/yy(月/日/年)或者dd.mm.yy(日.月.年)。指定的日期必须跟在指定时间的后面。 - -上面介绍的都是绝对计时法,其实还可以使用相对计时法,这对于安排不久就要执行的命令是很有好处的。指定格式为now+count time-units,now就是当前时间,time-units是时间单位,这里可以是minutes(分钟)、hours(小时)、days(天)、weeks(星期)。count是时间的数量,究竟是几天,还是几小时等。还有一种计时方法就是直接使用today(今天)、tomorrow(明天)来指定完成命令的时间。下面通过一些例子来说明具体用法。 - -例如指定在今天下午4:30执行某个命令。假设现在时间是中午12:30,2019年6月7日,可用命令格式如下: - -``` - at 4:30pm - at 16:30 - at 16:30 today - at now+4 hours - at now+ 240 minutes - at 16:30 7.6.19 - at 16:30 6/7/19 - at 16:30 Jun 7 -``` - -以上这些命令表达的意义是完全一样的,所以在安排时间的时候完全可以根据个人喜好和具体情况自由选择。一般采用绝对时间的24小时计时法可以避免由于用户自己的疏忽造成计时错误,例如上例可以写成:at 16:30 6/7/19。 - -#### 执行权限 - -对于at命令来说,需要定时执行的命令是从标准输入或者使用-f选项指定的文件中读取并执行的。如果at命令是从一个使用su命令切换到用户shell中执行的,那么当前用户被认为是执行用户,所有的错误和输出结果都会送给这个用户。但是如果有邮件送出的话,收到邮件的将是原来的用户,也就是登录时shell的所有者。 - -例如在6月8日上午10点执行slocate -u命令。在root权限下执行命令如下: - -``` -# at 10:00 6/8/19 -at> slocate -u -at> -[1]+ Stopped at 10:00 6/8/19 -``` - -上面的结果中,输入at命令之后,会出现提示符at\>,提示用户输入命令,在此输入了slocate -u,然后按回车键。还可以输入多条命令,当所有要执行的命令输入结束后,按Ctrl+d键结束at命令。 - -在任何情况下,管理员账户都可以使用这个命令。对于其他用户来说,是否可以使用就取决于/etc/at.allow和/etc/at.deny文件。 - -### 周期性运行一批程序(cron) - -前面介绍at命令都会在一定时间内完成一定任务,但是它只能执行一次。也就是说,当指定了运行命令后,系统在指定时间完成任务,以后就不再执行了。但是在很多情况下需要周期性重复执行一些命令,这时候就需要使用cron命令来完成任务。 - -#### 运行机制 - -首先cron命令会搜索/var/spool/cron目录,寻找以/etc/passwd文件中的用户名命名的crontab文件,被找到的这种文件将装入内存。比如一个用户名为userexample的用户,对应的crontab文件应该是/var/spool/cron/userexample,即以该用户命名的crontab文件存放在/var/spool/cron目录下面。 - -cron命令还将搜索/etc/crontab文件,这个文件是用不同的格式写成的。cron启动以后,它将首先检查是否有用户设置了crontab文件,如果没有就转入睡眠状态,释放系统资源。所以该后台进程占用资源极少,它每分钟被换醒一次,查看当前是否有需要运行的命令。 - -命令执行结束后,任何输出都将作为邮件发送给crontab的所有者,或者是/etc/crontab文件中MAILTO环境变量中指定的用户。这是cron的工作原理,但是cron命令的执行不需要用户干涉,用户只需要修改crontab中要执行的命令。 - -#### crontab命令 - -crontab命令用于安装、删除或者显示用于驱动cron后台进程的表格。用户把需要执行的命令序列放到crontab文件中以获得执行,而且每个用户都可以有自己的crontab文件。 - -crontab命令的常用方法如下: - -- crontab -u //设置某个用户的cron服务,root用户在执行crontab时需要此参数。 -- crontab -l //列出某个用户cron服务的详细内容。 -- crontab -r //删除某个用户的cron服务。 -- crontab -e //编辑某个用户的cron服务。 - -例如root查看自己的cron设置。命令如下: - -``` -# crontab -u root -l -``` - -#### crontab文件 - -在crontab文件中输入需要执行的命令和时间。该文件中每行都包括6个域,其中前5个域是指定命令被执行的时间,最后一个域是要被执行的命令。每个域之间使用空格或者制表符分隔。格式如下: - -``` -minute hour day-of-month month-of-year day-of-week commands -``` - -对于每一项的说明如所示。 - -**表 2** 参数说明 - - - - - - - - - - - - - - - - - - - - - - - - - -

参数

-

描述

-

minute

-

分钟(0~59)。

-

hour

-

小时(0~23)。

-

day-of-month

-

一个月的第几天(1~31)。

-

month-of-year

-

一年的第几个月(1~12)。

-

day-of-week

-

一周的星期几(0~6),0代表星期天。

-

commands

-

需要执行的命令。

-
- -这些项都不能为空,必须指定值。除了数字还有几个特殊的符号“\*”、“/”和“-”、“,”。其中,\*代表所有的取值范围内的数字,/代表每的意思,“\*/5”表示每5个单位,“-”代表从某个数字到某个数字,“,”分开几个离散时数字。对于要执行的命令,调用的时候需要写出命令的完整路径。 - -例如晚上18点到22点之间每两个小时,在/tmp/test.txt文件中加入sleepy文本。在crontab文件中对应的行如下: - -``` -* 18-22/2 * * * echo "sleepy" >> /tmp/test.txt -``` - -每次编辑完某个用户的cron设置后,cron自动在/var/spool/cron下生成一个与此用户同名的文件。此用户的cron信息都记录在这个文件中,这个文件是不可以直接编辑的,只可以用crontab -e来编辑。用户也可以另外建立一个文件,使用“cron文件名”命令导入cron设置。 - -假设有个用户名为userexample,它需要为自己创建的一个crontab文件。步骤如下: - -1. 首先可以使用任何文本编辑器建立一个新文件,并将向该文件加入需要运行的命令和要定期执行的时间,假设该文件为 \~/userexample.cron。 -2. 然后在root权限下使用crontab命令安装这个文件,使用crontab命令使之成为该用户的crontab文件。命令如下: - - ``` - # crontab -u userexample ~/userexample.cron - ``` - - -这样crontab文件就建立好了,可以转到/var/spool/cron目录下面查看,发现多了一个userexample文件。这个文件就是所需的crontab文件。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->cron启动后,每过一分钟读一次crontab文件,检查是否要执行里面的命令。因此该文件被修改后不需要重新启动cron服务。 - -#### 编辑配置文件 - -cron服务每分钟不仅要读一次/var/spool/cron内的所有文件,还需要读一次/etc/crontab,因此通过配置这个文件也能得到cron的服务。用crontab配置是针对某个用户的,而编辑/etc/crontab是针对系统的任务。此文件的文件格式如下: - -``` -SHELL=/bin/sh -PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin -MAILTO=root //如果出现错误,或者有数据输出,数据作为邮件发给这个账号 -HOME=/ -# run-parts -01 * * * * root run-parts /etc/cron.hourly //每个小时执行一次/etc/cron.hourly里的脚本 -02 4 * * * root run-parts /etc/cron.daily //每天执行一次/etc/cron.daily里的脚本 -22 4 * * 0 root run-parts /etc/cron.weekly //每周执行一次/etc/cron.weekly里的脚本 -42 4 1 * * root run-parts /etc/cron.monthly //每月执行一次/etc/cron.monthly里的脚本 -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->如果去掉run-parts参数,其后面就是运行的某个脚本名,而不是目录名。 - -## 挂起/恢复进程 - -作业控制允许进程挂起并可以在需要时恢复进程的运行,被挂起的作业恢复后将从中止处开始继续运行。只要在键盘上按Ctrl+Z键,即可挂起当前的前台作业。在键盘上按Ctrl+Z键后,将挂起当前执行的命令cat。使用jobs命令可以显示shell的作业清单,包括具体的作业、作业号以及作业当前所处的状态。 - -恢复进程执行时,有两种选择:用fg命令将挂起的作业放回到前台执行;用bg命令将挂起的作业放到后台执行。灵活使用上述命令,将给自己带来很大的方便。 - +# 管理进程 + +操作系统管理多个用户的请求和多个任务。大多数系统都只有一个CPU和一个主要存储,但一个系统可能有多个二级存储磁盘和多个输入/输出设备。操作系统管理这些资源并在多个用户间共享资源,当用户提出一个请求时,造成好像系统被用户独占的假象。实际上操作系统监控着一个等待执行的任务队列,这些任务包括用户任务、操作系统任务、邮件和打印任务等。本章节将从用户的角度讲述如何控制进程。 + + +- [管理进程](#管理进程) + - [查看进程](#查看进程) + - [who命令](#who命令) + - [ps命令](#ps命令) + - [top命令](#top命令) + - [kill命令](#kill命令) + - [调度启动进程](#调度启动进程) + - [定时运行一批程序(at)](#定时运行一批程序at) + - [周期性运行一批程序(cron)](#周期性运行一批程序cron) + - [挂起/恢复进程](#挂起恢复进程) + + +## 查看进程 + +Linux是一个多任务系统,经常需要对这些进程进行一些调配和管理。要进行管理,首先就要知道现在的进程情况:有哪些进程、进程的状态如何等。Linux提供了多种命令来了解进程的状况。 + +### who命令 + +who命令主要用于查看当前系统中的用户情况。如果用户想和其他用户建立即时通讯,比如使用talk命令,那么首先要确定的就是该用户确实在线上,不然talk进程就无法建立起来。又如,系统管理员希望监视每个登录的用户此时此刻的所作所为,也要使用who命令。who命令应用起来非常简单,可以比较准确地掌握用户的情况,所以使用非常广泛。 + +例如查看系统中的用户及其状态。使用如下: + +``` +$ who +admin tty1 Jul 28 15:55 +admin pts/0 Aug 5 15:46 (192.168.0.110) +admin pts/2 Jul 29 19:52 (192.168.0.110) +root pts/3 Jul 30 12:07 (192.168.0.110) +root pts/4 Jul 31 10:29 (192.168.0.144) +root pts/5 Jul 31 14:52 (192.168.0.11) +root pts/6 Aug 6 10:12 (192.168.0.234) +root pts/8 Aug 6 11:34 (192.168.0.234) +``` + +### ps命令 + +ps命令是最基本又非常强大的进程查看命令。使用该命令可以确定有哪些进程正在运行和运行的状态、进程是否结束、进程有没有僵尸、哪些进程占用了过多的资源等,大部分进程信息都是可以通过执行该命令得到的。 + +ps命令最常用的还是用来监控后台进程的工作情况,因为后台进程是不与屏幕、键盘这些标准输入/输出设备进行通信的,所以如果需要检测其状况,就可使用ps命令。ps命令的常见选项如[表1](#zh-cn_topic_0151921029_t34619d964a3d41ad8694189ec383359c)所示。 + +**表 1** 选项说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

选项

+

描述

+

-e

+

显示所有进程。

+

-f

+

全格式。

+

-h

+

不显示标题。

+

-l

+

使用长格式。

+

-w

+

宽行输出。

+

-a

+

显示终端上的所有进程,包括其他用户的进程。

+

-r

+

只显示正在运行的进程。

+

-x

+

显示没有控制终端的进程。

+
+ +例如显示系统中终端上的所有进行进程。命令如下: + +``` +$ ps -a + PID TTY TIME CMD +12175 pts/6 00:00:00 bash +24526 pts/0 00:00:00 vsftpd +29478 pts/5 00:00:00 ps +32461 pts/0 1-01:58:33 sh +``` + +### top命令 + +top命令和ps命令的基本作用是相同的,显示系统当前的进程和其他状况,但是top是一个动态显示过程,即可以通过用户按键来不断刷新进程的当前状态,如果在前台执行该命令,它将独占前台,直到用户终止该程序为止。其实top命令提供了实时的对系统处理器的状态监视。它将显示系统中CPU的任务列表。该命令可以按CPU使用、内存使用和执行时间对任务进行排序,而且该命令的很多特性都可以通过交互式命令或者在定制文件中进行设定。 + +top命令输出的实例如[图1](#zh-cn_topic_0151921029_f289234fcdbac453796200d80e9889cd1)所示: + +**图 1** top显示 +![](./figures/Top_Display.png) + +### kill命令 + +当需要中断一个前台进程的时候,通常足使用“Ctrl+c”组合键,而对于后台进程不能用组合键来终止,这时就可以使用kill命令。该命令可以终止前台和后台进程。终止后台进程的原因包括:该进程占用CPU的时间过多、该进程已经死锁等。 + +kill命令是通过向进程发送指定的信号来结束进程的。如果没有指定发送的信号,那么默认值为TERM信号。TERM信号将终止所有不能捕获该信号的进程。至于那些可以捕获该信号的进程可能就需要使用KILL信号(它的编号为9),而该信号不能被捕捉。 + +kill命令的浯法格式有以下两种方式: + +``` +kill [-s 信号 | -p] [-a] 进程号… +kill -l [信号] +``` + +其中进程号可以通过ps命令的输出得到。-s选项是给程序发送指定的信号,详细的信号可以用“kill -l”命令查看;-p选项只显示指定进程的ID号。 + +杀死pid为1409的进程,在root权限下执行如下命令: + +``` +# kill -9 1409 +``` + +显示所有的信号及其编号对应关系,示例如下: + +``` +$ kill -l + 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP + 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 +11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM +16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP +21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ +26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR +31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3 +38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8 +43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13 +48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 +53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 +58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 +63) SIGRTMAX-1 64) SIGRTMAX +``` + +## 调度启动进程 + +有时候需要对系统进行一些比较费时而且占用资源的维护工作,这些工作适合在深夜进行,这时候用户就可以事先进行调度安排,指定任务运行的时间或者场合,到时候系统会自动完成这些任务。要使用自动启动进程的功能,就需要掌握以下几个启动命令。 + + + +### 定时运行一批程序(at) + +#### at命令 + +用户使用at命令在指定时刻执行指定的命令序列。该命令至少需要指定一个命令和一个执行时间。at命令可以只指定时间,也可以时间和日期一起指定。 + +at命令的语法格式如下: + +``` + at [-V] [-q 队列] [-f 文件名] [-mldbv] 时间 + at -c 作业 [作业…] +``` + +#### 设置时间 + +at允许使用一套相当复杂的时间指定方法,比如: + +- 接受在当天的hh:mm(小时:分钟)式的时间指定。如果该时间已经过去,那么就放存第二天执行。 +- 使用midnight(深夜)、noon(中午)、teatime(饮茶时间,一般是下午4点)等比较模糊的词语来指定时间。 +- 采用12小时计时制,即在时间后面加上AM(上午)或者PM(下午)来说明是上午还是下午。 +- 指定命令执行的具体日期,指定格式为month day(月日)或者mm/dd/yy(月/日/年)或者dd.mm.yy(日.月.年)。指定的日期必须跟在指定时间的后面。 + +上面介绍的都是绝对计时法,其实还可以使用相对计时法,这对于安排不久就要执行的命令是很有好处的。指定格式为now+count time-units,now就是当前时间,time-units是时间单位,这里可以是minutes(分钟)、hours(小时)、days(天)、weeks(星期)。count是时间的数量,究竟是几天,还是几小时等。还有一种计时方法就是直接使用today(今天)、tomorrow(明天)来指定完成命令的时间。下面通过一些例子来说明具体用法。 + +例如指定在今天下午4:30执行某个命令。假设现在时间是中午12:30,2019年6月7日,可用命令格式如下: + +``` + at 4:30pm + at 16:30 + at 16:30 today + at now+4 hours + at now+ 240 minutes + at 16:30 7.6.19 + at 16:30 6/7/19 + at 16:30 Jun 7 +``` + +以上这些命令表达的意义是完全一样的,所以在安排时间的时候完全可以根据个人喜好和具体情况自由选择。一般采用绝对时间的24小时计时法可以避免由于用户自己的疏忽造成计时错误,例如上例可以写成:at 16:30 6/7/19。 + +#### 执行权限 + +对于at命令来说,需要定时执行的命令是从标准输入或者使用-f选项指定的文件中读取并执行的。如果at命令是从一个使用su命令切换到用户shell中执行的,那么当前用户被认为是执行用户,所有的错误和输出结果都会送给这个用户。但是如果有邮件送出的话,收到邮件的将是原来的用户,也就是登录时shell的所有者。 + +例如在6月8日上午10点执行slocate -u命令。在root权限下执行命令如下: + +``` +# at 10:00 6/8/19 +at> slocate -u +at> +[1]+ Stopped at 10:00 6/8/19 +``` + +上面的结果中,输入at命令之后,会出现提示符at\>,提示用户输入命令,在此输入了slocate -u,然后按回车键。还可以输入多条命令,当所有要执行的命令输入结束后,按Ctrl+d键结束at命令。 + +在任何情况下,管理员账户都可以使用这个命令。对于其他用户来说,是否可以使用就取决于/etc/at.allow和/etc/at.deny文件。 + +### 周期性运行一批程序(cron) + +前面介绍at命令都会在一定时间内完成一定任务,但是它只能执行一次。也就是说,当指定了运行命令后,系统在指定时间完成任务,以后就不再执行了。但是在很多情况下需要周期性重复执行一些命令,这时候就需要使用cron命令来完成任务。 + +#### 运行机制 + +首先cron命令会搜索/var/spool/cron目录,寻找以/etc/passwd文件中的用户名命名的crontab文件,被找到的这种文件将装入内存。比如一个用户名为userexample的用户,对应的crontab文件应该是/var/spool/cron/userexample,即以该用户命名的crontab文件存放在/var/spool/cron目录下面。 + +cron命令还将搜索/etc/crontab文件,这个文件是用不同的格式写成的。cron启动以后,它将首先检查是否有用户设置了crontab文件,如果没有就转入睡眠状态,释放系统资源。所以该后台进程占用资源极少,它每分钟被换醒一次,查看当前是否有需要运行的命令。 + +命令执行结束后,任何输出都将作为邮件发送给crontab的所有者,或者是/etc/crontab文件中MAILTO环境变量中指定的用户。这是cron的工作原理,但是cron命令的执行不需要用户干涉,用户只需要修改crontab中要执行的命令。 + +#### crontab命令 + +crontab命令用于安装、删除或者显示用于驱动cron后台进程的表格。用户把需要执行的命令序列放到crontab文件中以获得执行,而且每个用户都可以有自己的crontab文件。 + +crontab命令的常用方法如下: + +- crontab -u //设置某个用户的cron服务,root用户在执行crontab时需要此参数。 +- crontab -l //列出某个用户cron服务的详细内容。 +- crontab -r //删除某个用户的cron服务。 +- crontab -e //编辑某个用户的cron服务。 + +例如root查看自己的cron设置。命令如下: + +``` +# crontab -u root -l +``` + +#### crontab文件 + +在crontab文件中输入需要执行的命令和时间。该文件中每行都包括6个域,其中前5个域是指定命令被执行的时间,最后一个域是要被执行的命令。每个域之间使用空格或者制表符分隔。格式如下: + +``` +minute hour day-of-month month-of-year day-of-week commands +``` + +对于每一项的说明如所示。 + +**表 2** 参数说明 + + + + + + + + + + + + + + + + + + + + + + + + + +

参数

+

描述

+

minute

+

分钟(0~59)。

+

hour

+

小时(0~23)。

+

day-of-month

+

一个月的第几天(1~31)。

+

month-of-year

+

一年的第几个月(1~12)。

+

day-of-week

+

一周的星期几(0~6),0代表星期天。

+

commands

+

需要执行的命令。

+
+ +这些项都不能为空,必须指定值。除了数字还有几个特殊的符号“\*”、“/”和“-”、“,”。其中,\*代表所有的取值范围内的数字,/代表每的意思,“\*/5”表示每5个单位,“-”代表从某个数字到某个数字,“,”分开几个离散时数字。对于要执行的命令,调用的时候需要写出命令的完整路径。 + +例如晚上18点到22点之间每两个小时,在/tmp/test.txt文件中加入sleepy文本。在crontab文件中对应的行如下: + +``` +* 18-22/2 * * * echo "sleepy" >> /tmp/test.txt +``` + +每次编辑完某个用户的cron设置后,cron自动在/var/spool/cron下生成一个与此用户同名的文件。此用户的cron信息都记录在这个文件中,这个文件是不可以直接编辑的,只可以用crontab -e来编辑。用户也可以另外建立一个文件,使用“cron文件名”命令导入cron设置。 + +假设有个用户名为userexample,它需要为自己创建的一个crontab文件。步骤如下: + +1. 首先可以使用任何文本编辑器建立一个新文件,并将向该文件加入需要运行的命令和要定期执行的时间,假设该文件为 \~/userexample.cron。 +2. 然后在root权限下使用crontab命令安装这个文件,使用crontab命令使之成为该用户的crontab文件。命令如下: + + ``` + # crontab -u userexample ~/userexample.cron + ``` + + +这样crontab文件就建立好了,可以转到/var/spool/cron目录下面查看,发现多了一个userexample文件。这个文件就是所需的crontab文件。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>cron启动后,每过一分钟读一次crontab文件,检查是否要执行里面的命令。因此该文件被修改后不需要重新启动cron服务。 + +#### 编辑配置文件 + +cron服务每分钟不仅要读一次/var/spool/cron内的所有文件,还需要读一次/etc/crontab,因此通过配置这个文件也能得到cron的服务。用crontab配置是针对某个用户的,而编辑/etc/crontab是针对系统的任务。此文件的文件格式如下: + +``` +SHELL=/bin/sh +PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin +MAILTO=root //如果出现错误,或者有数据输出,数据作为邮件发给这个账号 +HOME=/ +# run-parts +01 * * * * root run-parts /etc/cron.hourly //每个小时执行一次/etc/cron.hourly里的脚本 +02 4 * * * root run-parts /etc/cron.daily //每天执行一次/etc/cron.daily里的脚本 +22 4 * * 0 root run-parts /etc/cron.weekly //每周执行一次/etc/cron.weekly里的脚本 +42 4 1 * * root run-parts /etc/cron.monthly //每月执行一次/etc/cron.monthly里的脚本 +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>如果去掉run-parts参数,其后面就是运行的某个脚本名,而不是目录名。 + +## 挂起/恢复进程 + +作业控制允许进程挂起并可以在需要时恢复进程的运行,被挂起的作业恢复后将从中止处开始继续运行。只要在键盘上按Ctrl+Z键,即可挂起当前的前台作业。在键盘上按Ctrl+Z键后,将挂起当前执行的命令cat。使用jobs命令可以显示shell的作业清单,包括具体的作业、作业号以及作业当前所处的状态。 + +恢复进程执行时,有两种选择:用fg命令将挂起的作业放回到前台执行;用bg命令将挂起的作业放到后台执行。灵活使用上述命令,将给自己带来很大的方便。 + diff --git "a/content/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" "b/docs/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" similarity index 96% rename from "content/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" rename to "docs/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" index 9da7a61e63c1da6388f52e3dd4a2c1bd40172e65..0e1bd9dcefbd2cadbc5bc09872fee01a9d8da183 100644 --- "a/content/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" +++ "b/docs/zh/docs/Administration/\351\205\215\347\275\256\347\275\221\347\273\234.md" @@ -1,1333 +1,1366 @@ -# 配置网络 - - -- [配置网络](#配置网络) - - [配置 IP](#配置-ip) - - [使用nmcli命令](#使用nmcli命令) - - [使用ip命令](#使用ip命令) - - [通过ifcfg文件配置网络](#通过ifcfg文件配置网络) - - [配置主机名](#配置主机名) - - [简介](#简介) - - [使用hostnamectl配置主机名](#使用hostnamectl配置主机名) - - [使用nmcli配置主机名](#使用nmcli配置主机名) - - [配置网络绑定](#配置网络绑定) - - [使用nmcli](#使用nmcli) - - [使用命令行](#使用命令行) - - [IPv6使用差异说明(vs IPv4)](#ipv6使用差异说明vs-ipv4) - - [约束限制](#约束限制) - - [配置说明](#配置说明) - - [FAQ](#faq) - - - - -## 配置 IP - - -### 使用nmcli命令 - ->![](public_sys-resources/icon-note.gif) **说明:** ->使用nmcli命令配置的网络配置可以立即生效且系统重启后配置也不会丢失。 - - - -#### nmcli介绍 - -nmcli是NetworkManager的一个命令行工具,它提供了使用命令行配置由NetworkManager管理网络连接的方法。nmcli命令的基本格式为: - -``` - nmcli [OPTIONS] OBJECT { COMMAND | help } -``` - -其中,OBJECT选项可以是general、networking、radio、connection或device等。在日常使用中,最常使用的是-t, \-\-terse(用于脚本)、-p, \-\-pretty选项(用于用户)及-h, \-\-help选项,用户可以使用“ nmcli help”获取更多参数及使用信息。 - -``` -$ nmcli help -``` - -常用命令使用举例如下: - -- 显示NetworkManager状态: - - ``` - $ nmcli general status - ``` - -- 显示所有连接: - - ``` - $ nmcli connection show - ``` - -- 只显示当前活动连接,如下所示添加 -a, \-\-active: - - ``` - $ nmcli connection show --active - ``` - -- 显示由NetworkManager识别到设备及其状态: - - ``` - $ nmcli device status - ``` - -- 使用nmcli工具启动和停止网络接口,在root权限下执行如下命令: - - ``` - # nmcli connection up id enp3s0 - # nmcli device disconnect enp3s0 - ``` - - -#### 设置网络连接 - -列出目前可用的网络连接: - -``` -$ nmcli con show - - -NAME UUID TYPE DEVICE -enp4s0 5afce939-400e-42fd-91ee-55ff5b65deab ethernet enp4s0 -enp3s0 c88d7b69-f529-35ca-81ab-aa729ac542fd ethernet enp3s0 -virbr0 ba552da6-f014-49e3-91fa-ec9c388864fa bridge virbr0 -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->输出结果中的NAME字段代表连接ID(名称)。 - -添加一个网络连接会生成相应的配置文件,并与相应的设备关联。检查可用的设备,方法如下: - -``` -$ nmcli dev status - -DEVICE TYPE STATE CONNECTION -enp3s0 ethernet connected enp3s0 -enp4s0 ethernet connected enp4s0 -virbr0 bridge connected virbr0 -lo loopback unmanaged -- -virbr0-nic tun unmanaged -- -``` - - -##### 配置动态IP连接 - -###### 配置IP - -要使用 DHCP 分配网络时,可以使用动态IP配置添加网络配置文件,命令格式如下: - -``` -nmcli connection add type ethernet con-name connection-name ifname interface-name -``` - -例如创建名为net-test的动态连接配置文件,在root权限下使用以下命令: - -``` -# nmcli connection add type ethernet con-name net-test ifname enp3s0 -Connection 'net-test' (a771baa0-5064-4296-ac40-5dc8973967ab) successfully added. -``` - -NetworkManager 会将参数 connection.autoconnect 设定为 yes,并将设置保存到 “/etc/sysconfig/network-scripts/ifcfg-net-test”文件中,在该文件中会将 ONBOOT 设置为 yes。 - -###### 激活连接并检查状态 - -在root权限下使用以下命令激活网络连接: - -``` -# nmcli con up net-test -Connection successfully activated (D-Bus active path:/org/freedesktop/NetworkManager/ActiveConnection/5) -``` - -检查这些设备及连接的状态,使用以下命令: - -``` -$ nmcli device status - -DEVICE TYPE STATE CONNECTION -enp4s0 ethernet connected enp4s0 -enp3s0 ethernet connected net-test -virbr0 bridge connected virbr0 -lo loopback unmanaged -- -virbr0-nic tun unmanaged -- -``` - -##### 配置静态IP连接 - -###### 配置IP - -添加静态 IPv4 配置的网络连接,可使用以下命令: - -``` -nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->如果要添加 IPv6 地址和网关信息,使用 ip6 和 gw6 选项。 - -例如创建名为 net-static的静态连接配置文件,在root权限下使用以下命令: - -``` -# nmcli con add type ethernet con-name net-static ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 -``` - -还可为该设备同时指定 IPv6 地址和网关,示例如下: - -``` -# nmcli con add type ethernet con-name test-lab ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 ip6 abbe::**** gw6 2001:***::* -Connection 'net-static' (63aa2036-8665-f54d-9a92-c3035bad03f7) successfully added. -``` - -NetworkManager 会将其内部参数 ipv4.method 设定为 manual,将 connection.autoconnect 设定为yes,并将设置写入 /etc/sysconfig/network-scripts/ifcfg-my-office 文件,其中会将对应 BOOTPROTO 设定为 none,将 ONBOOT 设定为 yes。 - -设定两个 IPv4 DNS 服务器地址,在root权限下使用以下命令: - -``` -# nmcli con mod net-static ipv4.dns "*.*.*.* *.*.*.*" -``` - -设置两个 IPv6 DNS 服务器地址,在root权限下使用以下命令: - -``` -# nmcli con mod net-static ipv6.dns "2001:4860:4860::**** 2001:4860:4860::****" -``` - -###### 激活连接并检查状态 - -激活新的网络连接,在root权限下使用以下命令: - -``` -# nmcli con up net-static ifname enp3s0 -Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6) -``` - -检查这些设备及连接的状态,使用以下命令: - -``` -$ nmcli device status - -DEVICE TYPE STATE CONNECTION -enp4s0 ethernet connected enp4s0 -enp3s0 ethernet connected net-static -virbr0 bridge connected virbr0 -lo loopback unmanaged -- -virbr0-nic tun unmanaged -- -``` - -查看配置的连接详情,使用以下命令(使用 -p, \-\-pretty 选项在输出结果中添加标题和分段): - -``` -$ nmcli -p con show net-static -=============================================================================== -Connection profile details (net-static ) -=============================================================================== -connection.id: net-static -connection.uuid: b9f18801-6084-4aee-af28-c8f0598ff5e1 -connection.stable-id: -- -connection.type: 802-3-ethernet -connection.interface-name: enp3s0 -connection.autoconnect: yes -connection.autoconnect-priority: 0 -connection.autoconnect-retries: -1 (default) -connection.multi-connect: 0 (default) -connection.auth-retries: -1 -connection.timestamp: 1578988781 -connection.read-only: no -connection.permissions: -- -connection.zone: -- -connection.master: -- -connection.slave-type: -- -connection.autoconnect-slaves: -1 (default) -connection.secondaries: -- -connection.gateway-ping-timeout: 0 -connection.metered: unknown -connection.lldp: default -connection.mdns: -1 (default) -connection.llmnr: -1 (default) -``` - -##### 添加 Wi-Fi 连接 - -使用以下命令查看可用 Wi-Fi 访问点: - -``` -$ nmcli dev wifi list -``` - -使用以下命令生成使用的静态 IP 配置,但允许自动 DNS 地址分配的 Wi-Fi 连接: - -``` -$ nmcli con add con-name Wifi ifname wlan0 type wifi ssid MyWifi ip4 192.168.100.101/24 gw4 192.168.100.1 -``` - -请使用以下命令设定 WPA2 密码,例如 “answer”: - -``` -$ nmcli con modify Wifi wifi-sec.key-mgmt wpa-psk -$ nmcli con modify Wifi wifi-sec.psk answer -``` - -使用以下命令更改 Wi-Fi 状态: - -``` -$ nmcli radio wifi [ on | off ] -``` - -##### 更改属性 - -请使用以下命令检查具体属性,比如 mtu: - -``` -$ nmcli connection show id 'Wifi ' | grep mtu -802-11-wireless.mtu: auto -``` - -使用如下命令更改设置的属性: - -``` -$ nmcli connection modify id 'Wifi ' 802-11-wireless.mtu 1350 -``` - -使用如下命令确认更改: - -``` -$ nmcli connection show id 'Wifi ' | grep mtu -802-11-wireless.mtu: 1350 -``` - -#### 配置静态路由 - -- 使用nmcli命令为网络连接配置静态路由,使用命令如下: - - ``` - $ nmcli connection modify enp3s0 +ipv4.routes "192.168.122.0/24 10.10.10.1" - ``` - - -- 使用编辑器配置静态路由,使用如下命令: - - ``` - $ nmcli con edit type ethernet con-name enp3s0 - ===| nmcli interactive connection editor |=== - Adding a new '802-3-ethernet' connection - Type 'help' or '?' for available commands. - Type 'describe [.]' for detailed property description. - You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb - nmcli> set ipv4.routes 192.168.122.0/24 10.10.10.1 - nmcli> - nmcli> save persistent - Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection. - Do you still want to save? [yes] yes - Connection 'enp3s0' (1464ddb4-102a-4e79-874a-0a42e15cc3c0) successfully saved. - nmcli> quit - ``` - - -### 使用ip命令 - ->![](public_sys-resources/icon-note.gif) **说明:** ->使用ip命令配置的网络配置可以立即生效但系统重启后配置会丢失。 - - - -#### 配置IP地址 - -使用ip命令为接口配置地址,命令格式如下,其中 _interface-name_ 为网卡名称。 - -``` -ip addr [ add | del ] address dev interface-name -``` - -##### 配置静态地址 -在root权限下,配置设置IP地址,使用示例如下: - -``` -# ip address add 192.168.0.10/24 dev enp3s0 -``` - -查看配置结果,在root权限使用如下命令: - -``` -# ip addr show dev enp3s0 -2: enp3s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 - link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff - inet 192.168.202.248/16 brd 192.168.255.255 scope global dynamic noprefixroute enp3s0 - valid_lft 9547sec preferred_lft 9547sec - inet 192.168.0.10/24 scope global enp3s0 - valid_lft forever preferred_lft forever - inet6 fe80::32e8:cc22:9db2:f4d4/64 scope link noprefixroute - valid_lft forever preferred_lft forever -``` - -##### 配置多个地址 -ip 命令支持为同一接口分配多个地址,可在root权限下重复多次使用 ip 命令实现分配多个地址。使用示例如下: - -``` -# ip address add 192.168.2.223/24 dev enp4s0 -# ip address add 192.168.4.223/24 dev enp4s0 -# ip addr - -3: enp4s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 - link/ether 52:54:00:aa:da:e2 brd ff:ff:ff:ff:ff:ff - inet 192.168.203.12/16 brd 192.168.255.255 scope global dynamic noprefixroute enp4s0 - valid_lft 8389sec preferred_lft 8389sec - inet 192.168.2.223/24 scope global enp4s0 - valid_lft forever preferred_lft forever - inet 192.168.4.223/24 scope global enp4s0 - valid_lft forever preferred_lft forever - inet6 fe80::1eef:5e24:4b67:f07f/64 scope link noprefixroute - valid_lft forever preferred_lft forever -``` - -#### 配置静态路由 - -如果需要静态路由,可使用 ip route add 命令在路由表中添加,使用 ip route del 命令删除。最常使用的 ip route 命令格式如下: - -``` -ip route [ add | del | change | append | replace ] destination-address -``` - -在root权限下使用 ip route 命令显示当前的 IP 路由表。示例如下: - -``` -# ip route - -default via 192.168.0.1 dev enp3s0 proto dhcp metric 100 -default via 192.168.0.1 dev enp4s0 proto dhcp metric 101 -192.168.0.0/16 dev enp3s0 proto kernel scope link src 192.168.202.248 metric 100 -192.168.0.0/16 dev enp4s0 proto kernel scope link src 192.168.203.12 metric 101 -192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown -``` - -在主机地址中添加一个静态路由,在 root 权限下,使用以下命令格式: - -``` -ip route add 192.168.2.1 via 10.0.0.1 [dev interface-name] -``` - -其中 192.168.2.1 是用点分隔的十进制符号中的 IP 地址,10.0.0.1 是下一个跃点,_interface-name_ 是进入下一个跃点的退出接口。 - -要在网络中添加一个静态路由,即代表 IP 地址范围的 IP 地址,请在root权限下运行以下命令格式: - -``` -ip route add 192.168.2.0/24 via 10.0.0.1 [dev interface-name] -``` - -其中 192.168.2.1 是目标网络的 IP 地址,10.0.0.1 是网络前缀,_interface-name_ 为网卡名称。 - -### 通过ifcfg文件配置网络 - ->![](public_sys-resources/icon-note.gif) **说明:** ->通过ifcfg文件配置的网络配置不会立即生效,需要在root权限下执行**systemctl reload NetworkManager**命令以重启网络服务后才生效。 - -#### 配置静态网络 - -以enp4s0网络接口进行静态网络设置为例,通过在root权限下修改ifcfg文件实现,在/etc/sysconfig/network-scripts/目录中生成名为ifcfg-enp4s0的文件中,修改参数配置,示例如下: - -``` -TYPE=Ethernet -PROXY_METHOD=none -BROWSER_ONLY=no -BOOTPROTO=none -IPADDR=192.168.0.10 -PREFIX=24 -DEFROUTE=yes -IPV4_FAILURE_FATAL=no -IPV6INIT=yes -IPV6_AUTOCONF=yes -IPV6_DEFROUTE=yes -IPV6_FAILURE_FATAL=no -IPV6_ADDR_GEN_MODE=stable-privacy -NAME=enp4s0static -UUID=08c3a30e-c5e2-4d7b-831f-26c3cdc29293 -DEVICE=enp4s0 -ONBOOT=yes -``` - -#### 配置动态网络 - -要通过ifcfg文件为em1接口配置动态网络,请按照如下操作在/etc/sysconfig/network-scripts/目录中生成名为 ifcfg-em1 的文件,示例如下: - -``` -DEVICE=em1 -BOOTPROTO=dhcp -ONBOOT=yes -``` - -要配置一个向DHCP服务器发送不同的主机名的接口,请在ifcfg文件中新增一行内容,如下所示: - -``` -DHCP_HOSTNAME=hostname -``` - -要配置忽略由DHCP服务器发送的路由,防止网络服务使用从DHCP服务器接收的DNS服务器更新/etc/resolv.conf。请在ifcfg文件中新增一行内容,如下所示: - -``` -PEERDNS=no -``` - -要配置一个接口使用具体DNS服务器,请将参数PEERDNS=no,并在ifcfg文件中添加以下行: - -``` -DNS1=ip-address -DNS2=ip-address -``` - -其中ip-address是DNS服务器的地址。这样就会让网络服务使用指定的DNS服务器更新/etc/resolv.conf。 - -#### 配置默认网关 - -在确定默认网关时,首先解析 /etc/sysconfig/network 文件,然后解析 ifcfg 文件 ,将最后读取的 GATEWAY 的取值作为路由表中的默认路由。 - -在动态网络环境中,使用 NetworkManager 管理主机时,建议设置为由 DHCP 来分配。 - -## 配置主机名 - - -### 简介 - -hostname有三种类型:static、transient和pretty。 - -- static:静态主机名,可由用户自行设置,并保存在/etc/hostname 文件中。 -- transient:动态主机名,由内核维护,初始是 static 主机名,默认值为“localhost”。可由DHCP或mDNS在运行时更改。 -- pretty:灵活主机名,允许使用自由形式(包括特殊/空白字符)进行设置。静态/动态主机名遵从域名的通用限制。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->static和transient主机名只能包含a-z、A-Z、0-9、“-”、“\_”和“.”,不能在开头或结尾处使用句点,不允许使用两个相连的句点,大小限制为 64 个字符。 - -### 使用hostnamectl配置主机名 - -#### 查看所有主机名 -查看当前的主机名,使用如下命令: - -``` -$ hostnamectl status -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->如果命令未指定任何选项,则默认使用status选项。 - -#### 设定所有主机名 -在root权限下,设定系统中的所有主机名,使用如下命令: - -``` -# hostnamectl set-hostname name -``` - -#### 设定特定主机名 -在root权限下,通过不同的参数来设定特定主机名,使用如下命令: - -``` -# hostnamectl set-hostname name [option...] -``` - -其中option可以是\-\-pretty、\-\-static、\-\-transient中的一个或多个选项。 - -如果\-\-static或\-\-transient与\-\-pretty选项一同使用时,则会将static和transient主机名简化为pretty主机名格式,使用“-”替换空格,并删除特殊字符。 - -当设定pretty主机名时,如果主机名中包含空格或单引号,需要使用引号。命令示例如下: - -``` -# hostnamectl set-hostname "Stephen's notebook" --pretty -``` - -#### 清除特定主机名 -要清除特定主机名,并将其还原为默认形式,在root权限下,使用如下命令: - -``` -# hostnamectl set-hostname "" [option...] -``` - -其中 "" 是空白字符串,option是\-\-pretty、\-\-static和\-\-transient中的一个或多个选项。 - -#### 远程更改主机名 -在远程系统中运行hostnamectl命令时,要使用-H,\-\-host 选项,在root权限下使用如下命令: - -``` -# hostnamectl set-hostname -H [username]@hostname new_hostname -``` - -其中hostname是要配置的远程主机,username为自选项,new\_hostname为新主机名。hostnamectl会通过SSH连接到远程系统。 - -### 使用nmcli配置主机名 - -查询static主机名,使用如下命令: - -``` -$ nmcli general hostname -``` - -在root权限下,将static主机名设定为host-server,使用如下命令: - -``` -# nmcli general hostname host-server -``` - -要让系统hostnamectl感知到static主机名的更改,在root权限下,重启hostnamed服务,使用如下命令: - -``` -# systemctl restart systemd-hostnamed -``` - -## 配置网络绑定 - - -### 使用nmcli - -- 创建名为mybond0的绑定,使用示例如下: - - ``` - $ nmcli con add type bond con-name mybond0 ifname mybond0 mode active-backup - ``` - -- 添加从属接口,使用示例如下: - - ``` - $ nmcli con add type bond-slave ifname enp3s0 master mybond0 - ``` - - 要添加其他从属接口,重复上一个命令,并在命令中使用新的接口,使用示例如下: - - ``` - $ nmcli con add type bond-slave ifname enp4s0 master mybond0 - Connection 'bond-slave-enp4s0' (05e56afc-b953-41a9-b3f9-0791eb49f7d3) successfully added. - ``` - -- 要启动绑定,则必须首先启动从属接口,使用示例如下: - - ``` - $ nmcli con up bond-slave-enp3s0 - Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14) - ``` - - ``` - $ nmcli con up bond-slave-enp4s0 - Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15) - ``` - - 现在可以启动绑定,使用示例如下: - - ``` - $ nmcli con up mybond0 - Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16) - ``` - - -### 使用命令行 - - - -#### 检查是否已安装Bonding内核模块 - -在系统中默认已加载相应模块。要载入绑定模块,可在root权限下使用如下命令: - -``` -# modprobe --first-time bonding -``` - -显示该模块的信息,可在root权限下使用如下命令: - -``` -# modinfo bonding -``` - -更多命令请在root权限下使用modprobe \-\-help查看。 - -#### 创建频道绑定接口 - -要创建绑定接口,可在root权限下通过在 /etc/sysconfig/network-scripts/ 目录中创建名为 ifcfg-bondN 的文件(使用接口号码替换 N,比如 0)。 - -根据要绑定接口类型的配置文件来编写相应的内容,比如网络接口。接口配置文件示例如下: - -``` -DEVICE=bond0 -NAME=bond0 -TYPE=Bond -BONDING_MASTER=yes -IPADDR=192.168.1.1 -PREFIX=24 -ONBOOT=yes -BOOTPROTO=none -BONDING_OPTS="bonding parameters separated by spaces" -``` - -#### 创建从属接口 - -创建频道绑定接口后,必须在从属接口的配置文件中添加 MASTER 和 SLAVE 指令。 - -例如将两个网络接口enp3s0 和 enp4s0 以频道方式绑定,其配置文件示例分别如下: - -``` -TYPE=Ethernet -NAME=bond-slave-enp3s0 -UUID=3b7601d1-b373-4fdf-a996-9d267d1cac40 -DEVICE=enp3s0 -ONBOOT=yes -MASTER=bond0 -SLAVE=yes -``` - -``` -TYPE=Ethernet -NAME=bond-slave-enp4s0 -UUID=00f0482c-824f-478f-9479-abf947f01c4a -DEVICE=enp4s0 -ONBOOT=yes -MASTER=bond0 -SLAVE=yes -``` - -#### 激活频道绑定 - -要激活绑定,则需要启动所有从属接口。请在root权限下,运行以下命令: - -``` -# ifup enp3s0 -Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7) -``` - -``` -# ifup enp4s0 -Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8) -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->对于已经处于“up”状态的接口,请首先使用“ifdown _enp3s0_ ”命令修改状态为down,其中 _enp3s0_ 为实际网卡名称。 - -完成后,启动所有从属接口以便启动绑定(不将其设定为 “down”)。 - -要让 NetworkManager 感知到系统所做的修改,在每次修改后,请在root权限下,运行以下命令: - -``` -# nmcli con load /etc/sysconfig/network-scripts/ifcfg-device -``` - -查看绑定接口的状态,请在root权限下运行以下命令: - -``` -# ip link show - -1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 - link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 -2: enp3s0: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 - link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff -3: enp4s0: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 - link/ether 52:54:00:aa:da:e2 brd ff:ff:ff:ff:ff:ff -4: virbr0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000 - link/ether 86:a1:10:fb:ef:07 brd ff:ff:ff:ff:ff:ff -5: virbr0-nic: mtu 1500 qdisc fq_codel master virbr0 state DOWN mode DEFAULT group default qlen 1000 - link/ether 52:54:00:29:35:4c brd ff:ff:ff:ff:ff:ff -``` - -#### 创建多个绑定 - -系统会为每个绑定创建一个频道绑定接口,包括 BONDING\_OPTS 指令。使用这个配置方法可让多个绑定设备使用不同的配置。请按照以下操作创建多个频道绑定接口: - -- 创建多个 ifcfg-bondN 文件,文件中包含 BONDING\_OPTS 指令,让网络脚本根据需要创建绑定接口。 -- 创建或编辑要绑定的现有接口配置文件,添加 SLAVE 指令。 -- 使用 MASTER 指令工具在频道绑定接口中分配要绑定的接口,即从属接口。 - -以下是频道绑定接口配置文件示例: - -``` -DEVICE=bondN -NAME=bondN -TYPE=Bond -BONDING_MASTER=yes -IPADDR=192.168.1.1 -PREFIX=24 -ONBOOT=yes -BOOTPROTO=none -BONDING_OPTS="bonding parameters separated by spaces" -``` - -在这个示例中,使用绑定接口的号码替换 N。例如要创建两个接口,则需要使用正确的 IP 地址创建两个配置文件 ifcfg-bond0 和 ifcfg-bond1。 - -## IPv6使用差异说明(vs IPv4) - - - -### 约束限制 - -- chrony支持全局地址(global address),不支持链路本地地址(link-local address)。 -- Firefox支持通过http/https协议访问全局地址(global address),不支持链路本地地址(link-local address)。 - -### 配置说明 -#### 设置接口设备MTU值 - -##### 概述 - -IPv6场景中会发现整个路由路径中的最小mtu的值作为当前链接的PMTU的值,源端根据PMTU的值确定是否进行分片发送,而在整个路径中的其它设备将不再需要进行分片处理,从而可以降低中间路由设备的负载大小。其中IPv6 PMTU设置的最小值为1280。 - -##### 设置接口设备的mtu - -如果在配置了IPv6地址的接口上设置mtu的值小于1280(IPv6 PMTU设置的最小值),则会导致该接口的IPv6地址被删除。并且无法再次添加IPv6地址。所以在IPv6场景中,对接口设备的mtu的配置一定要大于等于1280。 -请在root权限下运行如下命令查看具体现象: - -``` -# ip addr show enp3s0 -3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx - inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 - valid_lft 38663sec preferred_lft 38663sec - inet6 2001:222::2/64 scope global - valid_lft forever preferred_lft forever -``` - -``` -# ip link set dev enp3s0 mtu 1200 -# ip addr show enp3s0 -3: enp3s0: mtu 1200 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx - inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 - valid_lft 38642sec preferred_lft 38642sec -``` - -``` -# ip addr add 2001:222::2/64 dev enp3s0 -RTNETLINK answers: No buffer space available -``` - -``` -# ip link set dev enp3s0 mtu 1500 -# ip addr show enp3s0 -3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx - inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 - valid_lft 38538sec preferred_lft 38538sec -``` - -``` -# ip addr add 2001:222::2/64 dev enp3s0 -# ip addr show enp3s0 -3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx - inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 - valid_lft 38531sec preferred_lft 38531sec - inet6 2001:222::2/64 scope global - valid_lft forever preferred_lft forever -``` - -#### 有状态自动配置IPv6地址 - -##### 概述 - -IPv6与IPv4都可以在root权限下通过DHCP的方式获得IP地址。IPv6地址有两种配置方式:无状态自动配置和有状态自动配置。 - -- 无状态自动配置 - - 不需要DHCP服务进行管理,设备根据网络RA(路由公告)获得网络前缀,或者link-local地址为固定fe80::。而接口ID则根据ifcfg配置IPV6\_ADDR\_GEN\_MODE的具体设置来进行自动获得: - - 1. IPv6\_ADDR\_GEN\_MODE="stable-privacy" 则根据设备及网络环境来确定一个随机接口ID。 - 2. IPv6\_ADDR\_GEN\_MODE="EUI64" 则根据设备MAC地址来确定接口ID。 - -- 有状态自动配置:需要DHCP服务器进行管理分配,服从DHCPv6协议来从DHCPv6服务器端租赁IPv6地址。 - - 在有状态自动配置IPv6地址时,DHCPv6服务端可以通过客户端设置的vendor class将客户端进行分类,不同类别分配不同地址段的IPv6地址。在IPv4场景中,客户端可以直接用dhclient的-V选项来设置vendor-class-identifier,DHCP服务端在配置文件中根据vendor-class-identifier来对客户端进行分类处理。而IPv6场景中,如果使用同样的方法对客户端分类,则分类并不会生效。 - - ``` - dhclient -6 -V - ``` - - 这是由于DHCPv6和DHCP协议存在较大差异,DHCPv6的可选项中使用vendor-class-option替代了DHCP中的vendor-class-identifier。而dhclient的-V选项并不能设置vendor-class-option。 - - -##### 有状态自动配置IPv6地址时dhclient设置vendor class方法 - -- 在客户端使用配置文件方式添加对vendor class的设置,使用方法如下: - - 客户端配置文件(/etc/dhcp/dhclient6.conf),文件位置可以自定义,在使用时需要通过dhclient -cf选项来指定配置文件: - - ``` - option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; - interface "enp3s0" { - send dhcp6.vendor-class ; - } - ``` - - >![](public_sys-resources/icon-note.gif) **说明:** - >- \,32位整型数字,企业标识号,企业通过IANA注册。 - >- \,16位整型数字,vendor class字符串长度。 - >- \,要设置的vendor class字符串,例如:“HWHW”。 - - 客户端使用方法: - - ``` - dhclient -6 -cf /etc/dhcp/dhclient6.conf - ``` - - -- DHCPv6服务端配置文件(/etc/dhcp/dhcpd6.conf),需要dhcpd -cf选项来指定该配置文件: - - ``` - option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; - subnet6 fc00:4:12:ffff::/64 { - class "hw" { - match if substring ( option dhcp6.vendor-class, 6, 10 ) = "HWHW"; - } - pool6 { - allow members of "hw"; - range6 fc00:4:12:ffff::ff10 fc00:4:12:ffff::ff20; - } - pool6 { - allow unknown clients; - range6 fc00:4:12:ffff::100 fc00:4:12:ffff::120; - } - } - ``` - - >![](public_sys-resources/icon-note.gif) **说明:** - >substring \( option dhcp6.vendor-class, 6, 10 \) 其中子字符串的开始位置为6,因为前面包含4个字节的和2个字节的。而子字符串的结束位置位:6+。这里vendor class string为“HWHW”,字符串的长度为4,所以子字符串的结束位置为6+4=10。用户可以根据实际需要来确定及相应的。 - - 服务端使用方法: - - ``` - dhcpd -6 -cf /etc/dhcp/dhcpd6.conf - ``` - - -#### 内核支持socket相关系统调用 - -##### 概述 - -IPv6地址长度扩展到128比特,所以有足够的IPv6地址可供分配使用。同时IPv6头相比IPv4头进行了简化,并增强了IPv6的自动配置功能。IPv6地址分为单播地址,组播地址和任意播地址。常用的单播地址又包含:链路本地地址(link-local address),唯一本地地址(Unique local address)和全局地址(global address)。由于IPv6的全局地址十分充足,唯一本地地址一般不被使用(其前身为站点本地地址(site-local address),已于2004年被废弃)。当前主要使用的单播地址为:链路本地地址(link-local address)和全局地址(global address)。当前内核支持socket系统调用,在使用单播地址的链路本地地址和全局地址时存在差异。 - -##### link-local地址和global地址在socket调用时的差异 - -RFC 2553: Basic Socket Interface Extensions for IPv6 定义sockaddr\_in6的数据结构如下; - -``` -struct sockaddr_in6 { - uint8_t sin6_len; /* length of this struct */ - sa_family_t sin6_family; /* AF_INET6 */ - in_port_t sin6_port; /* transport layer port # */ - uint32_t sin6_flowinfo; /* IPv6 flow information */ - struct in6_addr sin6_addr; /* IPv6 address */ - uint32_t sin6_scope_id; /* set of interfaces for a scope */ -}; -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->sin6\_scope\_id: 32位整型,对于链路本地地址(link-local address),对于链路范围的sin6\_addr,它可以用来标识指定的接口索引号。如果是站点范围的sin6\_addr,则用来作为站点的标识符(站点本地地址已被抛弃)。 - -在使用link-local地址进行socket通信时,在构造目的地址时,需要制定该地址所对应的接口索引号。一般可以通过if\_nametoindex函数将接口名转化为接口索引号。具体方式如下, - -``` -int port = 1234; -int sk_fd; -int iff_index = 0; -char iff_name[100] = "enp3s0"; -char * ll_addr[100] = "fe80::123:456:789"; -struct sockaddr_in6 server_addr; - -memset(&server_addr,0,sizeof(structsockaddr_in6)); -iff_index=if_nametoindex(iff_name); - -server_addr.sin6_family=AF_INET6; -server_addr.sin6_port=htons(port); -server_addr.sin6_scope_id=iff_index; -inet_pton(AF_INET6, ll_addr, &(server_addr.sin6_addr)); - -sk_fd=socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP); -connect(sk_fd, (struct sockaddr *)&server_addr, sizeof(struct sockaddr_in6)); -``` - -#### IPv4的dhclient守护进程持久化配置 - -##### 概述 - -通过NetworkManager服务来管理网络服务时,如果接口ifcfg-配置文件中配置了DHCP方式获得IP地址,则相应地NetworkManager服务会拉起dhclient守护进程来通过DHCP协议方式来从DHCP服务器获取IP地址。 - -dhclient提供了"-1"选项来决定dhclient进程在未获得DHCP服务响应时,是会不断持久化尝试请求地址还是会尝试时间超时后退出。针对IPv4的dhclient守护进程,可以在ifcfg-配置文件中设置PERSISTENT\_DHCLIENT来决定是否设置IPv4的dhclient进程的持久化。 - -##### 约束限制 - -1. 当dhclient进程在运行中被杀死,network服务无法自动将其拉起,可靠性需要用户自己保障。 -2. 配置了持久化选项PERSISTENT\_DHCLIENT,需要确保有相应的DHCP服务器。如果在拉起network时无可用DHCP服务器,dhclient进程不断尝试发送请求包但无回应,则会导致network服务卡死直到network服务超时失败。由于network服务在拉起多个网卡的IPv4 dhclient进程时,是通过串行的方式来拉起的。如果有网卡配置了持久化而DHCP服务器没有准备好,则会导致network服务在给该网卡获取IPv4地址超时卡死,进而导致后续网卡无法获得IPv4/IPv6地址。 - -以上两种约束限制是特殊的应用场景,需要用户自己进行可靠性保障。 - -##### IPv4 DHCP和IPv6 DHCPv6方式获取地址的配置差异 - -可以通过配置接口ifcfg-参数来分别实现IPv4和IPv6通过DHCP/DHCPv6协议来动态获取IP地址,具体配置说明如下; - -``` -BOOTPROTO=none|bootp|dhcp -DHCPV6C=yes|no -PERSISTENT_DHCLIENT=yes|no|1|0 -``` - -- BOOTPROTO: none表示静态配置IPv4地址,bootp|dhcp则会拉起DHCP dhclient来动态获取IPv4地址。 -- DHCPV6C: no表示静态配置IPv6地址,yes则会拉起DHCPv6 dhclient来动态获取IPv6地址。 -- PERSISTENT\_DHCLIENT:no|0表示IPv4的dhclient进程配置为“非持久化”,当dhclient向DHCP服务器发送一次请求报文而无响应,则会间隔一段时间后退出,退出值为2。yes|1则表示IPv4的dhclient进程配置为“持久化”,dhclient会向DHCP服务器反复发送请求报文。**如果没有配置PERSISTENT\_DHCLIENT项,则IPv4的dhclient会默认设置为“持久化”**。 - - >![](public_sys-resources/icon-note.gif) **说明:** - >PERSISTENT\_DHCLIENT配置只针对IPv4生效,对IPv6相关dhclient -6进程不生效,IPv6默认不进行持久化配置。 - - -#### iproute相关命令配置IPv4与IPv6时的差异说明 - -##### 概述 - -由于IPv4和IPv6是两个不同的协议标准,iproute相关命令在使用方法上存在一定的差异。本章节主要梳理iproute包中用户经常使用到命令在IPv4和IPv6使用方面的差异,从而可以更好地指导用户使用iproute包中相关命令。 - -iproute相关命令均需要在root权限下运行。 - -##### IPv6地址的生命周期 - - - - - - - - - - - - - - - - - - - -

IPv6状态

-

解释

-

tentative

-

临时状态:刚添加地址还处于地址重复检测DAD过程

-

preferred

-

首选状态:完成DAD过程,没有收到相应的NA报文,表示该地址没有冲突。

-

deprecated

-

弃用状态:地址有一定的使用时限(valid_lft和preferred_lft),preferred_lft到期后地址会变化deprecated状态。

-

该状态下的地址不能用于创建新的连接,但是原有的连接可以继续使用。

-

invalid

-

无效状态:使用时限超过preferred_lft一段时间后仍然没有成功进行租约续约,则valid_lft时间到后地址状态会被设置为invalid,表示该地址不可以再被使用。

-
- -其它说明: - -- preferred\_lft:preferred lifetime,地址为首选状态的寿命,preferred\_lft没有到期的地址可以用于正常通信使用,若有多个preferred地址则按照内核具体机制选择地址。 -- valid\_lft: valid lifetime,地址有效的寿命,在\[preferred\_lft, valid\_lft\]时间段内该地址不能被用于新建连接,已经创建的连接继续有效。 - -##### ip link 命令 - -命令: - -``` -ip link set IFNAME mtu MTU -``` - -IPv6中PMTU的最小值为1280,如果mtu值设置小于1280则会导致IPv6地址丢失。其它设备无法ping通该IPv6地址。 - -##### ip addr命令 - -1. 命令: - - ``` - ip [-6] addr add IFADDR dev IFNAME - ``` - - 添加IPv6地址可以选择添加-6选项也可以不添加,ip addr命令会根据具体地址类型来判断是ipv4地址还是IPv6地址。 - - 如果指定“-6”选项,但是IFADDR 是ipv4地址则会有错误返回。 - -2. 命令: - - ``` - ip [-6] addr add IFADDR dev IFNAME [home|nodad] - ``` - - \[home|nodad\] 选项只针对IPv6地址有效。 - - - home:将该地址指定为RFC 6275中定义的家庭地址。(这是移动节点从家庭链路获取的地址, 是移动节点的永久地址,如果移动节点保持在相同的归属链路中,则各种实体之间的通信照常进行。) - - nodad:配置该项(仅限IPv6)添加此地址时不执行重复地址检测DAD(RFC 4862)。如果一台设备上多个接口通过nodad配置了多个相同的IPv6地址,则会按照接口顺序使用该IPv6地址。同一个接口上不能添加一个nodad一个非nodad的相同IPv6地址。因为两个地址是一样的,所以会报“RTNETLINK answers: File exists”。 - -3. 命令: - - ``` - ip [-6] addr del IFADDR dev IFNAME - ``` - - 删除IPv6地址可以选择添加-6选项也可以不添加,ip addr del命令会根据具体地址类型来判断是ipv4地址还是IPv6地址。 - -4. 命令: - - ``` - ip [-6] addr show dev IFNAME [tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary] - ``` - - - 不指定-6选项,则会同时打印IPv4和IPv6地址。指定-6选项则只打印IPv6地址。 - - \[tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary\],这些选项只针对IPv6,可以根据IPv6地址状态对地址进行筛选查看。 - 1. tentative:(仅限IPv6)仅列出尚未通过重复地址检测的地址。 - 2. -tentative:(仅限IPv6)仅列出当前未处于重复地址检测过程中的地址。 - 3. deprecated:(仅限IPv6)仅列出已弃用的地址。 - 4. -deprecated:(仅限IPv6)仅列出未弃用的地址。 - 5. dadfailed:(仅限IPv6)仅列出重复地址检测失败的地址。 - 6. -dadfailed:(仅限IPv6)仅列出未重复地址检测失败的地址。 - 7. temporary:(仅限IPv6)仅列出临时地址 - - - -##### ip route命令 - -1. 命令: - - ``` - ip [-6] route add ROUTE [mtu lock MTU] - ``` - - - -6选项:添加IPv6路由可以选择添加-6选项也可以不添加,ip route命令会根据具体地址类型来判断是IPv4地址还是IPv6地址。 - - - mtu lock MTU:锁定路由的MTU值。如果不锁定MTU,则MTU的值则可能在PMTUD过程中被内核改变。如果锁定MTU,则不会尝试PMTUD,所有IPv4包都将不设置DF位发出,IPv6包则会按照MTU进行分段处理。 - -2. 命令: - - ``` - ip [-6] route del ROUTE - ``` - - 删除IPv6路由可以选择添加-6选项也可以不添加,ip route命令会根据具体地址类型来判断是IPv4地址还是IPv6地址。 - - -##### ip rule命令 - -1. 命令: - - ``` - ip [-6] rule list - ``` - - -6选项:设置-6选项打印IPv6的策略路由,不设置-6选项打印IPv4的策略路由。所以需要根据具体协议类型来配置-6选项。 - -2. 命令: - - ``` - ip [-6] rule [add|del] [from|to] ADDR table TABLE pref PREF - ``` - - -6选项:IPv6相关的策略路由表项需要设置-6选项,否则会报错:“Error: Invalid source address.”。相应地,IPv4相关的策略路由表项不可以设置-6选项,否则会报错:“Error: Invalid source address.”。 - - -#### NetworkManager服务配置差异说明 - -##### 概述 - -NetworkManager服务使用ifup/ifdown的逻辑接口定义进行高级网络设置。其参数大多数都是在/etc/sysconfig/network和/etc/sysconfig/network-scripts/ifcfg-两个配置文件设置。前者为全局设置,后者为指定网卡的设置,当两者有冲突时,后者生效。 - -##### 配置差异说明 - -其中在/etc/sysconfig/network下的配置差异有: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IPv4

-

IPv6

-

含义说明

-

NA

-

IPV6FORWARDING=yes|no

-

IPv6转发,默认不转发。

-

NA

-

IPV6_AUTOCONF=yes|no

-

IPv6转发打开是no,否则是yes。

-

NA

-

IPV6_ROUTER=yes|no

-

IPv6转发打开是yes,否则是no。

-

NA

-

IPV6_AUTOTUNNEL=yes|no

-

指定Tunnel为自动隧道模式,默认是no。

-

GATEWAY

-

IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)

-

在IPv6中设置默认网关。

-

NA

-

IPV6_DEFAULTDEV=<interface> (optional)

-

指定默认转发的网卡。

-

NA

-

IPV6_RADVD_PIDFILE=<pid-file> (optional)

-

默认ipv6_radvd_pid路径:/var/run/radvd/radvd.pid。

-

NA

-

IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP (optional)

-

radvd默认触发动作。

-
- -而在/etc/sysconfig/network-scripts/ifcfg-下的差异主要有: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IPv4

-

IPv6

-

含义说明

-

IPADDRn

-

IPV6ADDR=<IPv6 address>[/<prefix length>]

-

ip地址。

-

PREFIXn

-

NA

-

网络前缀,网络别名和ppp无效,优先级高于NETMASK。

-

NETMASKn

-

NA

-

子网掩码,仅用于别名和ppp。

-

GATEWAY

-

IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)

-

默认网关。

-

MTU

-

IPV6_MTU=<MTU of link> (optional)

-

默认MTU。

-

IPV4_FAILURE_FATAL=yes|no

-

IPV6_FAILURE_FATAL

-

默认值是no。若设置为yes,dhclient失败ifup-eth会直接退出。

-

NA

-

IPV6_PRIVACY=rfc3041

-

默认禁用。

-

NA

-

IPV6INIT=yes|no

-

默认开启IPv6。

-

NA

-

IPV6FORWARDING=yes|no

-

默认关闭,已废弃。

-
- -### FAQ -#### iscsi-initiator-utils不支持登录fe80 IPv6地址 - -##### 问题现象 - -客户端通过IPv6登录iscsi服务端时,使用如“iscsiadm -m node -p ipv6address -l”的命令格式登录,如果是全局地址(global address),直接替换将命令范例中的“ipv6address”替换为全局地址即可;但如果是链路本地地址(link-local address,fe80开头的IPv6地址)则无法使用,因为iscsi-initiator-utils目前机制还不支持用链路本地地址(link-local address)地址登录iscsi服务端。 - -##### 原因分析 - -如果使用格式如“iscsiadm -m node -p fe80::xxxx -l”登录,会登录超时返回,这是因为使用链路本地地址必须指定接口,否则使用iscsi\_io\_tcp\_connect函数调用connect函数会失败,并且产生标准错误码22。 - -如果使用格式如“iscsiadm -m node -p fe80::xxxx%enp3s0 -l”登录时,iscsi\_addr\_match函数会将地址“fe80::xxxx%enp3s0”与服务端返回的node信息中的地址“fe80::xxxx”对比,对比结果不匹配,导致登录失败。 - -因此,**iscsi-initiator-utils目前机制还不支持用链路本地地址(link-local address)登录iscsi服务端**。 - -#### 网卡down掉之后,IPv6地址丢失 - -##### 问题现象 - -通过ip link down+up网卡或ifconfig down+up网卡命令,将网卡down掉之后再上线,查看网卡上配置的ip地址,发现ipv4地址不丢失,而配置的IPv6地址丢失。 - -##### 原因分析 - -内核中的处理逻辑为如果网卡设置为down状态,会清空所有IPv4及IPv6地址,将网卡重新up之后,ipv4地址自动恢复,网卡上自动配置的IPv6链路本地地址也会恢复,但是其他IPv6地址默认会丢失。如果需要保留这些IPv6地址,可以通过“sysctl -w net.ipv6.conf.<网卡名\>.keep\_addr\_on\_down=1”来实现。 - -#### bond口已具有多个IPv6地址时,添加或删除IPv6地址耗时过久 - -##### 问题现象 - -下列方式配置或删除(包括flush)IPv6地址方式,X为动态变化的低16位,并且配置在bond口时,耗时会随已配置的IPv6地址数量成数倍增加。例如由4个物理网卡组成的bond口添加IPv6地址时,单线程添加删除3000 IPv6地址均需大概5分钟,而普通物理网卡耗时在10秒内。 - -``` -ip a add/del 192:168::18:X/64 dev DEVICE -``` - -##### 原因分析 - -bond口在添加IPv6地址时,会生成IPv6组播地址,并进行同步到所有的物理网卡上,此耗时会随IPv6数量增加而增加,导致耗时过长。 - -##### 解决方法 - -IPv6的组播地址是由IPv6地址的低24位与33-33-ff组合生成,组播地址过多会导致添加删除耗时增加,如果生成的组播地址为少量,耗时不会受此影响。 - -建议添加IPv6地址时,可保持低24位一致,保持高位变动,单网卡中仅需一个网段的一个地址即可与外部正常通信,此配置更符合常规使用。 - -#### Rsyslog在IPv4和IPv6混合使用场景中日志传输延迟 - -##### 问题现象 - -rsyslog客户端配置文件同时配置IPv4和IPv6地址,且端口配置相同的情况下,服务端收集log时会概率性出现日志打印延迟。 - -##### 原因分析 - -延迟是因为rsyslog内部存在缓冲队列机制,默认情况下需要缓冲区队列达到一定数量才会写入文件。 - -##### 解决方法 - -可在root权限下通过配置Direct模式,关闭缓冲队列机制解决该问题。在rsyslog远程传输服务端的/etc/rsyslog.d目录下新增的远程传输配置文件中,最开头增加如下配置: - -``` -$ActionQueueType Direct -$MainMsgQueueType Direct -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->- Direct模式减少队列大小为1,所以在队列中会保留1条日志到下次日志打印; ->- Direct模式会降低服务器端的rsyslog性能。 +# 配置网络 + + +- [配置网络](#配置网络) + - [配置 IP](#配置-ip) + - [使用nmcli命令](#使用nmcli命令) + - [使用ip命令](#使用ip命令) + - [通过ifcfg文件配置网络](#通过ifcfg文件配置网络) + - [配置主机名](#配置主机名) + - [简介](#简介) + - [使用hostnamectl配置主机名](#使用hostnamectl配置主机名) + - [使用nmcli配置主机名](#使用nmcli配置主机名) + - [配置网络绑定](#配置网络绑定) + - [使用nmcli](#使用nmcli) + - [使用命令行](#使用命令行) + - [IPv6使用差异说明(vs IPv4)](#ipv6使用差异说明vs-ipv4) + - [约束限制](#约束限制) + - [配置说明](#配置说明) + - [FAQ](#faq) + + + + +## 配置 IP + + +### 使用nmcli命令 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>使用nmcli命令配置的网络配置可以立即生效且系统重启后配置也不会丢失。 + + + +#### nmcli介绍 + +nmcli是NetworkManager的一个命令行工具,它提供了使用命令行配置由NetworkManager管理网络连接的方法。nmcli命令的基本格式为: + +``` + nmcli [OPTIONS] OBJECT { COMMAND | help } +``` + +其中,OBJECT选项可以是general、networking、radio、connection或device等。在日常使用中,最常使用的是-t, \-\-terse(用于脚本)、-p, \-\-pretty选项(用于用户)及-h, \-\-help选项,用户可以使用“ nmcli help”获取更多参数及使用信息。 + +``` +$ nmcli help +``` + +常用命令使用举例如下: + +- 显示NetworkManager状态: + + ``` + $ nmcli general status + ``` + +- 显示所有连接: + + ``` + $ nmcli connection show + ``` + +- 只显示当前活动连接,如下所示添加 -a, \-\-active: + + ``` + $ nmcli connection show --active + ``` + +- 显示由NetworkManager识别到设备及其状态: + + ``` + $ nmcli device status + ``` + +- 使用nmcli工具启动和停止网络接口,在root权限下执行如下命令: + + ``` + # nmcli connection up id enp3s0 + # nmcli device disconnect enp3s0 + ``` + + +#### 设备管理 + +##### 连接到设备 + +使用如下命令,NetworkManager将连接到对应网络设备,尝试找到合适的连接配置,并激活配置。 + +``` +$nmcli device connect "$IFNAME" +``` +>如果不存在相应的配置连接,NetworkManager将创建并激活具有默认设置的新配置文件。 + +##### 断开设备连接 + +使用如下命令,NetworkManager将断开设备连接,并防止设备自动激活。 + + +``` +$nmcli device disconnect "$IFNAME" +``` + +#### 设置网络连接 + +列出目前可用的网络连接: + +``` +$ nmcli con show + + +NAME UUID TYPE DEVICE +enp4s0 5afce939-400e-42fd-91ee-55ff5b65deab ethernet enp4s0 +enp3s0 c88d7b69-f529-35ca-81ab-aa729ac542fd ethernet enp3s0 +virbr0 ba552da6-f014-49e3-91fa-ec9c388864fa bridge virbr0 +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>输出结果中的NAME字段代表连接ID(名称)。 + +添加一个网络连接会生成相应的配置文件,并与相应的设备关联。检查可用的设备,方法如下: + +``` +$ nmcli dev status + +DEVICE TYPE STATE CONNECTION +enp3s0 ethernet connected enp3s0 +enp4s0 ethernet connected enp4s0 +virbr0 bridge connected virbr0 +lo loopback unmanaged -- +virbr0-nic tun unmanaged -- +``` + + +##### 配置动态IP连接 + +###### 配置IP + +要使用 DHCP 分配网络时,可以使用动态IP配置添加网络配置文件,命令格式如下: + +``` +nmcli connection add type ethernet con-name connection-name ifname interface-name +``` + +例如创建名为net-test的动态连接配置文件,在root权限下使用以下命令: + +``` +# nmcli connection add type ethernet con-name net-test ifname enp3s0 +Connection 'net-test' (a771baa0-5064-4296-ac40-5dc8973967ab) successfully added. +``` + +NetworkManager 会将参数 connection.autoconnect 设定为 yes,并将设置保存到 “/etc/sysconfig/network-scripts/ifcfg-net-test”文件中,在该文件中会将 ONBOOT 设置为 yes。 + +###### 激活连接并检查状态 + +在root权限下使用以下命令激活网络连接: + +``` +# nmcli con up net-test +Connection successfully activated (D-Bus active path:/org/freedesktop/NetworkManager/ActiveConnection/5) +``` + +检查这些设备及连接的状态,使用以下命令: + +``` +$ nmcli device status + +DEVICE TYPE STATE CONNECTION +enp4s0 ethernet connected enp4s0 +enp3s0 ethernet connected net-test +virbr0 bridge connected virbr0 +lo loopback unmanaged -- +virbr0-nic tun unmanaged -- +``` + +##### 配置静态IP连接 + +###### 配置IP + +添加静态 IPv4 配置的网络连接,可使用以下命令: + +``` +nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>如果要添加 IPv6 地址和网关信息,使用 ip6 和 gw6 选项。 + +例如创建名为 net-static的静态连接配置文件,在root权限下使用以下命令: + +``` +# nmcli con add type ethernet con-name net-static ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 +``` + +还可为该设备同时指定 IPv6 地址和网关,示例如下: + +``` +# nmcli con add type ethernet con-name test-lab ifname enp3s0 ip4 192.168.0.10/24 gw4 192.168.0.254 ip6 abbe::**** gw6 2001:***::* +Connection 'net-static' (63aa2036-8665-f54d-9a92-c3035bad03f7) successfully added. +``` + +NetworkManager 会将其内部参数 ipv4.method 设定为 manual,将 connection.autoconnect 设定为yes,并将设置写入 /etc/sysconfig/network-scripts/ifcfg-my-office 文件,其中会将对应 BOOTPROTO 设定为 none,将 ONBOOT 设定为 yes。 + +设定两个 IPv4 DNS 服务器地址,在root权限下使用以下命令: + +``` +# nmcli con mod net-static ipv4.dns "*.*.*.* *.*.*.*" +``` + +设置两个 IPv6 DNS 服务器地址,在root权限下使用以下命令: + +``` +# nmcli con mod net-static ipv6.dns "2001:4860:4860::**** 2001:4860:4860::****" +``` + +###### 激活连接并检查状态 + +激活新的网络连接,在root权限下使用以下命令: + +``` +# nmcli con up net-static ifname enp3s0 +Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6) +``` + +检查这些设备及连接的状态,使用以下命令: + +``` +$ nmcli device status + +DEVICE TYPE STATE CONNECTION +enp4s0 ethernet connected enp4s0 +enp3s0 ethernet connected net-static +virbr0 bridge connected virbr0 +lo loopback unmanaged -- +virbr0-nic tun unmanaged -- +``` + +查看配置的连接详情,使用以下命令(使用 -p, \-\-pretty 选项在输出结果中添加标题和分段): + +``` +$ nmcli -p con show net-static +=============================================================================== +Connection profile details (net-static ) +=============================================================================== +connection.id: net-static +connection.uuid: b9f18801-6084-4aee-af28-c8f0598ff5e1 +connection.stable-id: -- +connection.type: 802-3-ethernet +connection.interface-name: enp3s0 +connection.autoconnect: yes +connection.autoconnect-priority: 0 +connection.autoconnect-retries: -1 (default) +connection.multi-connect: 0 (default) +connection.auth-retries: -1 +connection.timestamp: 1578988781 +connection.read-only: no +connection.permissions: -- +connection.zone: -- +connection.master: -- +connection.slave-type: -- +connection.autoconnect-slaves: -1 (default) +connection.secondaries: -- +connection.gateway-ping-timeout: 0 +connection.metered: unknown +connection.lldp: default +connection.mdns: -1 (default) +connection.llmnr: -1 (default) +``` + +##### 添加 Wi-Fi 连接 + +有两种方式添加Wi-Fi 连接。 + +**方法1,通过网络接口连接wifi** + +连接到由SSID或BSSID指定的wifi网络。命令如下,该命令找到匹配的连接或创建一个连接,然后在设备上激活它。 + +``` +$ nmcli device wifi connect "$SSID" password "$PASSWORD" ifname "$IFNAME" +$ nmcli --ask device wifi connect "$SSID" +``` + +**方法2,通过配置文件连接Wi-Fi** + +1,使用以下命令查看可用 Wi-Fi 访问点: + +``` +$ nmcli dev wifi list +``` + +2,使用以下命令生成使用的静态 IP 配置,但允许自动 DNS 地址分配的 Wi-Fi 连接: + +``` +$ nmcli con add con-name Wifi ifname wlan0 type wifi ssid MyWifi ip4 192.168.100.101/24 gw4 192.168.100.1 +``` + +3,请使用以下命令设定 WPA2 密码,例如 “answer”: + +``` +$ nmcli con modify Wifi wifi-sec.key-mgmt wpa-psk +$ nmcli con modify Wifi wifi-sec.psk answer +``` + +4,使用以下命令更改 Wi-Fi 状态: + +``` +$ nmcli radio wifi [ on | off ] +``` + +##### 更改属性 + +请使用以下命令检查具体属性,比如 mtu: + +``` +$ nmcli connection show id 'Wifi ' | grep mtu +802-11-wireless.mtu: auto +``` + +使用如下命令更改设置的属性: + +``` +$ nmcli connection modify id 'Wifi ' 802-11-wireless.mtu 1350 +``` + +使用如下命令确认更改: + +``` +$ nmcli connection show id 'Wifi ' | grep mtu +802-11-wireless.mtu: 1350 +``` + +#### 配置静态路由 + +- 使用nmcli命令为网络连接配置静态路由,使用命令如下: + + ``` + $ nmcli connection modify enp3s0 +ipv4.routes "192.168.122.0/24 10.10.10.1" + ``` + + +- 使用编辑器配置静态路由,使用如下命令: + + ``` + $ nmcli con edit type ethernet con-name enp3s0 + ===| nmcli interactive connection editor |=== + Adding a new '802-3-ethernet' connection + Type 'help' or '?' for available commands. + Type 'describe [.]' for detailed property description. + You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb + nmcli> set ipv4.routes 192.168.122.0/24 10.10.10.1 + nmcli> + nmcli> save persistent + Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection. + Do you still want to save? [yes] yes + Connection 'enp3s0' (1464ddb4-102a-4e79-874a-0a42e15cc3c0) successfully saved. + nmcli> quit + ``` + + +### 使用ip命令 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>使用ip命令配置的网络配置可以立即生效但系统重启后配置会丢失。 + + + +#### 配置IP地址 + +使用ip命令为接口配置地址,命令格式如下,其中 _interface-name_ 为网卡名称。 + +``` +ip addr [ add | del ] address dev interface-name +``` + +##### 配置静态地址 +在root权限下,配置设置IP地址,使用示例如下: + +``` +# ip address add 192.168.0.10/24 dev enp3s0 +``` + +查看配置结果,在root权限使用如下命令: + +``` +# ip addr show dev enp3s0 +2: enp3s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff + inet 192.168.202.248/16 brd 192.168.255.255 scope global dynamic noprefixroute enp3s0 + valid_lft 9547sec preferred_lft 9547sec + inet 192.168.0.10/24 scope global enp3s0 + valid_lft forever preferred_lft forever + inet6 fe80::32e8:cc22:9db2:f4d4/64 scope link noprefixroute + valid_lft forever preferred_lft forever +``` + +##### 配置多个地址 +ip 命令支持为同一接口分配多个地址,可在root权限下重复多次使用 ip 命令实现分配多个地址。使用示例如下: + +``` +# ip address add 192.168.2.223/24 dev enp4s0 +# ip address add 192.168.4.223/24 dev enp4s0 +# ip addr + +3: enp4s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 + link/ether 52:54:00:aa:da:e2 brd ff:ff:ff:ff:ff:ff + inet 192.168.203.12/16 brd 192.168.255.255 scope global dynamic noprefixroute enp4s0 + valid_lft 8389sec preferred_lft 8389sec + inet 192.168.2.223/24 scope global enp4s0 + valid_lft forever preferred_lft forever + inet 192.168.4.223/24 scope global enp4s0 + valid_lft forever preferred_lft forever + inet6 fe80::1eef:5e24:4b67:f07f/64 scope link noprefixroute + valid_lft forever preferred_lft forever +``` + +#### 配置静态路由 + +如果需要静态路由,可使用 ip route add 命令在路由表中添加,使用 ip route del 命令删除。最常使用的 ip route 命令格式如下: + +``` +ip route [ add | del | change | append | replace ] destination-address +``` + +在root权限下使用 ip route 命令显示当前的 IP 路由表。示例如下: + +``` +# ip route + +default via 192.168.0.1 dev enp3s0 proto dhcp metric 100 +default via 192.168.0.1 dev enp4s0 proto dhcp metric 101 +192.168.0.0/16 dev enp3s0 proto kernel scope link src 192.168.202.248 metric 100 +192.168.0.0/16 dev enp4s0 proto kernel scope link src 192.168.203.12 metric 101 +192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown +``` + +在主机地址中添加一个静态路由,在 root 权限下,使用以下命令格式: + +``` +ip route add 192.168.2.1 via 10.0.0.1 [dev interface-name] +``` + +其中 192.168.2.1 是用点分隔的十进制符号中的 IP 地址,10.0.0.1 是下一个跃点,_interface-name_ 是进入下一个跃点的退出接口。 + +要在网络中添加一个静态路由,即代表 IP 地址范围的 IP 地址,请在root权限下运行以下命令格式: + +``` +ip route add 192.168.2.0/24 via 10.0.0.1 [dev interface-name] +``` + +其中 192.168.2.1 是目标网络的 IP 地址,10.0.0.1 是网络前缀,_interface-name_ 为网卡名称。 + +### 通过ifcfg文件配置网络 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>通过ifcfg文件配置的网络配置不会立即生效,需要在root权限下执行**systemctl reload NetworkManager**命令以重启网络服务后才生效。 + +#### 配置静态网络 + +以enp4s0网络接口进行静态网络设置为例,通过在root权限下修改ifcfg文件实现,在/etc/sysconfig/network-scripts/目录中生成名为ifcfg-enp4s0的文件中,修改参数配置,示例如下: + +``` +TYPE=Ethernet +PROXY_METHOD=none +BROWSER_ONLY=no +BOOTPROTO=none +IPADDR=192.168.0.10 +PREFIX=24 +DEFROUTE=yes +IPV4_FAILURE_FATAL=no +IPV6INIT=yes +IPV6_AUTOCONF=yes +IPV6_DEFROUTE=yes +IPV6_FAILURE_FATAL=no +IPV6_ADDR_GEN_MODE=stable-privacy +NAME=enp4s0static +UUID=08c3a30e-c5e2-4d7b-831f-26c3cdc29293 +DEVICE=enp4s0 +ONBOOT=yes +``` + +#### 配置动态网络 + +要通过ifcfg文件为em1接口配置动态网络,请按照如下操作在/etc/sysconfig/network-scripts/目录中生成名为 ifcfg-em1 的文件,示例如下: + +``` +DEVICE=em1 +BOOTPROTO=dhcp +ONBOOT=yes +``` + +要配置一个向DHCP服务器发送不同的主机名的接口,请在ifcfg文件中新增一行内容,如下所示: + +``` +DHCP_HOSTNAME=hostname +``` + +要配置忽略由DHCP服务器发送的路由,防止网络服务使用从DHCP服务器接收的DNS服务器更新/etc/resolv.conf。请在ifcfg文件中新增一行内容,如下所示: + +``` +PEERDNS=no +``` + +要配置一个接口使用具体DNS服务器,请将参数PEERDNS=no,并在ifcfg文件中添加以下行: + +``` +DNS1=ip-address +DNS2=ip-address +``` + +其中ip-address是DNS服务器的地址。这样就会让网络服务使用指定的DNS服务器更新/etc/resolv.conf。 + +#### 配置默认网关 + +在确定默认网关时,首先解析 /etc/sysconfig/network 文件,然后解析 ifcfg 文件 ,将最后读取的 GATEWAY 的取值作为路由表中的默认路由。 + +在动态网络环境中,使用 NetworkManager 管理主机时,建议设置为由 DHCP 来分配。 + +## 配置主机名 + + +### 简介 + +hostname有三种类型:static、transient和pretty。 + +- static:静态主机名,可由用户自行设置,并保存在/etc/hostname 文件中。 +- transient:动态主机名,由内核维护,初始是 static 主机名,默认值为“localhost”。可由DHCP或mDNS在运行时更改。 +- pretty:灵活主机名,允许使用自由形式(包括特殊/空白字符)进行设置。静态/动态主机名遵从域名的通用限制。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>static和transient主机名只能包含a-z、A-Z、0-9、“-”、“\_”和“.”,不能在开头或结尾处使用句点,不允许使用两个相连的句点,大小限制为 64 个字符。 + +### 使用hostnamectl配置主机名 + +#### 查看所有主机名 +查看当前的主机名,使用如下命令: + +``` +$ hostnamectl status +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>如果命令未指定任何选项,则默认使用status选项。 + +#### 设定所有主机名 +在root权限下,设定系统中的所有主机名,使用如下命令: + +``` +# hostnamectl set-hostname name +``` + +#### 设定特定主机名 +在root权限下,通过不同的参数来设定特定主机名,使用如下命令: + +``` +# hostnamectl set-hostname name [option...] +``` + +其中option可以是\-\-pretty、\-\-static、\-\-transient中的一个或多个选项。 + +如果\-\-static或\-\-transient与\-\-pretty选项一同使用时,则会将static和transient主机名简化为pretty主机名格式,使用“-”替换空格,并删除特殊字符。 + +当设定pretty主机名时,如果主机名中包含空格或单引号,需要使用引号。命令示例如下: + +``` +# hostnamectl set-hostname "Stephen's notebook" --pretty +``` + +#### 清除特定主机名 +要清除特定主机名,并将其还原为默认形式,在root权限下,使用如下命令: + +``` +# hostnamectl set-hostname "" [option...] +``` + +其中 "" 是空白字符串,option是\-\-pretty、\-\-static和\-\-transient中的一个或多个选项。 + +#### 远程更改主机名 +在远程系统中运行hostnamectl命令时,要使用-H,\-\-host 选项,在root权限下使用如下命令: + +``` +# hostnamectl set-hostname -H [username]@hostname new_hostname +``` + +其中hostname是要配置的远程主机,username为自选项,new\_hostname为新主机名。hostnamectl会通过SSH连接到远程系统。 + +### 使用nmcli配置主机名 + +查询static主机名,使用如下命令: + +``` +$ nmcli general hostname +``` + +在root权限下,将static主机名设定为host-server,使用如下命令: + +``` +# nmcli general hostname host-server +``` + +要让系统hostnamectl感知到static主机名的更改,在root权限下,重启hostnamed服务,使用如下命令: + +``` +# systemctl restart systemd-hostnamed +``` + +## 配置网络绑定 + + +### 使用nmcli + +- 创建名为mybond0的绑定,使用示例如下: + + ``` + $ nmcli con add type bond con-name mybond0 ifname mybond0 mode active-backup + ``` + +- 添加从属接口,使用示例如下: + + ``` + $ nmcli con add type bond-slave ifname enp3s0 master mybond0 + ``` + + 要添加其他从属接口,重复上一个命令,并在命令中使用新的接口,使用示例如下: + + ``` + $ nmcli con add type bond-slave ifname enp4s0 master mybond0 + Connection 'bond-slave-enp4s0' (05e56afc-b953-41a9-b3f9-0791eb49f7d3) successfully added. + ``` + +- 要启动绑定,则必须首先启动从属接口,使用示例如下: + + ``` + $ nmcli con up bond-slave-enp3s0 + Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/14) + ``` + + ``` + $ nmcli con up bond-slave-enp4s0 + Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15) + ``` + + 现在可以启动绑定,使用示例如下: + + ``` + $ nmcli con up mybond0 + Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16) + ``` + + +### 使用命令行 + + + +#### 检查是否已安装Bonding内核模块 + +在系统中默认已加载相应模块。要载入绑定模块,可在root权限下使用如下命令: + +``` +# modprobe --first-time bonding +``` + +显示该模块的信息,可在root权限下使用如下命令: + +``` +# modinfo bonding +``` + +更多命令请在root权限下使用modprobe \-\-help查看。 + +#### 创建频道绑定接口 + +要创建绑定接口,可在root权限下通过在 /etc/sysconfig/network-scripts/ 目录中创建名为 ifcfg-bondN 的文件(使用接口号码替换 N,比如 0)。 + +根据要绑定接口类型的配置文件来编写相应的内容,比如网络接口。接口配置文件示例如下: + +``` +DEVICE=bond0 +NAME=bond0 +TYPE=Bond +BONDING_MASTER=yes +IPADDR=192.168.1.1 +PREFIX=24 +ONBOOT=yes +BOOTPROTO=none +BONDING_OPTS="bonding parameters separated by spaces" +``` + +#### 创建从属接口 + +创建频道绑定接口后,必须在从属接口的配置文件中添加 MASTER 和 SLAVE 指令。 + +例如将两个网络接口enp3s0 和 enp4s0 以频道方式绑定,其配置文件示例分别如下: + +``` +TYPE=Ethernet +NAME=bond-slave-enp3s0 +UUID=3b7601d1-b373-4fdf-a996-9d267d1cac40 +DEVICE=enp3s0 +ONBOOT=yes +MASTER=bond0 +SLAVE=yes +``` + +``` +TYPE=Ethernet +NAME=bond-slave-enp4s0 +UUID=00f0482c-824f-478f-9479-abf947f01c4a +DEVICE=enp4s0 +ONBOOT=yes +MASTER=bond0 +SLAVE=yes +``` + +#### 激活频道绑定 + +要激活绑定,则需要启动所有从属接口。请在root权限下,运行以下命令: + +``` +# ifup enp3s0 +Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/7) +``` + +``` +# ifup enp4s0 +Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8) +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>对于已经处于“up”状态的接口,请首先使用“ifdown _enp3s0_ ”命令修改状态为down,其中 _enp3s0_ 为实际网卡名称。 + +完成后,启动所有从属接口以便启动绑定(不将其设定为 “down”)。 + +要让 NetworkManager 感知到系统所做的修改,在每次修改后,请在root权限下,运行以下命令: + +``` +# nmcli con load /etc/sysconfig/network-scripts/ifcfg-device +``` + +查看绑定接口的状态,请在root权限下运行以下命令: + +``` +# ip link show + +1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 + link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 +2: enp3s0: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 + link/ether 52:54:00:aa:ad:4a brd ff:ff:ff:ff:ff:ff +3: enp4s0: mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 + link/ether 52:54:00:aa:da:e2 brd ff:ff:ff:ff:ff:ff +4: virbr0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000 + link/ether 86:a1:10:fb:ef:07 brd ff:ff:ff:ff:ff:ff +5: virbr0-nic: mtu 1500 qdisc fq_codel master virbr0 state DOWN mode DEFAULT group default qlen 1000 + link/ether 52:54:00:29:35:4c brd ff:ff:ff:ff:ff:ff +``` + +#### 创建多个绑定 + +系统会为每个绑定创建一个频道绑定接口,包括 BONDING\_OPTS 指令。使用这个配置方法可让多个绑定设备使用不同的配置。请按照以下操作创建多个频道绑定接口: + +- 创建多个 ifcfg-bondN 文件,文件中包含 BONDING\_OPTS 指令,让网络脚本根据需要创建绑定接口。 +- 创建或编辑要绑定的现有接口配置文件,添加 SLAVE 指令。 +- 使用 MASTER 指令工具在频道绑定接口中分配要绑定的接口,即从属接口。 + +以下是频道绑定接口配置文件示例: + +``` +DEVICE=bondN +NAME=bondN +TYPE=Bond +BONDING_MASTER=yes +IPADDR=192.168.1.1 +PREFIX=24 +ONBOOT=yes +BOOTPROTO=none +BONDING_OPTS="bonding parameters separated by spaces" +``` + +在这个示例中,使用绑定接口的号码替换 N。例如要创建两个接口,则需要使用正确的 IP 地址创建两个配置文件 ifcfg-bond0 和 ifcfg-bond1。 + +## IPv6使用差异说明(vs IPv4) + + + +### 约束限制 + +- chrony支持全局地址(global address),不支持链路本地地址(link-local address)。 +- Firefox支持通过http/https协议访问全局地址(global address),不支持链路本地地址(link-local address)。 + +### 配置说明 +#### 设置接口设备MTU值 + +##### 概述 + +IPv6场景中会发现整个路由路径中的最小mtu的值作为当前链接的PMTU的值,源端根据PMTU的值确定是否进行分片发送,而在整个路径中的其它设备将不再需要进行分片处理,从而可以降低中间路由设备的负载大小。其中IPv6 PMTU设置的最小值为1280。 + +##### 设置接口设备的mtu + +如果在配置了IPv6地址的接口上设置mtu的值小于1280(IPv6 PMTU设置的最小值),则会导致该接口的IPv6地址被删除。并且无法再次添加IPv6地址。所以在IPv6场景中,对接口设备的mtu的配置一定要大于等于1280。 +请在root权限下运行如下命令查看具体现象: + +``` +# ip addr show enp3s0 +3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38663sec preferred_lft 38663sec + inet6 2001:222::2/64 scope global + valid_lft forever preferred_lft forever +``` + +``` +# ip link set dev enp3s0 mtu 1200 +# ip addr show enp3s0 +3: enp3s0: mtu 1200 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38642sec preferred_lft 38642sec +``` + +``` +# ip addr add 2001:222::2/64 dev enp3s0 +RTNETLINK answers: No buffer space available +``` + +``` +# ip link set dev enp3s0 mtu 1500 +# ip addr show enp3s0 +3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38538sec preferred_lft 38538sec +``` + +``` +# ip addr add 2001:222::2/64 dev enp3s0 +# ip addr show enp3s0 +3: enp3s0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 + link/ether 52:54:00:62:xx:xx brd ff:ff:ff:ff:xx:xx + inet 10.41.125.236/16 brd 10.41.255.255 scope global noprefixroute dynamic enp3s0 + valid_lft 38531sec preferred_lft 38531sec + inet6 2001:222::2/64 scope global + valid_lft forever preferred_lft forever +``` + +#### 有状态自动配置IPv6地址 + +##### 概述 + +IPv6与IPv4都可以在root权限下通过DHCP的方式获得IP地址。IPv6地址有两种配置方式:无状态自动配置和有状态自动配置。 + +- 无状态自动配置 + + 不需要DHCP服务进行管理,设备根据网络RA(路由公告)获得网络前缀,或者link-local地址为固定fe80::。而接口ID则根据ifcfg配置IPV6\_ADDR\_GEN\_MODE的具体设置来进行自动获得: + + 1. IPv6\_ADDR\_GEN\_MODE="stable-privacy" 则根据设备及网络环境来确定一个随机接口ID。 + 2. IPv6\_ADDR\_GEN\_MODE="EUI64" 则根据设备MAC地址来确定接口ID。 + +- 有状态自动配置:需要DHCP服务器进行管理分配,服从DHCPv6协议来从DHCPv6服务器端租赁IPv6地址。 + + 在有状态自动配置IPv6地址时,DHCPv6服务端可以通过客户端设置的vendor class将客户端进行分类,不同类别分配不同地址段的IPv6地址。在IPv4场景中,客户端可以直接用dhclient的-V选项来设置vendor-class-identifier,DHCP服务端在配置文件中根据vendor-class-identifier来对客户端进行分类处理。而IPv6场景中,如果使用同样的方法对客户端分类,则分类并不会生效。 + + ``` + dhclient -6 -V + ``` + + 这是由于DHCPv6和DHCP协议存在较大差异,DHCPv6的可选项中使用vendor-class-option替代了DHCP中的vendor-class-identifier。而dhclient的-V选项并不能设置vendor-class-option。 + + +##### 有状态自动配置IPv6地址时dhclient设置vendor class方法 + +- 在客户端使用配置文件方式添加对vendor class的设置,使用方法如下: + + 客户端配置文件(/etc/dhcp/dhclient6.conf),文件位置可以自定义,在使用时需要通过dhclient -cf选项来指定配置文件: + + ``` + option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; + interface "enp3s0" { + send dhcp6.vendor-class ; + } + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >- \,32位整型数字,企业标识号,企业通过IANA注册。 + >- \,16位整型数字,vendor class字符串长度。 + >- \,要设置的vendor class字符串,例如:“HWHW”。 + + 客户端使用方法: + + ``` + dhclient -6 -cf /etc/dhcp/dhclient6.conf + ``` + + +- DHCPv6服务端配置文件(/etc/dhcp/dhcpd6.conf),需要dhcpd -cf选项来指定该配置文件: + + ``` + option dhcp6.vendor-class code 16 = {integer 32, integer 16, string}; + subnet6 fc00:4:12:ffff::/64 { + class "hw" { + match if substring ( option dhcp6.vendor-class, 6, 10 ) = "HWHW"; + } + pool6 { + allow members of "hw"; + range6 fc00:4:12:ffff::ff10 fc00:4:12:ffff::ff20; + } + pool6 { + allow unknown clients; + range6 fc00:4:12:ffff::100 fc00:4:12:ffff::120; + } + } + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >substring \( option dhcp6.vendor-class, 6, 10 \) 其中子字符串的开始位置为6,因为前面包含4个字节的和2个字节的。而子字符串的结束位置位:6+。这里vendor class string为“HWHW”,字符串的长度为4,所以子字符串的结束位置为6+4=10。用户可以根据实际需要来确定及相应的。 + + 服务端使用方法: + + ``` + dhcpd -6 -cf /etc/dhcp/dhcpd6.conf + ``` + + +#### 内核支持socket相关系统调用 + +##### 概述 + +IPv6地址长度扩展到128比特,所以有足够的IPv6地址可供分配使用。同时IPv6头相比IPv4头进行了简化,并增强了IPv6的自动配置功能。IPv6地址分为单播地址,组播地址和任意播地址。常用的单播地址又包含:链路本地地址(link-local address),唯一本地地址(Unique local address)和全局地址(global address)。由于IPv6的全局地址十分充足,唯一本地地址一般不被使用(其前身为站点本地地址(site-local address),已于2004年被废弃)。当前主要使用的单播地址为:链路本地地址(link-local address)和全局地址(global address)。当前内核支持socket系统调用,在使用单播地址的链路本地地址和全局地址时存在差异。 + +##### link-local地址和global地址在socket调用时的差异 + +RFC 2553: Basic Socket Interface Extensions for IPv6 定义sockaddr\_in6的数据结构如下; + +``` +struct sockaddr_in6 { + uint8_t sin6_len; /* length of this struct */ + sa_family_t sin6_family; /* AF_INET6 */ + in_port_t sin6_port; /* transport layer port # */ + uint32_t sin6_flowinfo; /* IPv6 flow information */ + struct in6_addr sin6_addr; /* IPv6 address */ + uint32_t sin6_scope_id; /* set of interfaces for a scope */ +}; +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>sin6\_scope\_id: 32位整型,对于链路本地地址(link-local address),对于链路范围的sin6\_addr,它可以用来标识指定的接口索引号。如果是站点范围的sin6\_addr,则用来作为站点的标识符(站点本地地址已被抛弃)。 + +在使用link-local地址进行socket通信时,在构造目的地址时,需要制定该地址所对应的接口索引号。一般可以通过if\_nametoindex函数将接口名转化为接口索引号。具体方式如下, + +``` +int port = 1234; +int sk_fd; +int iff_index = 0; +char iff_name[100] = "enp3s0"; +char * ll_addr[100] = "fe80::123:456:789"; +struct sockaddr_in6 server_addr; + +memset(&server_addr,0,sizeof(structsockaddr_in6)); +iff_index=if_nametoindex(iff_name); + +server_addr.sin6_family=AF_INET6; +server_addr.sin6_port=htons(port); +server_addr.sin6_scope_id=iff_index; +inet_pton(AF_INET6, ll_addr, &(server_addr.sin6_addr)); + +sk_fd=socket(AF_INET6, SOCK_STREAM, IPPROTO_TCP); +connect(sk_fd, (struct sockaddr *)&server_addr, sizeof(struct sockaddr_in6)); +``` + +#### IPv4的dhclient守护进程持久化配置 + +##### 概述 + +通过NetworkManager服务来管理网络服务时,如果接口ifcfg-配置文件中配置了DHCP方式获得IP地址,则相应地NetworkManager服务会拉起dhclient守护进程来通过DHCP协议方式来从DHCP服务器获取IP地址。 + +dhclient提供了"-1"选项来决定dhclient进程在未获得DHCP服务响应时,是会不断持久化尝试请求地址还是会尝试时间超时后退出。针对IPv4的dhclient守护进程,可以在ifcfg-配置文件中设置PERSISTENT\_DHCLIENT来决定是否设置IPv4的dhclient进程的持久化。 + +##### 约束限制 + +1. 当dhclient进程在运行中被杀死,network服务无法自动将其拉起,可靠性需要用户自己保障。 +2. 配置了持久化选项PERSISTENT\_DHCLIENT,需要确保有相应的DHCP服务器。如果在拉起network时无可用DHCP服务器,dhclient进程不断尝试发送请求包但无回应,则会导致network服务卡死直到network服务超时失败。由于network服务在拉起多个网卡的IPv4 dhclient进程时,是通过串行的方式来拉起的。如果有网卡配置了持久化而DHCP服务器没有准备好,则会导致network服务在给该网卡获取IPv4地址超时卡死,进而导致后续网卡无法获得IPv4/IPv6地址。 + +以上两种约束限制是特殊的应用场景,需要用户自己进行可靠性保障。 + +##### IPv4 DHCP和IPv6 DHCPv6方式获取地址的配置差异 + +可以通过配置接口ifcfg-参数来分别实现IPv4和IPv6通过DHCP/DHCPv6协议来动态获取IP地址,具体配置说明如下; + +``` +BOOTPROTO=none|bootp|dhcp +DHCPV6C=yes|no +PERSISTENT_DHCLIENT=yes|no|1|0 +``` + +- BOOTPROTO: none表示静态配置IPv4地址,bootp|dhcp则会拉起DHCP dhclient来动态获取IPv4地址。 +- DHCPV6C: no表示静态配置IPv6地址,yes则会拉起DHCPv6 dhclient来动态获取IPv6地址。 +- PERSISTENT\_DHCLIENT:no|0表示IPv4的dhclient进程配置为“非持久化”,当dhclient向DHCP服务器发送一次请求报文而无响应,则会间隔一段时间后退出,退出值为2。yes|1则表示IPv4的dhclient进程配置为“持久化”,dhclient会向DHCP服务器反复发送请求报文。**如果没有配置PERSISTENT\_DHCLIENT项,则IPv4的dhclient会默认设置为“持久化”**。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >PERSISTENT\_DHCLIENT配置只针对IPv4生效,对IPv6相关dhclient -6进程不生效,IPv6默认不进行持久化配置。 + + +#### iproute相关命令配置IPv4与IPv6时的差异说明 + +##### 概述 + +由于IPv4和IPv6是两个不同的协议标准,iproute相关命令在使用方法上存在一定的差异。本章节主要梳理iproute包中用户经常使用到命令在IPv4和IPv6使用方面的差异,从而可以更好地指导用户使用iproute包中相关命令。 + +iproute相关命令均需要在root权限下运行。 + +##### IPv6地址的生命周期 + + + + + + + + + + + + + + + + + + + +

IPv6状态

+

解释

+

tentative

+

临时状态:刚添加地址还处于地址重复检测DAD过程

+

preferred

+

首选状态:完成DAD过程,没有收到相应的NA报文,表示该地址没有冲突。

+

deprecated

+

弃用状态:地址有一定的使用时限(valid_lft和preferred_lft),preferred_lft到期后地址会变化deprecated状态。

+

该状态下的地址不能用于创建新的连接,但是原有的连接可以继续使用。

+

invalid

+

无效状态:使用时限超过preferred_lft一段时间后仍然没有成功进行租约续约,则valid_lft时间到后地址状态会被设置为invalid,表示该地址不可以再被使用。

+
+ +其它说明: + +- preferred\_lft:preferred lifetime,地址为首选状态的寿命,preferred\_lft没有到期的地址可以用于正常通信使用,若有多个preferred地址则按照内核具体机制选择地址。 +- valid\_lft: valid lifetime,地址有效的寿命,在\[preferred\_lft, valid\_lft\]时间段内该地址不能被用于新建连接,已经创建的连接继续有效。 + +##### ip link 命令 + +命令: + +``` +ip link set IFNAME mtu MTU +``` + +IPv6中PMTU的最小值为1280,如果mtu值设置小于1280则会导致IPv6地址丢失。其它设备无法ping通该IPv6地址。 + +##### ip addr命令 + +1. 命令: + + ``` + ip [-6] addr add IFADDR dev IFNAME + ``` + + 添加IPv6地址可以选择添加-6选项也可以不添加,ip addr命令会根据具体地址类型来判断是ipv4地址还是IPv6地址。 + + 如果指定“-6”选项,但是IFADDR 是ipv4地址则会有错误返回。 + +2. 命令: + + ``` + ip [-6] addr add IFADDR dev IFNAME [home|nodad] + ``` + + \[home|nodad\] 选项只针对IPv6地址有效。 + + - home:将该地址指定为RFC 6275中定义的家庭地址。(这是移动节点从家庭链路获取的地址, 是移动节点的永久地址,如果移动节点保持在相同的归属链路中,则各种实体之间的通信照常进行。) + - nodad:配置该项(仅限IPv6)添加此地址时不执行重复地址检测DAD(RFC 4862)。如果一台设备上多个接口通过nodad配置了多个相同的IPv6地址,则会按照接口顺序使用该IPv6地址。同一个接口上不能添加一个nodad一个非nodad的相同IPv6地址。因为两个地址是一样的,所以会报“RTNETLINK answers: File exists”。 + +3. 命令: + + ``` + ip [-6] addr del IFADDR dev IFNAME + ``` + + 删除IPv6地址可以选择添加-6选项也可以不添加,ip addr del命令会根据具体地址类型来判断是ipv4地址还是IPv6地址。 + +4. 命令: + + ``` + ip [-6] addr show dev IFNAME [tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary] + ``` + + - 不指定-6选项,则会同时打印IPv4和IPv6地址。指定-6选项则只打印IPv6地址。 + - \[tentative|-tentative|deprecated|-deprecated|dadfailed|-dadfailed|temporary\],这些选项只针对IPv6,可以根据IPv6地址状态对地址进行筛选查看。 + 1. tentative:(仅限IPv6)仅列出尚未通过重复地址检测的地址。 + 2. -tentative:(仅限IPv6)仅列出当前未处于重复地址检测过程中的地址。 + 3. deprecated:(仅限IPv6)仅列出已弃用的地址。 + 4. -deprecated:(仅限IPv6)仅列出未弃用的地址。 + 5. dadfailed:(仅限IPv6)仅列出重复地址检测失败的地址。 + 6. -dadfailed:(仅限IPv6)仅列出未重复地址检测失败的地址。 + 7. temporary:(仅限IPv6)仅列出临时地址 + + + +##### ip route命令 + +1. 命令: + + ``` + ip [-6] route add ROUTE [mtu lock MTU] + ``` + + - -6选项:添加IPv6路由可以选择添加-6选项也可以不添加,ip route命令会根据具体地址类型来判断是IPv4地址还是IPv6地址。 + + - mtu lock MTU:锁定路由的MTU值。如果不锁定MTU,则MTU的值则可能在PMTUD过程中被内核改变。如果锁定MTU,则不会尝试PMTUD,所有IPv4包都将不设置DF位发出,IPv6包则会按照MTU进行分段处理。 + +2. 命令: + + ``` + ip [-6] route del ROUTE + ``` + + 删除IPv6路由可以选择添加-6选项也可以不添加,ip route命令会根据具体地址类型来判断是IPv4地址还是IPv6地址。 + + +##### ip rule命令 + +1. 命令: + + ``` + ip [-6] rule list + ``` + + -6选项:设置-6选项打印IPv6的策略路由,不设置-6选项打印IPv4的策略路由。所以需要根据具体协议类型来配置-6选项。 + +2. 命令: + + ``` + ip [-6] rule [add|del] [from|to] ADDR table TABLE pref PREF + ``` + + -6选项:IPv6相关的策略路由表项需要设置-6选项,否则会报错:“Error: Invalid source address.”。相应地,IPv4相关的策略路由表项不可以设置-6选项,否则会报错:“Error: Invalid source address.”。 + + +#### NetworkManager服务配置差异说明 + +##### 概述 + +NetworkManager服务使用ifup/ifdown的逻辑接口定义进行高级网络设置。其参数大多数都是在/etc/sysconfig/network和/etc/sysconfig/network-scripts/ifcfg-两个配置文件设置。前者为全局设置,后者为指定网卡的设置,当两者有冲突时,后者生效。 + +##### 配置差异说明 + +其中在/etc/sysconfig/network下的配置差异有: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

IPv4

+

IPv6

+

含义说明

+

NA

+

IPV6FORWARDING=yes|no

+

IPv6转发,默认不转发。

+

NA

+

IPV6_AUTOCONF=yes|no

+

IPv6转发打开是no,否则是yes。

+

NA

+

IPV6_ROUTER=yes|no

+

IPv6转发打开是yes,否则是no。

+

NA

+

IPV6_AUTOTUNNEL=yes|no

+

指定Tunnel为自动隧道模式,默认是no。

+

GATEWAY

+

IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)

+

在IPv6中设置默认网关。

+

NA

+

IPV6_DEFAULTDEV=<interface> (optional)

+

指定默认转发的网卡。

+

NA

+

IPV6_RADVD_PIDFILE=<pid-file> (optional)

+

默认ipv6_radvd_pid路径:/var/run/radvd/radvd.pid。

+

NA

+

IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP (optional)

+

radvd默认触发动作。

+
+ +而在/etc/sysconfig/network-scripts/ifcfg-下的差异主要有: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

IPv4

+

IPv6

+

含义说明

+

IPADDRn

+

IPV6ADDR=<IPv6 address>[/<prefix length>]

+

ip地址。

+

PREFIXn

+

NA

+

网络前缀,网络别名和ppp无效,优先级高于NETMASK。

+

NETMASKn

+

NA

+

子网掩码,仅用于别名和ppp。

+

GATEWAY

+

IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional)

+

默认网关。

+

MTU

+

IPV6_MTU=<MTU of link> (optional)

+

默认MTU。

+

IPV4_FAILURE_FATAL=yes|no

+

IPV6_FAILURE_FATAL

+

默认值是no。若设置为yes,dhclient失败ifup-eth会直接退出。

+

NA

+

IPV6_PRIVACY=rfc3041

+

默认禁用。

+

NA

+

IPV6INIT=yes|no

+

默认开启IPv6。

+

NA

+

IPV6FORWARDING=yes|no

+

默认关闭,已废弃。

+
+ +### FAQ +#### iscsi-initiator-utils不支持登录fe80 IPv6地址 + +##### 问题现象 + +客户端通过IPv6登录iscsi服务端时,使用如“iscsiadm -m node -p ipv6address -l”的命令格式登录,如果是全局地址(global address),直接替换将命令范例中的“ipv6address”替换为全局地址即可;但如果是链路本地地址(link-local address,fe80开头的IPv6地址)则无法使用,因为iscsi-initiator-utils目前机制还不支持用链路本地地址(link-local address)地址登录iscsi服务端。 + +##### 原因分析 + +如果使用格式如“iscsiadm -m node -p fe80::xxxx -l”登录,会登录超时返回,这是因为使用链路本地地址必须指定接口,否则使用iscsi\_io\_tcp\_connect函数调用connect函数会失败,并且产生标准错误码22。 + +如果使用格式如“iscsiadm -m node -p fe80::xxxx%enp3s0 -l”登录时,iscsi\_addr\_match函数会将地址“fe80::xxxx%enp3s0”与服务端返回的node信息中的地址“fe80::xxxx”对比,对比结果不匹配,导致登录失败。 + +因此,**iscsi-initiator-utils目前机制还不支持用链路本地地址(link-local address)登录iscsi服务端**。 + +#### 网卡down掉之后,IPv6地址丢失 + +##### 问题现象 + +通过ip link down+up网卡或ifconfig down+up网卡命令,将网卡down掉之后再上线,查看网卡上配置的ip地址,发现ipv4地址不丢失,而配置的IPv6地址丢失。 + +##### 原因分析 + +内核中的处理逻辑为如果网卡设置为down状态,会清空所有IPv4及IPv6地址,将网卡重新up之后,ipv4地址自动恢复,网卡上自动配置的IPv6链路本地地址也会恢复,但是其他IPv6地址默认会丢失。如果需要保留这些IPv6地址,可以通过“sysctl -w net.ipv6.conf.<网卡名\>.keep\_addr\_on\_down=1”来实现。 + +#### bond口已具有多个IPv6地址时,添加或删除IPv6地址耗时过久 + +##### 问题现象 + +下列方式配置或删除(包括flush)IPv6地址方式,X为动态变化的低16位,并且配置在bond口时,耗时会随已配置的IPv6地址数量成数倍增加。例如由4个物理网卡组成的bond口添加IPv6地址时,单线程添加删除3000 IPv6地址均需大概5分钟,而普通物理网卡耗时在10秒内。 + +``` +ip a add/del 192:168::18:X/64 dev DEVICE +``` + +##### 原因分析 + +bond口在添加IPv6地址时,会生成IPv6组播地址,并进行同步到所有的物理网卡上,此耗时会随IPv6数量增加而增加,导致耗时过长。 + +##### 解决方法 + +IPv6的组播地址是由IPv6地址的低24位与33-33-ff组合生成,组播地址过多会导致添加删除耗时增加,如果生成的组播地址为少量,耗时不会受此影响。 + +建议添加IPv6地址时,可保持低24位一致,保持高位变动,单网卡中仅需一个网段的一个地址即可与外部正常通信,此配置更符合常规使用。 + +#### Rsyslog在IPv4和IPv6混合使用场景中日志传输延迟 + +##### 问题现象 + +rsyslog客户端配置文件同时配置IPv4和IPv6地址,且端口配置相同的情况下,服务端收集log时会概率性出现日志打印延迟。 + +##### 原因分析 + +延迟是因为rsyslog内部存在缓冲队列机制,默认情况下需要缓冲区队列达到一定数量才会写入文件。 + +##### 解决方法 + +可在root权限下通过配置Direct模式,关闭缓冲队列机制解决该问题。在rsyslog远程传输服务端的/etc/rsyslog.d目录下新增的远程传输配置文件中,最开头增加如下配置: + +``` +$ActionQueueType Direct +$MainMsgQueueType Direct +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>- Direct模式减少队列大小为1,所以在队列中会保留1条日志到下次日志打印; +>- Direct模式会降低服务器端的rsyslog性能。 diff --git a/content/zh/docs/ApplicationDev/application-development.md b/docs/zh/docs/ApplicationDev/application-development.md similarity index 95% rename from content/zh/docs/ApplicationDev/application-development.md rename to docs/zh/docs/ApplicationDev/application-development.md index 21d1513b77eeacb2a4fe6da5049bb2796fe4fb2c..6abc3ddfa58ab2cfef92ef326f79582355be2469 100644 --- a/content/zh/docs/ApplicationDev/application-development.md +++ b/docs/zh/docs/ApplicationDev/application-development.md @@ -29,13 +29,13 @@ -

+

![](./figures/zh-cn_image_0229243712.png)

用于传递设备或环境安全警示信息,若不避免,可能会导致设备损坏、数据丢失、设备性能降低或其它不可预知的结果。

“注意”不涉及人身伤害。

-

+

![](./figures/zh-cn_image_0229243671.png)

用于突出重要/关键信息、最佳实践和小窍门等。

“说明”不是安全警示信息,不涉及人身、设备及环境伤害。

@@ -80,7 +80,7 @@

表示从两个或多个选项中选取一个或者不选。

-

{ x | y | ... }*

+

{ x | y | ... }\*

表示从两个或多个选项中选取多个,最少选取一个,最多选取所有选项。

diff --git "a/content/zh/docs/ApplicationDev/figures/Add-file\351\241\265\351\235\242.png" b/docs/zh/docs/ApplicationDev/figures/add-file-page.png similarity index 100% rename from "content/zh/docs/ApplicationDev/figures/Add-file\351\241\265\351\235\242.png" rename to docs/zh/docs/ApplicationDev/figures/add-file-page.png diff --git "a/content/zh/docs/ApplicationDev/figures/Branch-Confirmation\351\241\265\351\235\242.png" b/docs/zh/docs/ApplicationDev/figures/branch-confirmation-page.png similarity index 100% rename from "content/zh/docs/ApplicationDev/figures/Branch-Confirmation\351\241\265\351\235\242.png" rename to docs/zh/docs/ApplicationDev/figures/branch-confirmation-page.png diff --git "a/content/zh/docs/ApplicationDev/figures/Create-Package\351\241\265\351\235\242.png" b/docs/zh/docs/ApplicationDev/figures/create-package-page.png similarity index 100% rename from "content/zh/docs/ApplicationDev/figures/Create-Package\351\241\265\351\235\242.png" rename to docs/zh/docs/ApplicationDev/figures/create-package-page.png diff --git "a/content/zh/docs/ApplicationDev/figures/\345\210\233\345\273\272\350\275\257\344\273\266\345\214\205\344\277\241\346\201\257\345\241\253\345\206\231\351\241\265\351\235\242.png" b/docs/zh/docs/ApplicationDev/figures/creating-a-software-package.png similarity index 100% rename from "content/zh/docs/ApplicationDev/figures/\345\210\233\345\273\272\350\275\257\344\273\266\345\214\205\344\277\241\346\201\257\345\241\253\345\206\231\351\241\265\351\235\242.png" rename to docs/zh/docs/ApplicationDev/figures/creating-a-software-package.png diff --git "a/content/zh/docs/ApplicationDev/figures/\345\210\240\351\231\244\345\255\220\345\267\245\347\250\213\344\270\255\350\275\257\344\273\266\345\214\205.png" b/docs/zh/docs/ApplicationDev/figures/deleting-a-software-package-from-a-subproject.png similarity index 100% rename from "content/zh/docs/ApplicationDev/figures/\345\210\240\351\231\244\345\255\220\345\267\245\347\250\213\344\270\255\350\275\257\344\273\266\345\214\205.png" rename to docs/zh/docs/ApplicationDev/figures/deleting-a-software-package-from-a-subproject.png diff --git "a/content/zh/docs/ApplicationDev/figures/Repositories\351\241\265\351\235\242.png" b/docs/zh/docs/ApplicationDev/figures/repositories-page.png similarity index 100% rename from "content/zh/docs/ApplicationDev/figures/Repositories\351\241\265\351\235\242.png" rename to docs/zh/docs/ApplicationDev/figures/repositories-page.png diff --git "a/content/zh/docs/ApplicationDev/figures/RPM\350\275\257\344\273\266\345\214\205\344\270\213\350\275\275\351\241\265\351\235\242.png" b/docs/zh/docs/ApplicationDev/figures/rpm-software-package-download-page.png similarity index 100% rename from "content/zh/docs/ApplicationDev/figures/RPM\350\275\257\344\273\266\345\214\205\344\270\213\350\275\275\351\241\265\351\235\242.png" rename to docs/zh/docs/ApplicationDev/figures/rpm-software-package-download-page.png diff --git "a/content/zh/docs/ApplicationDev/figures/succeeded\347\232\204\351\241\265\351\235\242.png" b/docs/zh/docs/ApplicationDev/figures/succeeded-page.png similarity index 100% rename from "content/zh/docs/ApplicationDev/figures/succeeded\347\232\204\351\241\265\351\235\242.png" rename to docs/zh/docs/ApplicationDev/figures/succeeded-page.png diff --git a/content/zh/docs/ApplicationDev/figures/zh-cn_image_0229243671.png b/docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243671.png similarity index 100% rename from content/zh/docs/ApplicationDev/figures/zh-cn_image_0229243671.png rename to docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243671.png diff --git a/content/zh/docs/ApplicationDev/figures/zh-cn_image_0229243702.png b/docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243702.png similarity index 100% rename from content/zh/docs/ApplicationDev/figures/zh-cn_image_0229243702.png rename to docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243702.png diff --git a/content/zh/docs/ApplicationDev/figures/zh-cn_image_0229243704.png b/docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243704.png similarity index 100% rename from content/zh/docs/ApplicationDev/figures/zh-cn_image_0229243704.png rename to docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243704.png diff --git a/content/zh/docs/ApplicationDev/figures/zh-cn_image_0229243712.png b/docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243712.png similarity index 100% rename from content/zh/docs/ApplicationDev/figures/zh-cn_image_0229243712.png rename to docs/zh/docs/ApplicationDev/figures/zh-cn_image_0229243712.png diff --git a/content/zh/docs/Container/public_sys-resources/icon-caution.gif b/docs/zh/docs/ApplicationDev/public_sys-resources/icon-caution.gif similarity index 100% rename from content/zh/docs/Container/public_sys-resources/icon-caution.gif rename to docs/zh/docs/ApplicationDev/public_sys-resources/icon-caution.gif diff --git a/content/zh/docs/Container/public_sys-resources/icon-danger.gif b/docs/zh/docs/ApplicationDev/public_sys-resources/icon-danger.gif similarity index 100% rename from content/zh/docs/Container/public_sys-resources/icon-danger.gif rename to docs/zh/docs/ApplicationDev/public_sys-resources/icon-danger.gif diff --git a/content/zh/docs/Container/public_sys-resources/icon-note.gif b/docs/zh/docs/ApplicationDev/public_sys-resources/icon-note.gif similarity index 100% rename from content/zh/docs/Container/public_sys-resources/icon-note.gif rename to docs/zh/docs/ApplicationDev/public_sys-resources/icon-note.gif diff --git a/content/zh/docs/Container/public_sys-resources/icon-notice.gif b/docs/zh/docs/ApplicationDev/public_sys-resources/icon-notice.gif similarity index 100% rename from content/zh/docs/Container/public_sys-resources/icon-notice.gif rename to docs/zh/docs/ApplicationDev/public_sys-resources/icon-notice.gif diff --git a/content/zh/docs/Container/public_sys-resources/icon-tip.gif b/docs/zh/docs/ApplicationDev/public_sys-resources/icon-tip.gif similarity index 100% rename from content/zh/docs/Container/public_sys-resources/icon-tip.gif rename to docs/zh/docs/ApplicationDev/public_sys-resources/icon-tip.gif diff --git a/content/zh/docs/Container/public_sys-resources/icon-warning.gif b/docs/zh/docs/ApplicationDev/public_sys-resources/icon-warning.gif similarity index 100% rename from content/zh/docs/Container/public_sys-resources/icon-warning.gif rename to docs/zh/docs/ApplicationDev/public_sys-resources/icon-warning.gif diff --git "a/content/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" "b/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" similarity index 99% rename from "content/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" rename to "docs/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" index 6a987cb35038cf518d4e999e0a4a6844171d61a6..994fdee00a8f058f7b5a3efef701601573f456a7 100644 --- "a/content/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" +++ "b/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250GCC\347\274\226\350\257\221.md" @@ -311,7 +311,7 @@ $ gcc main.c libtest.so -o app.out $ export LD\_LIBRARY\_PATH=libraryDIR:$LD\_LIBRARY\_PATH - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >LD\_LIBRARY\_PATH为动态库的环境变量。当运行动态库时,若动态库不在缺省文件夹(/lib 和/usr/lib)下,则需要指定环境变量LD\_LIBRARY\_PATH。 - 把动态库所在路径libaryDIR增加 /etc/ld.so.conf中然后执行ldconfig或者以动态库所在路径libaryDIR为参数执行ldconfig。 diff --git "a/content/zh/docs/ApplicationDev/\344\275\277\347\224\250JDK\347\274\226\350\257\221.md" "b/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250JDK\347\274\226\350\257\221.md" similarity index 100% rename from "content/zh/docs/ApplicationDev/\344\275\277\347\224\250JDK\347\274\226\350\257\221.md" rename to "docs/zh/docs/ApplicationDev/\344\275\277\347\224\250JDK\347\274\226\350\257\221.md" diff --git "a/content/zh/docs/ApplicationDev/\344\275\277\347\224\250make\347\274\226\350\257\221.md" "b/docs/zh/docs/ApplicationDev/\344\275\277\347\224\250make\347\274\226\350\257\221.md" similarity index 100% rename from "content/zh/docs/ApplicationDev/\344\275\277\347\224\250make\347\274\226\350\257\221.md" rename to "docs/zh/docs/ApplicationDev/\344\275\277\347\224\250make\347\274\226\350\257\221.md" diff --git "a/content/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" "b/docs/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" similarity index 83% rename from "content/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" rename to "docs/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" index a08946a37e886d5c20ac895c0020585773ea8fd4..b0e6ecfba8266ba3f50666b7b6b6f5f8045a634d 100644 --- "a/content/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" +++ "b/docs/zh/docs/ApplicationDev/\345\274\200\345\217\221\347\216\257\345\242\203\345\207\206\345\244\207.md" @@ -1,24 +1,6 @@ # 开发环境准备 - - -- [开发环境准备](#开发环境准备) - - [环境要求](#环境要求) - - [操作系统要求](#操作系统要求) - - [配置openEuler yum源(软件源)](#配置openeuler-yum源软件源) - - [通过直接获取在线的openEuler repo源配置在线yum源](#通过直接获取在线的openeuler-repo源配置在线yum源) - - [通过挂载ISO创建本地openEuler repo源配置本地yum源](#通过挂载iso创建本地openeuler-repo源配置本地yum源) - - [安装软件包](#安装软件包) - - [安装JDK软件包](#安装jdk软件包) - - [安装rpm-build软件包](#安装rpm-build软件包) - - [使用IDE进行Java开发](#使用ide进行java开发) - - [简介](#简介) - - [使用MobaXterm登录服务器](#使用mobaxterm登录服务器) - - [设置JDK环境](#设置jdk环境) - - [下载安装GTK库](#下载安装gtk库) - - [设置X11 Forwarding](#设置x11-forwarding) - - [下载并运行IntelliJ IDEA](#下载并运行intellij-idea) - - + +[[toc]] ## 环境要求 @@ -58,7 +40,7 @@

硬盘

-

为了获得更好的应用体验,建议不小于120GB)

+

为了获得更好的应用体验,建议不小于120GB

支持IDE、SATA、SAS等接口的硬盘。

@@ -115,7 +97,7 @@ 操作系统要求为openEuler操作系统。 -openEuler操作系统具体安装方法请参考[openEuler 20.09 安装指南]({{< relref "../Installation/Installation.md" >}}),其中“软件选择”页面的“已选环境的附加选项”中将“开发工具”勾选。 +openEuler操作系统具体安装方法请参考[openEuler 20.03 LTS SP1 安装指南](./../Installation/Installation.md),其中“软件选择”页面的“已选环境的附加选项”中将“开发工具”勾选。 ## 配置openEuler yum源(软件源) @@ -123,39 +105,42 @@ openEuler操作系统具体安装方法请参考[openEuler 20.09 安装指南]({ ### 通过直接获取在线的openEuler repo源配置在线yum源 ->![](public_sys-resources/icon-note.gif) **说明:** ->openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装]({{< relref "../Releasenotes/系统安装.md" >}})。本操作以AArch64架构的OS repo源为例将其配置为yum源。 +>![](./public_sys-resources/icon-note.gif) **说明:** +>openEuler提供了多种repo源供用户在线使用,各repo源含义可参考[系统安装](./../Releasenotes/系统安装.md)。本操作以AArch64架构的OS repo源为例将其配置为yum源。 1. 进入到yum源目录并查看目录下的.repo配置文件。 ``` $ cd /etc/yum.repos.d $ ls - openEuler.repo + openEuler_aarch64.repo ``` -2. 在root权限下编辑openEuler.repo文件,将在线的openEuler repo源配置为yum源。 +2. 在root权限下编辑openEuler_aarch64.repo文件,将在线的openEuler repo源配置为yum源。 ``` - # vi openEuler.repo + # vi openEuler_aarch64.repo ``` - 编辑openEuler.repo文件的内容如下: + 编辑openEuler_aarch64.repo文件的内容如下: ``` [osrepo] + name=osrepo - baseurl=http://repo.openeuler.org/openEuler-20.09/OS/aarch64/ + + baseurl=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/ + enabled=1 gpgcheck=1 - gpgkey=http://repo.openeuler.org/openEuler-20.09/OS/aarch64/RPM-GPG-KEY-openEuler + gpgkey=http://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/aarch64/RPM-GPG-KEY-openEuler ``` **** - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** > - \[*repoid*\]中的repoid为软件仓库(repository)的ID号,所有.repo配置文件中的各repoid不能重复,必须唯一。示例中repoid设置为**osrepo**。 > - name为软件仓库描述的字符串。 > - baseurl为软件仓库的地址。 @@ -165,23 +150,23 @@ openEuler操作系统具体安装方法请参考[openEuler 20.09 安装指南]({ ### 通过挂载ISO创建本地openEuler repo源配置本地yum源 ->![](public_sys-resources/icon-note.gif) **说明:** ->openEuler提供了多种ISO发布包,各ISO发布包含义可参考[系统安装]({{< relref "../Releasenotes/系统安装.md" >}})。本操作以openEuler-20.09-aarch64-dvd.iso发布包和openEuler-20.09-aarch64-dvd.iso.sha256sum校验文件为例,请根据实际需要的ISO发布包和校验文件进行修改。 +>![](./public_sys-resources/icon-note.gif) **说明:** +>openEuler提供了多种ISO发布包,各ISO发布包含义可参考[系统安装](./../Releasenotes/系统安装.md)。本操作以openEuler-20.03-LTS-SP1-aarch64-dvd.iso发布包和openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum校验文件为例,请根据实际需要的ISO发布包和校验文件进行修改。 1. 下载ISO发布包。 - 通过跨平台文件传输工具下载ISO镜像 1. 登录openEuler社区,网址为:[https://openeuler.org](https://openeuler.org)。 2. 单击“下载”,进入下载页面。 3. 单击“获取ISO:”后面的“Link”,显示版本列表。 - 4. 选择需要下载的版本,如openEuler 20.09,则单击“openEuler-20.09”,进入下载列表。 + 4. 选择需要下载的版本,如openEuler 20.03 LTS SP1,则单击“openEuler-20.03-LTS-SP1”,进入下载列表。 5. 单击“ISO”,进入ISO下载列表。 - aarch64:AArch64架构的ISO。 - x86\_64:x86\_64架构的ISO。 - source:openEuler源码ISO。 6. 单击“aarch64”。 - 7. 单击“openEuler-20.09-aarch64-dvd.iso”,将openEuler发布包下载到本地。 - 8. 单击“openEuler-20.09-aarch64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 + 7. 单击“openEuler-20.03-LTS-SP1-aarch64-dvd.iso”,将openEuler发布包下载到本地。 + 8. 单击“openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 9. 登录openEuler操作系统,新建用于存放发布包和检验文件的目录,如“~/iso”。 ``` @@ -194,15 +179,15 @@ openEuler操作系统具体安装方法请参考[openEuler 20.09 安装指南]({ 1. 登录openEuler社区,网址为:[https://openeuler.org](https://openeuler.org)。 2. 单击“下载”,进入下载页面。 3. 单击“获取ISO:”后面的“Link”,显示版本列表。 - 4. 选择需要下载的版本,如openEuler 20.03 LTS,则单击“openEuler-20.09”,进入下载列表。 + 4. 选择需要下载的版本,如openEuler 20.03 LTS SP1,则单击“openEuler-20.03-LTS-SP1”,进入下载列表。 5. 单击“ISO”,进入ISO下载列表。 - aarch64:AArch64架构的ISO。 - x86\_64:x86\_64架构的ISO。 - source:openEuler源码ISO。 6. 单击“aarch64”。 - 7. 右键单击“openEuler-20.09-aarch64-dvd.iso”,单击“复制链接地址”,将openEuler发布包地址记录好。 - 8. 右键单击“openEuler-20.09-aarch64-dvd.iso.sha256sum”,单击“复制链接地址”,将openEuler校验文件地址记录好。 + 7. 右键单击“openEuler-20.03-LTS-SP1-aarch64-dvd.iso”,单击“复制链接地址”,将openEuler发布包地址记录好。 + 8. 右键单击“openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum”,单击“复制链接地址”,将openEuler校验文件地址记录好。 9. 登录openEuler操作系统,新建用于存放发布包和检验文件的目录,如“~/iso”,并切换到该目录。 ``` @@ -222,13 +207,13 @@ openEuler操作系统具体安装方法请参考[openEuler 20.09 安装指南]({ 1. 获取校验文件中的校验值。 ``` - $ cat openEuler-20.09-aarch64-dvd.iso.sha256sum + $ cat openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum ``` 2. 计算openEuler发布包的sha256校验值。 ``` - $ sha256sum openEuler-20.09-aarch64-dvd.iso + $ sha256sum openEuler-20.03-LTS-SP1-aarch64-dvd.iso ``` 命令执行完成后,输出校验值。 @@ -244,7 +229,7 @@ openEuler操作系统具体安装方法请参考[openEuler 20.09 安装指南]({ 示例如下: ``` - # mount /home/iso/openEuler-20.09-aarch64-dvd.iso /mnt/ + # mount /home/iso/openEuler-20.03-LTS-SP1-aarch64-dvd.iso /mnt/ ``` 挂载好的mnt目录如下: @@ -268,25 +253,29 @@ openEuler操作系统具体安装方法请参考[openEuler 20.09 安装指南]({ ``` $ cd /etc/yum.repos.d $ ls - openEuler.repo + openEuler_aarch64.repo ``` -2. 在root权限下编辑openEuler.repo文件,将[3](#li6236932222)中创建的repo源配置为本地yum源。 +2. 在root权限下编辑openEuler_aarch64.repo文件,将[3](#li6236932222)中创建的repo源配置为本地yum源。 ``` - # vi openEuler.repo + # vi openEuler_aarch64.repo ``` - 编辑openEuler.repo文件的内容如下: + 编辑openEuler_aarch64.repo文件的内容如下: ``` - [localosrepo] + [localosrepo] + name=localosrepo + baseurl=file:///mnt + enabled=1 + gpgcheck=1 - gpgkey=file:///mnt/RPM-GPG-KEY-openEuler - ``` + gpgkey=file:///mnt/RPM-GPG-KEY-openEuler + ``` @@ -323,7 +312,7 @@ openEuler操作系统具体安装方法请参考[openEuler 20.09 安装指南]({ $ dnf search jdk | grep jdk ``` - 查看命令打印信息,选择安装java-x.x.x-openjdk-devel.aarch64软件包。其中x.x.x为版本号。 + 查看命令打印信息,选择安装java-x.x.x-openjdk-devel.aarch64软件包。其中x.x.x为版本号,同时支持openjdk 1.8、openjdk 11和 openjdk latest 版本。 5. 在root权限下安装JDK软件包,以安装java-1.8.0-openjdk-devel软件包为例。 diff --git "a/content/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" "b/docs/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" similarity index 97% rename from "content/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" rename to "docs/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" index e8251e05948a8ccce8c978014fc84e26a71ca12c..4e4c889bf907dbdddea2f8290b8f868d062f7f53 100644 --- "a/content/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" +++ "b/docs/zh/docs/ApplicationDev/\346\236\204\345\273\272RPM\345\214\205.md" @@ -510,7 +510,7 @@ OBS使用工程组织软件包。基础的权限控制、相关的存仓库和 #### 构建已有软件包 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 若为首次使用,请首先在OBS网页注册个人账号。 >- 该方法需要拷贝修改后的代码,因此,请在执行下述操作前完成代码修改并提交到正确的代码路径。代码路径会在\_service文件中指定。 @@ -523,7 +523,7 @@ OBS使用工程组织软件包。基础的权限控制、相关的存仓库和 5. 单击“Branch package”,在弹出的确认页面单击“Accept”确认创建子工程,如[图1](#fig77646143214)所示。 **图 1** Branch Confirmation页面 - ![](figures/Branch-Confirmation页面.png "Branch-Confirmation页面") + ![](./figures/branch-confirmation-page.png) 6. 单击“\_service”文件进入编辑页面,修改\_service内容后点击“Save”保存该文件。\_service内容示例如下,其中 _userCodeURL_、 _userCommitID_ 分别为用户代码托管路径、用户代码提交版本号或分支。 @@ -541,14 +541,14 @@ OBS使用工程组织软件包。基础的权限控制、相关的存仓库和 ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >单击“Save”保存\_service文件后,OBS服务会根据\_service文件描述,从指定的url下载源码到OBS对应工程的软件目录下并替换原有文件,例如上述例子中 “openEuler:Mainline”工程的kernel目录。 7. 文件拷贝并替换完成后,OBS会自动开始构建RPM软件包。等待构建完成,并查看右侧状态栏的构建状态。 - succeeded:构建成功。用户可以单击“succeeded”查看构建日志,如[图2](#fig10319114217337)所示。 **图 2** succeeded的页面 - ![](figures/succeeded的页面.png "succeeded的页面") + ![](./figures/succeeded-page.png) - failed:构建失败。请单击“failed”查看错误日志进行问题定位后重新构建。 - unresolvable:未进行构建,可能由于缺失依赖。 @@ -567,23 +567,23 @@ OBS使用工程组织软件包。基础的权限控制、相关的存仓库和 5. 单击“Delete package”,删除新创建子工程中的软件包,如[图3](#fig18306181103615)所示。 **图 3** 删除子工程中软件包 - ![](figures/删除子工程中软件包.png "删除子工程中软件包") + ![](./figures/deleting-a-software-package-from-a-subproject.png) - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >通过已有软件创建新工程是为了继承环境等依赖,而不需要实际的文件,所以这里需要把这些文件删除。 6. 单击“Create Package”,在弹出的页面输入软件包名称、标题和软件包描述,然后单击“Create”创建软件包,分别如[图4](#fig6762111693811)、[图5](#fig18351153518389)所示。 **图 4** Create Package页面 - ![](figures/Create-Package页面.png "Create-Package页面") + ![](./figures/create-package-page.png) **图 5** 创建软件包信息填写页面 - ![](figures/创建软件包信息填写页面.png "创建软件包信息填写页面") + ![](./figures/creating-a-software-package.png) 7. 在页面中单击“Add file”上传spec文件和需要编译的文件(在spec文件中指定),如[图6](#fig1475845284011)所示。 **图 6** Add file页面 - ![](figures/Add-file页面.png "Add-file页面") + ![](./figures/add-file-page.png) 8. 文件上传成功后,OBS会自动开始构建RPM软件包。等待构建完成,并查看右侧状态栏的构建状态。 - succeed:构建成功。用户可以单击“succeeded”查看构建日志。 @@ -601,15 +601,15 @@ RPM软件包构建完成后,通过网页端获取对应RPM软件包的方法 2. 单击“All Projects”找到所需软件包的对应工程,例如“openEuler:Mainline”。 3. 在工程下单击所需软件包的包名,进入该软件包详请页面。例如上述例子中的kernel页面。 -1. 选择Repositories页签进入软件包的软件仓库管理页面,在Publish Flag中通过单击选择“Enable”开启(状态由![](figures/zh-cn_image_0229243704.png)变为![](figures/zh-cn_image_0229243702.png))对应的RPM软件包下载功能,如[图7](#fig17480830144217)所示。 +1. 选择Repositories页签进入软件包的软件仓库管理页面,在Publish Flag中通过单击选择“Enable”开启(状态由![](./figures/zh-cn_image_0229243704.png)变为![](./figures/zh-cn_image_0229243702.png))对应的RPM软件包下载功能,如[图7](#fig17480830144217)所示。 **图 7** Repositories页面 - ![](figures/Repositories页面.png "Repositories页面") + ![](./figures/repositories-page.png) 2. 单击Repository列的构建工程名称,进入RPM软件包下载页面,单击RPM软件包右侧的“Download”即可下载对应RPM软件包,如[图8](#fig12152145615438)所示。 **图 8** RPM软件包下载页面 - ![](figures/RPM软件包下载页面.png "RPM软件包下载页面") + ![](./figures/rpm-software-package-download-page.png) ### 使用osc构建软件包 @@ -630,7 +630,7 @@ RPM软件包构建完成后,通过网页端获取对应RPM软件包的方法 # dnf install osc build ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >编译RPM软件包的过程中会依赖build。 2. 配置osc。 @@ -711,25 +711,31 @@ RPM软件包构建完成后,通过网页端获取对应RPM软件包的方法 $ osc addremove * ``` -2. 修改源代码和spec文件,并将对应软件包的所有修改同步到OBS服务器。参考命令如下,-m参数后的信息为提交记录。 +2. 修改源代码和spec文件,并执行如下命令更新文件。 + + ``` + $ osc up + ``` + +3. 将对应软件包的所有修改同步到OBS服务器。参考命令如下,-m参数后的信息为提交记录。 ``` $ osc ci -m "commit log" ``` -3. 获取当前工程的仓库名称和架构,参考命令如下: +4. 获取当前工程的仓库名称和架构,参考命令如下: ``` $ osc repos home:testUser:branches:openEuler:Mainline ``` -4. 修改提交成功后,OBS会自动开始编译软件包。可以通过如下命令,查看对应仓库的编译日志,其中 _standard_aarch64_ 、 _aarch64_ 分别为查询所得仓库名称和架构。 +5. 修改提交成功后,OBS会自动开始编译软件包。可以通过如下命令,查看对应仓库的编译日志,其中 _standard_aarch64_ 、 _aarch64_ 分别为查询所得仓库名称和架构。 ``` $ osc buildlog standard_aarch64 aarch64 ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >用户也可以通过网页端打开自己创建的对应工程,查看构建日志。 @@ -785,7 +791,7 @@ RPM软件包构建完成后,通过网页端获取对应RPM软件包的方法 $ osc buildlog standard_aarch64 aarch64 ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >用户也可以通过网页端打开自己创建的对应工程,查看构建日志。 @@ -804,5 +810,5 @@ $ osc getbinaries home:testUser:branches:openEuler:Mainline my-first-obs-package - _standard\_aarch64_ :仓库名称 - _aarch64_ :仓库架构名称 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >使用osc构建的软件包也可以在网页端获取,获取方式请参见[获取软件包](#获取软件包)。 diff --git "a/content/zh/docs/Container/CRI\346\216\245\345\217\243.md" "b/docs/zh/docs/Container/CRI\346\216\245\345\217\243.md" similarity index 99% rename from "content/zh/docs/Container/CRI\346\216\245\345\217\243.md" rename to "docs/zh/docs/Container/CRI\346\216\245\345\217\243.md" index 26b0321a4da95e83bf5b7b2e65d1c5fe10280ab4..9283ab8500c01ef0312d500da2a11632f9575ec3 100644 --- "a/content/zh/docs/Container/CRI\346\216\245\345\217\243.md" +++ "b/docs/zh/docs/Container/CRI\346\216\245\345\217\243.md" @@ -45,7 +45,7 @@ CRI API 接口是由kubernetes 推出的容器运行时接口,CRI定义了容 ISulad使用的为pass使用的1.14版本API描述文件,与官方API略有出入,以本文档描述的接口为准。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >CRI接口websocket流式服务,服务端侦听地址为127.0.0.1,端口为10350,端口可通过命令行--websocket-server-listening-port参数接口或者daemon.json配置文件进行配置。 ## 接口 diff --git "a/content/zh/docs/Container/Docker\345\256\271\345\231\250.md" "b/docs/zh/docs/Container/Docker\345\256\271\345\231\250.md" similarity index 91% rename from "content/zh/docs/Container/Docker\345\256\271\345\231\250.md" rename to "docs/zh/docs/Container/Docker\345\256\271\345\231\250.md" index c6d46c4ffb1d9f71dd6be3be7947412bfcd0d66b..07b0b5833155d630566cd03b73f66148baea5e73 100644 --- "a/content/zh/docs/Container/Docker\345\256\271\345\231\250.md" +++ "b/docs/zh/docs/Container/Docker\345\256\271\345\231\250.md" @@ -1,9 +1,9 @@ -# Docker容器 - -Docker是一个开源的Linux容器引擎项目, 用以实现应用的快速打包、部署和交付。Docker的英文本意是码头工人,码头工人的工作就是将商品打包到container\(集装箱\)并且搬运container、装载container。 对应到Linux中,Docker就是将app打包到container,通过container实现app在各种平台上的部署、运行。Docker通过Linux Container技术将app变成一个标准化的、可移植的、自管理的组件,从而实现应用的“一次构建,到处运行”。Docker技术特点就是:应用快速发布、部署简单、管理方便,应用密度更高。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->Docker容器的安装和使用需要root权限。 - - - +# Docker容器 + +Docker是一个开源的Linux容器引擎项目, 用以实现应用的快速打包、部署和交付。Docker的英文本意是码头工人,码头工人的工作就是将商品打包到container\(集装箱\)并且搬运container、装载container。 对应到Linux中,Docker就是将app打包到container,通过container实现app在各种平台上的部署、运行。Docker通过Linux Container技术将app变成一个标准化的、可移植的、自管理的组件,从而实现应用的“一次构建,到处运行”。Docker技术特点就是:应用快速发布、部署简单、管理方便,应用密度更高。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>Docker容器的安装和使用需要root权限。 + + + diff --git "a/content/zh/docs/Container/cgroup\350\267\257\345\276\204\345\217\257\351\205\215\347\275\256.md" "b/docs/zh/docs/Container/cgroup\350\267\257\345\276\204\345\217\257\351\205\215\347\275\256.md" similarity index 99% rename from "content/zh/docs/Container/cgroup\350\267\257\345\276\204\345\217\257\351\205\215\347\275\256.md" rename to "docs/zh/docs/Container/cgroup\350\267\257\345\276\204\345\217\257\351\205\215\347\275\256.md" index 97bc19b7ff48e23587c93512b5dffc8391cc1d67..d737c0cd97db19684ae5821a30045bc5e51ef071 100644 --- "a/content/zh/docs/Container/cgroup\350\267\257\345\276\204\345\217\257\351\205\215\347\275\256.md" +++ "b/docs/zh/docs/Container/cgroup\350\267\257\345\276\204\345\217\257\351\205\215\347\275\256.md" @@ -1,11 +1,11 @@ -# cgroup路径可配置 -## 功能描述 - -系统容器提供在宿主机上进行容器资源隔离和预留的能力。通过\--cgroup-parent参数,可以将容器使用的cgroup目录指定到某个特定目录下,从而达到灵活分配宿主机资源的目的。例如可以设置容器a、b、c的cgroup父路径为/lxc/cgroup1,容器d、e、f的cgroup父路径为/lxc/cgroup2,这样通过cgroup路径将容器分为两个group,实现容器cgroup组层面的资源隔离。 - -## 参数说明 - - +# cgroup路径可配置 +## 功能描述 + +系统容器提供在宿主机上进行容器资源隔离和预留的能力。通过\--cgroup-parent参数,可以将容器使用的cgroup目录指定到某个特定目录下,从而达到灵活分配宿主机资源的目的。例如可以设置容器a、b、c的cgroup父路径为/lxc/cgroup1,容器d、e、f的cgroup父路径为/lxc/cgroup2,这样通过cgroup路径将容器分为两个group,实现容器cgroup组层面的资源隔离。 + +## 参数说明 + + -

命令

参数

@@ -22,11 +22,11 @@
- -除了通过命令行指定单个系统容器对应的cgroup父路径外,还可通过修改iSulad容器引擎启动配置文件,指定所有容器的cgroup路径。 - - + + +除了通过命令行指定单个系统容器对应的cgroup父路径外,还可通过修改iSulad容器引擎启动配置文件,指定所有容器的cgroup路径。 + + -

配置文件路径

配置项

@@ -43,53 +43,53 @@
- -## 约束限制 - -- 如果daemon端和客户端都设置了cgroup parent参数,最终以客户端指定的\--cgroup-parent生效。 -- 如果已启动容器A,然后启动容器B,容器B的cgroup父路径指定为容器A的cgroup路径,在删除容器的时候需要先删除容器B再删除容器A,否则会导致cgroup资源残留。 - -## 使用示例 - -启动系统容器,指定--cgroup-parent参数: - -``` -[root@localhost ~]# isula run -tid --cgroup-parent /lxc/cgroup123 --system-container --external-rootfs /root/myrootfs none init -115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -``` - -查看容器init进程的cgroup信息: - -``` -[root@localhost ~]# isula inspect -f "{{json .State.Pid}}" 11 -22167 -[root@localhost ~]# cat /proc/22167/cgroup -13:blkio:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -12:perf_event:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -11:cpuset:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -10:pids:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -9:rdma:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -8:devices:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -7:hugetlb:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -6:memory:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -5:net_cls,net_prio:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -4:cpu,cpuacct:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -3:files:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -2:freezer:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -1:name=systemd:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e/init.scope -0::/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e -``` - -可以看到容器的cgroup父路径被设置为/sys/fs/cgroup//lxc/cgroup123 - -同时,对于所有容器cgroup父路径的设置可以配置一下容器daemon文件,例如: - -``` -{ - "cgroup-parent": "/lxc/cgroup123", -} -``` - -然后重启容器引擎,配置生效。 - + + +## 约束限制 + +- 如果daemon端和客户端都设置了cgroup parent参数,最终以客户端指定的\--cgroup-parent生效。 +- 如果已启动容器A,然后启动容器B,容器B的cgroup父路径指定为容器A的cgroup路径,在删除容器的时候需要先删除容器B再删除容器A,否则会导致cgroup资源残留。 + +## 使用示例 + +启动系统容器,指定--cgroup-parent参数: + +``` +[root@localhost ~]# isula run -tid --cgroup-parent /lxc/cgroup123 --system-container --external-rootfs /root/myrootfs none init +115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +``` + +查看容器init进程的cgroup信息: + +``` +[root@localhost ~]# isula inspect -f "{{json .State.Pid}}" 11 +22167 +[root@localhost ~]# cat /proc/22167/cgroup +13:blkio:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +12:perf_event:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +11:cpuset:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +10:pids:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +9:rdma:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +8:devices:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +7:hugetlb:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +6:memory:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +5:net_cls,net_prio:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +4:cpu,cpuacct:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +3:files:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +2:freezer:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +1:name=systemd:/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e/init.scope +0::/lxc/cgroup123/115878a4dfc7c5b8c62ef8a4b44f216485422be9a28f447a4b9ecac4609f332e +``` + +可以看到容器的cgroup父路径被设置为/sys/fs/cgroup//lxc/cgroup123 + +同时,对于所有容器cgroup父路径的设置可以配置一下容器daemon文件,例如: + +``` +{ + "cgroup-parent": "/lxc/cgroup123", +} +``` + +然后重启容器引擎,配置生效。 + diff --git a/content/zh/docs/Container/container.md b/docs/zh/docs/Container/container.md similarity index 97% rename from content/zh/docs/Container/container.md rename to docs/zh/docs/Container/container.md index 72e34041ee1ac1eeebcdb11b258e6d5dac3d27f6..c86353b2a248e0fa2233e64b712164bc2c68c82a 100644 --- a/content/zh/docs/Container/container.md +++ b/docs/zh/docs/Container/container.md @@ -1,18 +1,18 @@ -## 概述 - -openEuler软件包中同时提供了轻量化容器引擎iSulad与docker engine两种容器引擎。 - -同时根据不同使用场景,提供多种容器形态,包括: - -- 适合大部分通用场景的普通容器 -- 适合强隔离与多租户场景的安全容器 -- 适合使用systemd管理容器内业务场景的系统容器 - -本文档提供容器引擎的安装和使用方法以及各个容器形态的部署使用方法。 - -## 读者对象 - -本文档主要适用于使用openEuler并需要安装容器的用户。用户需要具备以下经验和技能: - -- 熟悉Linux基本操作 +## 概述 + +openEuler软件包中同时提供了轻量化容器引擎iSulad与docker engine两种容器引擎。 + +同时根据不同使用场景,提供多种容器形态,包括: + +- 适合大部分通用场景的普通容器 +- 适合强隔离与多租户场景的安全容器 +- 适合使用systemd管理容器内业务场景的系统容器 + +本文档提供容器引擎的安装和使用方法以及各个容器形态的部署使用方法。 + +## 读者对象 + +本文档主要适用于使用openEuler并需要安装容器的用户。用户需要具备以下经验和技能: + +- 熟悉Linux基本操作 - 对容器有一定了解 \ No newline at end of file diff --git a/docs/zh/docs/Container/figures/isula-build_arch.png b/docs/zh/docs/Container/figures/isula-build_arch.png new file mode 100644 index 0000000000000000000000000000000000000000..911a9ae6f46988586ab49f15de282948f5470c37 Binary files /dev/null and b/docs/zh/docs/Container/figures/isula-build_arch.png differ diff --git a/docs/zh/docs/Container/figures/kata-arch.png b/docs/zh/docs/Container/figures/kata-arch.png new file mode 100644 index 0000000000000000000000000000000000000000..db0f0112328013505ec11ace1ad5c0077cf7ea40 Binary files /dev/null and b/docs/zh/docs/Container/figures/kata-arch.png differ diff --git "a/content/zh/docs/Container/figures/\345\256\211\345\205\250\345\256\271\345\231\250\344\270\216\345\221\250\350\276\271\347\273\204\344\273\266\347\232\204\345\205\263\347\263\273.png" b/docs/zh/docs/Container/figures/sec-container.png similarity index 100% rename from "content/zh/docs/Container/figures/\345\256\211\345\205\250\345\256\271\345\231\250\344\270\216\345\221\250\350\276\271\347\273\204\344\273\266\347\232\204\345\205\263\347\263\273.png" rename to docs/zh/docs/Container/figures/sec-container.png diff --git a/content/zh/docs/Container/figures/zh-cn_image_0183048952.png b/docs/zh/docs/Container/figures/zh-cn_image_0183048952.png similarity index 100% rename from content/zh/docs/Container/figures/zh-cn_image_0183048952.png rename to docs/zh/docs/Container/figures/zh-cn_image_0183048952.png diff --git a/content/zh/docs/Container/figures/zh-cn_image_0221924926.png b/docs/zh/docs/Container/figures/zh-cn_image_0221924926.png similarity index 100% rename from content/zh/docs/Container/figures/zh-cn_image_0221924926.png rename to docs/zh/docs/Container/figures/zh-cn_image_0221924926.png diff --git a/content/zh/docs/Container/figures/zh-cn_image_0221924927.png b/docs/zh/docs/Container/figures/zh-cn_image_0221924927.png similarity index 100% rename from content/zh/docs/Container/figures/zh-cn_image_0221924927.png rename to docs/zh/docs/Container/figures/zh-cn_image_0221924927.png diff --git "a/content/zh/docs/Container/iSula\345\256\271\345\231\250\345\274\225\346\223\216.md" "b/docs/zh/docs/Container/iSula\345\256\271\345\231\250\345\274\225\346\223\216.md" similarity index 91% rename from "content/zh/docs/Container/iSula\345\256\271\345\231\250\345\274\225\346\223\216.md" rename to "docs/zh/docs/Container/iSula\345\256\271\345\231\250\345\274\225\346\223\216.md" index 51486cb5ee2f391e11455f67c81d9a47aede5d60..3386c47f47f6dfa6374eea93d6e38dd19360eb4b 100644 --- "a/content/zh/docs/Container/iSula\345\256\271\345\231\250\345\274\225\346\223\216.md" +++ "b/docs/zh/docs/Container/iSula\345\256\271\345\231\250\345\274\225\346\223\216.md" @@ -1,11 +1,11 @@ -# iSula容器引擎 - -iSula通用容器引擎相比Docker,是一种新的容器解决方案,提供统一的架构设计来满足CT和IT领域的不同需求。相比Golang编写的Docker,轻量级容器使用C/C++实现,具有轻、灵、巧、快的特点,不受硬件规格和架构的限制,底噪开销更小,可应用领域更为广泛。 - -容器统一架构如[图1](#zh-cn_topic_0182207099_fig10763114141217)所示。 - -**图 1** 容器统一架构 - - -![](figures/zh-cn_image_0183048952.png) - +# iSula容器引擎 + +iSula通用容器引擎相比Docker,是一种新的容器解决方案,提供统一的架构设计来满足CT和IT领域的不同需求。相比Golang编写的Docker,轻量级容器使用C/C++实现,具有轻、灵、巧、快的特点,不受硬件规格和架构的限制,底噪开销更小,可应用领域更为广泛。 + +容器统一架构如[图1](#zh-cn_topic_0182207099_fig10763114141217)所示。 + +**图 1** 容器统一架构 + + +![](./figures/zh-cn_image_0183048952.png) + diff --git "a/docs/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" "b/docs/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" new file mode 100644 index 0000000000000000000000000000000000000000..ba1c275a6a008b257f62fdaaa739dc2139ffaa95 --- /dev/null +++ "b/docs/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" @@ -0,0 +1,912 @@ + + +* [安装](#安装) + * [环境准备](#环境准备) + * [安装isula-build](#安装isula-build) +* [配置与管理服务](#配置与管理服务) + * [配置服务](#配置服务) + * [管理服务](#管理服务) + * [通过 systemd 管理(推荐方式)](#通过-systemd-管理推荐方式) + * [直接运行 isula-build 服务端](#直接运行-isula-build-服务端) +* [使用指南](#使用指南) + * [前提条件](#前提条件) + * [总体说明](#总体说明) + * [ctr-img: 容器镜像管理](#ctr-img-容器镜像管理) + * [build: 容器镜像构建](#build-容器镜像构建) + * [image: 查看本地持久化构建镜像](#image-查看本地持久化构建镜像) + * [import: 导入容器基础镜像](#import-导入容器基础镜像) + * [load: 导入层叠镜像](#load-导入层叠镜像) + * [rm: 删除本地持久化镜像](#rm-删除本地持久化镜像) + * [save: 导出层叠镜像](#save-导出层叠镜像) + * [tag: 给本地持久化镜像打标签](#tag-给本地持久化镜像打标签) + * [pull: 拉取镜像到本地](#pull-拉取镜像到本地) + * [push: 将本地镜像推送到远程仓库](#push-将本地镜像推送到远程仓库) + * [info: 查看运行环境与系统信息](#info-查看运行环境与系统信息) + * [login: 登录远端镜像仓库](#login-登录远端镜像仓库) + * [logout: 退出远端镜像仓库](#logout-退出远端镜像仓库) + * [version: 版本查询](#version-版本查询) +* [直接集成容器引擎](#直接集成容器引擎) + * [与iSulad集成](#与isulad集成) + * [与Docker集成](#与docker集成) +* [附录](#附录) + * [命令行参数说明](#命令行参数说明) + * [通信矩阵](#通信矩阵) + * [文件与权限](#文件与权限) + + + +isula-build是iSula容器团队推出的容器镜像构建工具,支持通过Dockerfile文件快速构建容器镜像。 + +isula-build采用服务端/客户端模式,其中,isula-build为客户端,提供了一组命令行工具,用于镜像构建及管理等;isula-builder为服务端,用于处理客户端管理请求,作为守护进程常驻后台。 + +![isula-build architecure](./figures/isula-build_arch.png) + +说明: + +- isula-build当前仅支持Docker镜像。 + +# 安装 + +## 环境准备 + +为了确保isula-build成功安装,需满足以下软件硬件要求。 + +- 支持的机器架构:x86_64 和 AArch64 +- 支持的操作系统:openEuler +- 用户具有root权限。 + +### 安装isula-build + +使用isula-build构建容器镜像,需要先安装以下软件包。 + + + +**(推荐)方法一:使用yum安装** + +1. 配置openEuler yum源。 + +2. 使用root权限,登录目标服务器,安装isula-build。 + + ``` + sudo yum install -y isula-build + ``` + + + +**方法二:使用rpm包安装** + +1. 从openEuler yum源中获取isula-build对应安装包isula-build-*.rpm。例如isula-build-0.9.3-4.oe1.x86_64.rpm。 + +2. 将获取的rpm软件包上传至目标服务器的任一目录,例如 /home/。 + +3. 使用root权限,登录目标服务器,参考如下命令安装isula-build。 + + ``` + sudo rpm -ivh /home/isula-build-*.rpm + ``` + +> **说明:** +> 安装完成后,需要手工启动isula-build服务。启动请参见"管理服务"。 + +# 配置与管理服务 + +## 配置服务 + +在安装完 isula-build 软件包之后,systemd 管理服务会以 isula-build 软件包自带的 isula-build 服务端默认配置启动 isula-build 服务。如果 isula-build 服务端的默认配置文件不能满足用户的需求,可以参考如下介绍进行定制化配置。需要注意的是,修改完默认配置之后,需要重启 isula-build 服务端使新配置生效,具体操作可参考下一章节。 + +目前 isula-build 服务端包含如下配置文件: + +- /etc/isula-build/configuration.toml:isula-builder 总体配置文件,用于设置 isula-builder 日志级别、持久化目录和运行时目录、OCI runtime等。其中各参数含义如下: + +| 配置项 | 是否可选 | 配置项含义 | 配置项取值 | +| --------- | -------- | --------------------------------- | ----------------------------------------------- | +| debug | 可选 | 设置是否打开debug日志 | true:打开debug日志
false:关闭debug日志 | +| loglevel | 可选 | 设置日志级别 | debug
info
warn
error | +| run_root | 必选 | 设置运行时数据根目录 | 运行时数据根目录路径,例如/var/run/isula-build/ | +| data_root | 必选 | 设置本地持久化目录 | 本地持久化目录路径,例如/var/lib/isula-build/ | +| runtime | 可选 | 设置runtime种类,目前仅支持runc | runc | +| group | 可选 | 设置本地套接字isula_build.sock文件属组使得加入该组的非特权用户可以操作isula-build | isula | + + +- /etc/isula-build/storage.toml: 本地持久化存储的配置文件,包含所使用的存储驱动的配置。 + +| 配置项 | 是否可选 | 配置项含义 | +| ------ | -------- | ------------------------------ | +| driver | 可选 | 存储驱动类型,目前支持overlay2 | + + 更多设置可参考 [containers-storage.conf.5.md](https://github.com/containers/storage/blob/master/docs/containers-storage.conf.5.md)。 + + +- /etc/isula-build/registries.toml : 针对各个镜像仓库的配置文件。 + +| 配置项 | 是否可选 | 配置项含义 | +| ------------------- | -------- | ------------------------------------------------------------ | +| registries.search | 可选 | 镜像仓库搜索域,在此list的镜像仓库可以被感知,不在此列的不被感知。 | +| registries.insecure | 可选 | 可访问的不安全镜像仓库地址,在此列表中的镜像仓库将不会通过鉴权,不推荐使用。 | + + 更多设置可参考 [containers-registries.conf.5.md](https://github.com/containers/image/blob/master/docs/containers-registries.conf.5.md)。 + +- /etc/isula-build/policy.json:镜像pull/push策略文件。注:当前不支持对其进行配置 + +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - isula-build 支持最大 1MiB 的上述配置文件。 +> - isula-build 不支持将持久化工作目录 dataroot 配置在内存盘上,比如 tmpfs。 +> - isula-build 目前仅支持使用overlay2为底层 graphdriver。 +> - 在设置--group参数前,需保证本地OS已经创建了对应的用户组,且非特权用户已经加入该组。重启isula-builder之后即可使该非特权用户使用isula-build功能。同时,为了保持权限一致性,isula-build的配置文件目录/etc/isula-build的数组也会被设置为--group指定的组。 + + + +## 管理服务 + +目前 openEuler 采用 systemd 管理软件服务,isula-build 软件包已经自带了 systemd 的服务文件,用户安装完 isula-build 软件包之后可以直接通过 systemd 工具对它进行服务启停等操作。用户同样可以手动启动 isula-build 服务端软件。需要注意的是,同一个节点上不可以同时启动多个 isula-build 服务端软件。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>同一个节点上不可以同时启动多个 isula-build 服务端软件。 + +### 通过 systemd 管理(推荐方式) + +用户可以通过如下 systemd 的标准指令控制 isula-build 服务的启动、停止、重启等动作: + +- 启动 isula-build 服务: + + ```sh + sudo systemctl start isula-build.service + ``` + +- 停止 isula-build 服务: + + ```sh + sudo systemctl stop isula-build.service + ``` + +- 重启 isula-builder 服务: + + ```sh + sudo systemctl restart isula-build.service + ``` + +isula-build 软件包安装的 systemd 服务文件保存在 `/usr/lib/systemd/system/isula-build.service`。如果用户需要修改 isula-build 服务的 systemd 配置,可以修改该文件,执行如下命令使配置生效,之后再根据上面提到的 systemd 管理指令重启 isula-build 服务 + +```sh +sudo systemctl daemon-reload +``` + +### 直接运行 isula-build 服务端 + +您也可以通过执行 isula-build 服务端命令( isula-builder)的方式启动服务。其中,服务端启动配置,可通过isula-builder命令支持的 flags 设置。isula-build 服务端目前支持的 flags 如下: + +- -D, --debug: 是否开启调测模式。 +- --log-level: 日志级别,支持 “debug”, “info”, “warn” or “error”,默认为 “info”。 +- --dataroot: 本地持久化路径,默认为”/var/lib/isula-build/“。 +- --runroot: 运行时路径,默认为”/var/run/isula-build/“。 +- --storage-driver:底层存储驱动类型。 +- --storage-opt: 底层存储驱动配置。 +- --group: 设置本地套接字isula_build.sock文件属组使得加入该组的非特权用户可以操作isula-build,默认为“isula”。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>当命令行启动参数中传递了与配置文件相同的配置选项时,优先使用命令行参数启动。 + +启动 isula-build 服务。例如指定本地持久化路径/var/lib/isula-build,且不开启调试的参考命令如下: + +```sh +sudo isula-builder --dataroot "/var/lib/isula-build" --debug=false +``` + +# 使用指南 + +## 前提条件 + +isula-build 构建 Dockerfile 内的 RUN 指令时依赖可执行文件 runc ,需要 isula-build 的运行环境上预装好 runc。安装方式视用户使用场景而定,如果用户不需要使用完整的 docker-engine 工具链,则可以仅安装 docker-runc rpm包: + +```sh +sudo yum install -y docker-runc +``` + +如果用户需要使用完整的 docker-engine 工具链,则可以安装 docker-engine rpm包,默认包含可执行文件 runc : + +```sh +sudo yum install -y docker-engine +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>用户需保证OCI runtime(runc)可执行文件的安全性,避免被恶意替换。 + + + +## 总体说明 + +isula-build 客户端提供了一系列命令用于构建和管理容器镜像,当前 isula-build 包含的命令行指令如下: + +- ctr-img,容器镜像管理。ctr-img又包含如下子命令: + - build,根据给定dockerfile构建出容器镜像。 + - images,列出本地容器镜像。 + - import,导入容器基础镜像。 + - load,导入层叠镜像。 + - rm,删除本地容器镜像。 + - save,导出层叠镜像至本地磁盘。 + - tag,给本地容器镜像打tag。 + - pull,拉取镜像到本地。 + - push,推送本地镜像到远程仓库。 +- info,查看isula-build的运行环境和系统信息。 +- login,登录远端容器镜像仓库。 +- logout,退出远端容器镜像仓库。 +- version,查看isula-build和isula-builder的版本号。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>isula-build completion 和 isula-builder completion 命令用于生成bash命令补全脚本。该命令为命令行框架隐式提供,不会显示在help信息中。 + + + +以下按照上述维度依次详细介绍这些命令行指令的使用。 + + + + +## ctr-img: 容器镜像管理 + +isula-build 将所有容器镜像管理相关命令划分在子命令 `ctr-img` 下,命令原型为: + +``` +isula-build ctr-img [command] +``` + +### build: 容器镜像构建 + +ctr-img 的子命令 build 用于构建容器镜像,命令原型为: + +``` +isula-build ctr-img build [flags] +``` + +其中 build 包含如下 flags: + +- --build-arg:string列表,构建过程中需要用到的变量。 +- --build-static:KeyValue值,构建二进制一致性。目前包含如下Key值: + - build-time:string,使用固定时间戳来构建容器镜像;时间戳格式为“YYYY-MM-DD HH-MM-SS”。 +- -f, --filename:string,Dockerfile的路径,不指定则是使用当前路径的Dockerfile文件。 +- --iidfile:string,输出 image ID 到本地文件。 +- -o, --output:string,镜像导出的方式和路径。 +- --proxy:布尔值,继承主机侧环境的proxy环境变量(默认为true)。 +- --tag:string,设置构建成功的镜像的tag值。 +- --cap-add:string列表,构建过程中RUN指令所需要的权限。 + +**以下为各个 flags 的详解。** + +**\--build-arg** + +从命令行接受参数作为Dockerfile中的参数,用法: + +```sh +$ echo "This is bar file" > bar.txt +$ cat Dockerfile_arg +FROM busybox +ARG foo +ADD ${foo}.txt . +RUN cat ${foo}.txt +$ sudo isula-build ctr-img build --build-arg foo=bar -f Dockerfile_arg +STEP 1: FROM busybox +Getting image source signatures +Copying blob sha256:8f52abd3da461b2c0c11fda7a1b53413f1a92320eb96525ddf92c0b5cde781ad +Copying config sha256:e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b +Writing manifest to image destinationStoring signatures +STEP 2: ARG foo +STEP 3: ADD ${foo}.txt . +STEP 4: RUN cat ${foo}.txt +This is bar file +Getting image source signatures +Copying blob sha256:6194458b07fcf01f1483d96cd6c34302ffff7f382bb151a6d023c4e80ba3050a +Copying blob sha256:6bb56e4a46f563b20542171b998cb4556af4745efc9516820eabee7a08b7b869 +Copying config sha256:39b62a3342eed40b41a1bcd9cd455d77466550dfa0f0109af7a708c3e895f9a2 +Writing manifest to image destination +Storing signatures +Build success with image id: 39b62a3342eed40b41a1bcd9cd455d77466550dfa0f0109af7a708c3e895f9a2 +``` + +**\--build-static** + +指定为静态构建,即使用isula-build构建容器镜像时消除所有时间戳和其他构建因素(例如容器ID、hostname等)的差异。最终构建出满足静态要求的容器镜像。 + +在使用isula-build进行容器镜像构建时,假如给 build 子命令一个固定的时间戳,并在限定如下条件的时候: + +- 构建环境前后保持一致。 +- 构建Dockerfile前后保持一致。 +- 构建产生的中间数据前后保持一致。 +- 构建命令相同。 +- 第三方库版本一致。 + +对于容器镜像构建,isula-build支持相同的Dockerfile。如果构建环境相同,则多次构建生成的镜像内容和镜像ID相同。 + +–build-static接受k=v形式的键值对选项,当前支持的选项有: + +- build-time:字符串类型。构建静态镜像的固定时间戳,格式为“YYYY-MM-DD HH-MM-SS”。时间戳影响diff层创建修改时间的文件属性。 + + 使用示例如下: + + ```sh + $ sudo isula-build ctr-img build -f Dockerfile --build-static='build-time=2020-05-23 10:55:33' . + ``` + + 以此方式,同一环境多次构建出来的容器镜像和镜像ID均会保持一致。 + +**\--iidfile** + +将构建的镜像ID输出到文件,用法: + +``` +isula-build ctr-img build --iidfile filename +``` + +例如,将容器镜像ID输出到testfile的参考命令如下: + + ```sh +$ sudo isula-build ctr-img build -f Dockerfile_arg --iidfile testfile + ``` + + 查看testfile中的容器镜像ID: + + ```sh +$ cat testfile +76cbeed38a8e716e22b68988a76410eaf83327963c3b29ff648296d5cd15ce7b + ``` + + + +**\-o, --output** + +目前 -o, –output 支持如下形式: + +- `isulad:image:tag`:将构建成功的镜像直接推送到 iSulad。比如:`-o isulad:busybox:latest`。同时需要注意如下约束: + + - isula-build 和 iSulad 必须在同一个节点上 + - tag必须配置 + - isula-build client端需要将构建成功的镜像暂存成 `/var/tmp/isula-build-tmp-%v.tar` 再导入至 iSulad,用户需要保证 `/var/tmp/` 目录有足够磁盘空间 + +- `docker-daemon:image:tag`:将构建成功的镜像直接推送到 Docker daemon。比如:`-o docker-daemon:busybox:latest`。同时需要注意如下约束: +- isula-build 和 docker 必须在同一个节点上 + - tag必须配置 + +- `docker://registry.example.com/repository:tag`:将构建成功的镜像直接推送到远端镜像仓库。比如:`-o docker://localhost:5000/library/busybox:latest`。 + +- `docker-archive:/:image:tag`:将构建成功的镜像以Docker image的格式保存至本地。比如:`-o docker-archive:/root/image.tar:busybox:latest`。 + +除去各个flags之外,build子命令的命令行最后还会接收一个argument,该argument类型是string,意义为context,即该Dockerfile构建环境的上下文。该参数默认值为isula-build被执行的当前路径。该路径会影响 .dockerignore 和 Dockerfile的ADD/COPY指令 所检索的路径。 + +**\--proxy** + +选择构建时RUN指令启动的容器是否从环境上继承proxy相关环境变量”http_proxy”,“https_proxy”,“ftp_proxy”,“no_proxy”,“HTTP_PROXY”,“HTTPS_PROXY”,“FTP_PROXY”,“NO_PROXY”,默认为true。 + +当用户在Dockerfile配置proxy相关ARG或ENV,将覆盖所继承的环境变量。 + +注意:若client与daemon不在同一个终端运行,所能继承的环境变量为daemon所在终端的环境变量。 + +**\--tag** + +设置镜像构建成功之后,该镜像在本地磁盘存储时的tag。 + +**\--cap-add** + +添加构建过程中RUN指令所需权限,用法: + +``` +isula-build ctr-img build --cap-add ${CAP} +``` + +使用举例: + +```sh +$ sudo isula-build ctr-img build --cap-add CAP_SYS_ADMIN --cap-add CAP_SYS_PTRACE -f Dockerfile +``` + +> **说明:** +> +> - isula-build最大支持并发构建100个容器镜像。 +> - isula-build支持Dockerfile最大为1MiB。 +> - isula-build支持 .dockerignore 最大为 1MiB。 +> - 用户需保证Dockerfile文件的权限为仅当前用户可读写,避免别的用户进行篡改。 +> - 构建时,RUN指令会启动容器在容器内进行构建,目前 isula-build 仅支持使用主机网络。 +> - isula-build 导出的镜像压缩格式,目前仅支持tar.gz格式。 +> - isula-build 在每一个镜像构建stage完成后做一次提交,而不是每执行 Dockerfile的一行就提交一次。 +> - isula-build 暂不支持构建缓存。 +> - isula-build 仅在构建RUN指令时会启动构建容器。 +> - 目前不支持docker镜像格式的history功能。 +> - isula-build 的stage name支持以数字开头。 +> - isula-build 的stage name最长可为64个字符。 +> - isula-build 暂不支持对单次Dockerfile的构建进行资源限制。如有资源限制需求,可通过对 isula-builder 服务端配置资源限额的方式进行限制。 +> - isula-build 目前不支持Dockerfile里的ADD指令提供的数据来源是远端url。 +> - isula-build 使用docker-archive类型导出的本地tar包未经压缩。如有需求,用户可以手动进行压缩。 + + + +### image: 查看本地持久化构建镜像 + +可通过images命令查看当前本地持久化存储的镜像: + +```sh +$ sudo isula-build ctr-img images +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +localhost:5000/library/alpine latest a24bb4013296 2020-20-19 19:59:197 5.85 MB + 39b62a3342ee 2020-20-38 38:66:387 1.45 MB +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +``` + +**说明**:通过`isula-build ctr-img images`查看的镜像大小与`docker images`的显示上有一定差异。这是因为统计镜像大小时,isula-build是直接计算每层tar包大小之和,而docker是通过解压tar遍历diff目录计算文件大小之和,因此存在统计上的差异。 + + + +### import: 导入容器基础镜像 + +openEuler会随版本发布一个容器基础镜像,比如openEuler-docker.x86_64.tar.xz。可以通过`ctr-img import`指令将它导入到 isula-build。 + +命令原型如下: + +``` +isula-build ctr-img import [flags] +``` + +使用举例: + +```sh +$ sudo isula-build ctr-img import ./openEuler-docker.x86_64.tar.xz openeuler:20.03 +Import success with image id: 7317851cd2ab33263eb293f68efee9d724780251e4e92c0fb76bf5d3c5585e37 +$ sudo isula-build ctr-img images +---------------------------------------------- -------------------- ----------------- ------------------------ ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +---------------------------------------------- -------------------- ----------------- ------------------------ ------------ +openeuler 20.03 7317851cd2ab 2020-08-01 06:25:34 500 MB +---------------------------------------------- -------------------- ----------------- ------------------------ ------------ +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>isula-build 支持导入最大1GiB的容器基础镜像。 + + + +### load: 导入层叠镜像 + +层叠镜像指的是通过 docker save 或 isula-build ctr-img save 等指令,将一个构建完成的镜像保存至本地之后,镜像压缩包内是一层一层 layer.tar 的镜像包。可以通过 ctr-img load 指令将它导入至 isula-build。 + +命令原型如下: + +``` +isula-build ctr-img load [flags] +``` + +目前支持的 flags 为: + +- -i, --input:本地tar包的路径 + +使用举例如下: + +```sh +$ sudo isula-build ctr-img load -i ubuntu.tarGetting image source signatures +Copying blob sha256:cf612f747e0fbcc1674f88712b7bc1cd8b91cf0be8f9e9771235169f139d507c +Copying blob sha256:f934e33a54a60630267df295a5c232ceb15b2938ebb0476364192b1537449093 +Copying blob sha256:943edb549a8300092a714190dfe633341c0ffb483784c4fdfe884b9019f6a0b4 +Copying blob sha256:e7ebc6e16708285bee3917ae12bf8d172ee0d7684a7830751ab9a1c070e7a125 +Copying blob sha256:bf6751561805be7d07d66f6acb2a33e99cf0cc0a20f5fd5d94a3c7f8ae55c2a1 +Copying blob sha256:c1bd37d01c89de343d68867518b1155cb297d8e03942066ecb44ae8f46b608a3 +Copying blob sha256:a84e57b779297b72428fc7308e63d13b4df99140f78565be92fc9dbe03fc6e69 +Copying blob sha256:14dd68f4c7e23d6a2363c2320747ab88986dfd43ba0489d139eeac3ac75323b2 +Copying blob sha256:a2092d776649ea2301f60265f378a02405539a2a68093b2612792cc65d00d161 +Copying blob sha256:879119e879f682c04d0784c9ae7bc6f421e206b95d20b32ce1cb8a49bfdef202 +Copying blob sha256:e615448af51b848ecec00caeaffd1e30e8bf5cffd464747d159f80e346b7a150 +Copying blob sha256:f610bd1e9ac6aa9326d61713d552eeefef47d2bd49fc16140aa9bf3db38c30a4 +Copying blob sha256:bfe0a1336d031bf5ff3ce381e354be7b2bf310574cc0cd1949ad94dda020cd27 +Copying blob sha256:f0f15db85788c1260c6aa8ad225823f45c89700781c4c793361ac5fa58d204c7 +Copying config sha256:c07ddb44daa97e9e8d2d68316b296cc9343ab5f3d2babc5e6e03b80cd580478e +Writing manifest to image destination +Storing signatures +Loaded image as c07ddb44daa97e9e8d2d68316b296cc9343ab5f3d2babc5e6e03b80cd580478e +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- isula-build load命令仅支持导入包含单个层叠镜像的镜像压缩文件。 +>- isula-build 支持导入最大50G的容器层叠镜像。 + + + +### rm: 删除本地持久化镜像 + +可通过rm命令删除当前本地持久化存储的镜像。命令原型为: + +``` +isula-build ctr-img rm IMAGE [IMAGE...] [FLAGS] +``` + +目前支持的 flags 为: + +- -a, –all:删除所有本地持久化存储的镜像。 +- -p, –prune:删除所有没有tag的本地持久化存储的镜像。 + +使用示例如下: + +```sh +$ sudo isula-build ctr-img rm -p +Deleted: sha256:78731c1dde25361f539555edaf8f0b24132085b7cab6ecb90de63d72fa00c01d +Deleted: sha256:eeba1bfe9fca569a894d525ed291bdaef389d28a88c288914c1a9db7261ad12c +``` + + + +### save: 导出层叠镜像 + +可通过save命令导出层叠镜像到本地磁盘。命令原型如下: + +``` +isula-build ctr-img save [REPOSITORY:TAG]|imageID -o xx.tar +``` + +以下示例通过 `image/tag` 的形式将镜像进行导出: + +```sh +$ sudo isula-build ctr-img save busybox:latest -o busybox.tar +Getting image source signatures +Copying blob sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a +Copying blob sha256:824082a6864774d5527bda0d3c7ebd5ddc349daadf2aa8f5f305b7a2e439806f +Copying blob sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef +Copying config sha256:21c3e96ac411242a0e876af269c0cbe9d071626bdfb7cc79bfa2ddb9f7a82db6 +Writing manifest to image destination +Storing signatures +Save success with image: busybox:latest +``` + +以下示例通过 `ImageID` 的形式将镜像进行导出: + +```sh +$ sudo isula-build ctr-img save 21c3e96ac411 -o busybox.tar +Getting image source signatures +Copying blob sha256:50644c29ef5a27c9a40c393a73ece2479de78325cae7d762ef3cdc19bf42dd0a +Copying blob sha256:824082a6864774d5527bda0d3c7ebd5ddc349daadf2aa8f5f305b7a2e439806f +Copying blob sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef +Copying config sha256:21c3e96ac411242a0e876af269c0cbe9d071626bdfb7cc79bfa2ddb9f7a82db6 +Writing manifest to image destination +Storing signatures +Save success with image: 21c3e96ac411 +``` + +以下示例导出多个镜像到同一个tarball: +```sh +$ sudo isula-build ctr-img save busybox:latest nginx:latest -o all.tar +Getting image source signatures +Copying blob sha256:eb78099fbf7fdc70c65f286f4edc6659fcda510b3d1cfe1caa6452cc671427bf +Copying blob sha256:29f11c413898c5aad8ed89ad5446e89e439e8cfa217cbb404ef2dbd6e1e8d6a5 +Copying blob sha256:af5bd3938f60ece203cd76358d8bde91968e56491daf3030f6415f103de26820 +Copying config sha256:b8efb18f159bd948486f18bd8940b56fd2298b438229f5bd2bcf4cedcf037448 +Writing manifest to image destination +Storing signaturesGetting image source signatures +Copying blob sha256:e2d6930974a28887b15367769d9666116027c411b7e6c4025f7c850df1e45038 +Copying config sha256:a33de3c85292c9e65681c2e19b8298d12087749b71a504a23c576090891eedd6 +Writing manifest to image destination +Storing signatures +Save success with image: [busybox:latest nginx:latest] +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- save 导出的镜像默认格式为未压缩的tar格式,如有需求,用户可以再save之后手动压缩。 +>- 在导出镜像时,需要写明镜像的完整性,格式为IMAGE_NAME:IMAGE_TAG。 + + +### tag: 给本地持久化镜像打标签 + +可使用tag命令给本地持久化的容器镜像打tag。命令原型如下: + +``` +isula-build ctr-img tag / busybox:latest +``` + +使用举例: + +```sh +$ sudo isula-build ctr-img images +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +$ sudo isula-build ctr-img tag a24bb4013296 alpine:v1 +$ sudo isula-build ctr-img images +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +REPOSITORY TAG IMAGE ID CREATED SIZE +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +alpine latest a24bb4013296 2020-05-29 21:19:46 5.85 MB +alpine v1 a24bb4013296 2020-05-29 21:19:46 5.85 MB +---------------------------------------------- ----------- ----------------- -------------------------- ------------ +``` + +### pull: 拉取镜像到本地 + +可通过pull命令拉取远程镜像仓库中的镜像到本地。命令原型如下: + +``` +isula-build ctr-img pull REPOSITORY[:TAG] +``` + +使用示例: + +```sh +$ sudo isula-build ctr-img pull example-registry/library/alpine:latest +Getting image source signatures +Copying blob sha256:8f52abd3da461b2c0c11fda7a1b53413f1a92320eb96525ddf92c0b5cde781ad +Copying config sha256:e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b +Writing manifest to image destination +Storing signatures +Pull success with image: example-registry/library/alpine:latest +``` + +### push: 将本地镜像推送到远程仓库 + +可通过push命令将本地镜像推送到远程仓库。命令原型如下: + +``` +isula-build ctr-img push REPOSITORY[:TAG] +``` + +使用示例: + +```sh +$ sudo isula-build ctr-img push example-registry/library/mybusybox:latest +Getting image source signatures +Copying blob sha256:d2421964bad195c959ba147ad21626ccddc73a4f2638664ad1c07bd9df48a675 +Copying config sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f +Writing manifest to image destination +Storing signatures +Push success with image: example-registry/library/mybusybox:latest +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 推送镜像时,需要先登录对应的镜像仓库。 + + +## info: 查看运行环境与系统信息 + +可以通过“isula-build info”指令查看 isula-build 目前的运行环境与系统信息。命令原型如下: + +``` + isula-build info [flags] +``` + +支持如下Flags: + +- -H, --human-readable 布尔值,以常用内存表示格式打印内存信息,使用1000次幂 +- -V, --verbose 布尔值,显示运行时内存占用信息 + +使用示例: + +```sh +$ sudo isula-build info -HV + General: + MemTotal: 7.63 GB + MemFree: 757 MB + SwapTotal: 8.3 GB + SwapFree: 8.25 GB + OCI Runtime: runc + DataRoot: /var/lib/isula-build/ + RunRoot: /var/run/isula-build/ + Builders: 0 + Goroutines: 12 + Store: + Storage Driver: overlay + Backing Filesystem: extfs + Registry: + Search Registries: + oepkgs.net + Insecure Registries: + localhost:5000 + oepkgs.net + Runtime: + MemSys: 68.4 MB + HeapSys: 63.3 MB + HeapAlloc: 7.41 MB + MemHeapInUse: 8.98 MB + MemHeapIdle: 54.4 MB + MemHeapReleased: 52.1 MB +``` + +## login: 登录远端镜像仓库 + +用户可以运行 login 命令来登录远程镜像仓库。命令原型如下: + +``` + isula-build login SERVER [FLAGS] +``` + +目前支持的flag有: + +``` + Flags: + -p, --password-stdin Read password from stdin + -u, --username string Username to access registry +``` + +通过stdin输入密码。以下示例通过通过管道将creds.txt里的密码传给isula-build的stdin进行输入: + +```sh + $ cat creds.txt | sudo isula-build login -u cooper -p mydockerhub.io + Login Succeeded +``` + +通过交互式输入密码: + +```sh + $ sudo isula-build login mydockerhub.io -u cooper + Password: + Login Succeeded +``` + +## logout: 退出远端镜像仓库 + +用户可以运行 logout 命令来登出远程镜像仓库。命令原型如下: + +``` + isula-build logout [SERVER] [FLAGS] +``` + +目前支持的flag有: + +``` + Flags: + -a, --all Logout all registries +``` + +使用示例如下: + +```sh + $ sudo isula-build logout -a + Removed authentications +``` + + +## version: 版本查询 + +可通过version命令查看当前版本信息: + +```sh + $ sudo isula-build version + Client: + Version: 0.9.4 + Go Version: go1.13.3 + Git Commit: 0038365c + Built: Tue Nov 24 16:32:05 2020 + OS/Arch: linux/amd64 + + Server: + Version: 0.9.4 + Go Version: go1.13.3 + Git Commit: 0038365c + Built: Tue Nov 24 16:32:05 2020 + OS/Arch: linux/amd64 +``` + + +# 直接集成容器引擎 + +isula-build可以与iSulad和docker集成,将构建好的容器镜像导入到容器引擎的本地存储中。 + +## 与iSulad集成 + +支持将构建成功的镜像直接导出到iSulad。 + +命令行举例: + +```sh +$ sudo isula-build ctr-img build -f Dockerfile -o isulad:busybox:2.0 +``` + +通过在-o参数中指定iSulad,将构建好的容器镜像导出到iSulad,可以通过isula images查询: + +```sh +$ sudo isula images +isula images +REPOSITORY TAG IMAGE ID CREATED SIZE +busybox 2.0 2d414a5cad6d 2020-08-01 06:41:36 5.577 MB +``` + +> ![](./public_sys-resources/icon-note.gif) **说明:** +> - 要求isula-build和iSulad在同一节点。 +> - 直接导出镜像到iSulad时,isula-build client端需要将构建成功的镜像暂存成 `/var/lib/isula-build/tmp/[buildid]/isula-build-tmp-%v.tar` 再导入至 iSulad,用户需要保证 /var/lib/isula-build/tmp/ 目录有足够磁盘空间;同时如果在导出过程中 isula-build client进程被KILL或Ctrl+C终止,需要依赖用户手动清理 `/var/lib/isula-build/tmp/[buildid]/isula-build-tmp-%v.tar` 文件。 + +## 与Docker集成 + +支持将构建成功的镜像直接导出到Docker daemon。 + +命令行举例: + +```sh +$ sudo isula-build ctr-img build -f Dockerfile -o docker-daemon:busybox:2.0 +``` + +通过在-o参数中指定docker-daemon,将构建好的容器镜像导出到docker, 可以通过docker images查询。 + +```sh +$ sudo docker images +REPOSITORY TAG IMAGE ID CREATED SIZE +busybox 2.0 2d414a5cad6d 2 months ago 5.22MB +``` + +> ![](./public_sys-resources/icon-note.gif) **说明:** +> +> - 要求isula-build和Docker在同一节点。 + +# 附录 + + +## 命令行参数说明 + +**表1** ctr-img build 命令参数列表 + +| **命令** | **参数** | **说明** | +| ------------- | -------------- | ------------------------------------------------------------ | +| ctr-img build | --build-arg | string列表,构建过程中需要用到的变量 | +| | --build-static | KV值,构建二进制一致性。目前包含如下K值:- build-time:string,使用固定时间戳来构建容器镜像;时间戳格式为“YYYY-MM-DD HH-MM-SS” | +| | -f, --filename | string,Dockerfile的路径,不指定则是使用当前路径的Dockerfile文件 | +| | --iidfile | string,输出 image ID 到本地文件 | +| | -o, --output | string,镜像导出的方式和路径 | +| | --proxy | 布尔值,继承主机侧环境的proxy环境变量(默认为true) | +| | --tag | string,给构建的镜像添加tag | +| | --cap-add | string列表,构建过程中RUN指令所需要的权限 | + +**表2** ctr-img load 命令参数列表 + +| **命令** | **参数** | **说明** | +| ------------ | ----------- | --------------------------------- | +| ctr-img load | -i, --input | string,需要导入的本地tar包的路径 | + +**表3** ctr-img rm 命令参数列表 + +| **命令** | **参数** | **说明** | +| ---------- | ----------- | --------------------------------------------- | +| ctr-img rm | -a, --all | 布尔值,删除所有本地持久化存储的镜像 | +| | -p, --prune | 布尔值,删除所有没有tag的本地持久化存储的镜像 | + +**表4** ctr-img save 命令参数列表 + +| **命令** | **参数** | **说明** | +| ------------ | ------------ | ---------------------------------- | +| ctr-img save | -o, --output | string,镜像导出后在本地的存储路径 | + +**表5** login 命令参数列表 + +| **命令** | **参数** | **说明** | +| -------- | -------------------- | ------------------------------------------------------- | +| login | -p, --password-stdin | 布尔值,是否通过stdin读入密码;或采用交互式界面输入密码 | +| | -u, --username | string,登陆镜像仓库所使用的用户名 | + +**表6** logout 命令参数列表 + +| **命令** | **参数** | **说明** | +| -------- | --------- | ------------------------------------ | +| logout | -a, --all | 布尔值,是否登出所有已登陆的镜像仓库 | + +## 通信矩阵 + +isula-build两个组件进程之间通过unix socket套接字文件进行通信,无端口通信。 + +## 文件与权限 + +- isula-build 所有的操作均需要使用 root 权限。如需使用非特权用户操作,则需要配置--group参数 + +- isula-build 运行涉及文件权限如下表所示: + +| **文件路径** | **文件/文件夹权限** | **说明** | +| ------------------------------------------- | ------------------- | ------------------------------------------------------------ | +| /usr/bin/isula-build | 551 | 命令行工具二进制文件。 | +| /usr/bin/isula-builder | 550 | 服务端isula-builder进程二进制文件。 | +| /usr/lib/systemd/system/isula-build.service | 640 | systemd配置文件,用于管理isula-build服务。 | +| /etc/isula-build | 650 | isula-builder 配置文件根目录 | +| /etc/isula-build/configuration.toml | 600 | isula-builder 总配置文件,包含设置 isula-builder 日志级别、持久化目录和运行时目录、OCI runtime等。 | +| /etc/isula-build/policy.json | 600 | 签名验证策略文件的语法文件。 | +| /etc/isula-build/registries.toml | 600 | 针对各个镜像仓库的配置文件,含可用的镜像仓库列表、镜像仓库黑名单。 | +| /etc/isula-build/storage.toml | 600 | 本地持久化存储的配置文件,包含所使用的存储驱动的配置。 | +| /etc/isula-build/isula-build.pub | 444 | 非对称加密公钥文件 | +| /var/run/isula_build.sock | 600 | 服务端isula-builder的本地套接字。 | +| /var/lib/isula-build | 700 | 本地持久化目录。 | +| /var/run/isula-build | 700 | 本地运行时目录。 | +| /var/lib/isula-build/tmp/[buildid]/isula-build-tmp-*.tar | 600 | 镜像导出至iSulad时的本地暂存目录。 | + + diff --git "a/docs/zh/docs/Container/isula-transform\350\277\201\347\247\273\345\267\245\345\205\267.md" "b/docs/zh/docs/Container/isula-transform\350\277\201\347\247\273\345\267\245\345\205\267.md" new file mode 100644 index 0000000000000000000000000000000000000000..6c3fdbe9f7b967bb84c5de74d0270bd1e8c391cb --- /dev/null +++ "b/docs/zh/docs/Container/isula-transform\350\277\201\347\247\273\345\267\245\345\205\267.md" @@ -0,0 +1,162 @@ +# isula-transform 容器迁移工具 + +isula-transform 容器迁移工具配合 iSulad 2.0 推出。用于将 Docker 容器引擎拉起的容器转换迁移到 iSulad 引擎管理。迁移完成后,可以通过 iSulad 完成容器生命周期管理等功能。 + + + +* [快速引导](#快速引导) + * [安装部署](#安装部署) + * [使用示例](#使用示例) +* [使用指南](#使用指南) + * [用法介绍](#用法介绍) + * [参数说明](#参数说明) + * [注意事项](#注意事项) +* [附录](#附录) + * [通信矩阵及权限说明](#通信矩阵及权限说明) + * [通信矩阵](#通信矩阵) + * [文件与权限](#文件与权限) + + + +## 快速引导 + +### 安装部署 + +安装 isula-transform 可参考如下方法: + +- yum 安装(推荐) + + ``` shell + sudo yum install -y isula-transform + ``` + +* rpm 安装 + + ``` shell + sudo rpm -ivh isula-transform-0.9.1-1.oe1.x86_64.rpm + ``` + + 说明:isula-transform 运行依赖于 isulad 和 docker-engine,采用 rpm 安装时请确保环境中已安装 isulad 和 docker-engine。 + + +### 使用示例 + +这里给出将 Docker 容器引擎拉起的容器迁移到 iSulad 引擎管理的示例。 + +1. 以 host 网络启动一个 Docker 容器,并挂载数据卷。 + + ``` shell + $ mkdir /tmp/test && echo "hello isula 2.0" > /tmp/test/hello.txt + $ sudo docker run -tid --network host -v /tmp/test:/test rnd-dockerhub.huawei.com/official/ubuntu bash + b7ebc79a83297d781069308311cd1456539ab663fc284c80386a941af1a78685 + $ sudo docker exec b7ebc7 cat /test/hello.txt + hello isula 2.0 + $ sudo docker exec b7ebc7 bash -c "echo 'hello isula-transform' > /root/world.txt" + $ sudo docker exec b7ebc7 cat /root/world.txt + hello isula-transform + ``` + +2. 使用 isula-transform 工具迁移该容器(指定容器 id 前几位或全 id)。 + + ``` shell + $ sudo isula-transform b7ebc7 + transform b7ebc7: success + ``` + +3. 重启 isulad,可查看到该容器。 + + ``` shell + $ systemctl restart isulad && sudo isula ps -a + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + b7ebc79a8329 rnd-dockerhub.huawei.com/official/ubuntu "bash" 8 minutes ago Exited (0) 2 minutes ago inspiring_dirac + ``` + +4. 启动容器并检查数据。容器启动成功且数据完整,说明容器迁移成功。 + + ``` shell + $ sudo isula start b7ebc7 + $ sudo isula exec b7ebc7 cat /test/hello.txt + hello isula 2.0 + $ sudo isula exec b7ebc7 cat /root/world.txt + hello isula-transform + ``` + +5. 删除容器。 + + ``` shell + $ sudo isula rm -f b7ebc7 + b7ebc79a83297d781069308311cd1456539ab663fc284c80386a941af1a78685 + $ sudo isula ps -a + CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES + ``` + +## 使用指南 + +### 用法介绍 + +isula-transform 支持两种用法: + +1. 迁移指定容器 + + 通过指定容器 id 的形式,isula-transform 可以迁移指定的 Docker 容器,用法如下: + + ``` shell + isula-transform [OPTIONS] container_id [container_id...] + ``` + + 可同时指定多个容器 id,支持短 id 格式,但需要保证短 id 唯一性。 + +2. 迁移所有容器 + + 通过配置 --all 参数,isula-transform 将会迁移所有 running 和 pause 状态的 Docker 容器,用法如下: + + ``` shell + isula-transform [OPTIONS] --all + ``` + + 若指定 --all 参数后同时指定了容器 id,isula-transform 会忽略传入的容器 id。 + +其他可配置参数请参见 [参数说明](#参数说明)。 + +### 参数说明 + +用法介绍中的OPTIONS 为 isula-transform 的可选参数,具体含义请参见下表。 + +| 参数 | 说明 | +| -------------- | :----------------------------------------------------------- | +| --log | 指定日志文件的路径, 未配置取默认值 /var/log/isula-kits/transform.log | +| --log-level | 指定输出日志的最低级别,可配置项目包括:debug info warn error,默认为 info 级别 | +| --docker-graph | docker graph 路径,未配置取默认值 /var/lib/docker | +| --docker-state | docker state 路径,未配置取默认值 /var/run/docker | + + +### 注意事项 + +- isula-transform 适用非集群场景,Kubernetes 等集群场景下,建议配置 iSulad 引擎之后拉起新容器。 +- isula-transform 目前支持对 Docker 18.09 版本创建的容器进行迁移,容器需要处于 running 或者 pause 状态。 +- isula-transform 完成迁移后原 Docker 容器会处于 pause 状态,由用户决定原 Docker 容器的生命周期。 +- isula-transform 要求被迁移的 Docker 容器以 --network=host 启动, 或者复用以 host 网络启动的容器的网络栈。后者场景中,两个容器均需要被迁移,且迁移后需要首先启动父容器。 +- 涉及到共享 namespace (pid,ipc)和 cgroup 嵌套(cgroup-parent)时,父子容器均需要被迁移,且迁移后需要首先启动父容器。 +- iSula 容器相对于 Docker 容器不支持的配置参数,isula-transform 迁移后会丢弃。 + +## 附录 + +### 通信矩阵及权限说明 + +#### 通信矩阵 + +isula-transform 运行时会作为客户端访问服务端 dockerd,isula-transform 和 dockerd 之间通过 unix socket 套接字文件进行通信,路径如下: + +|服务端|socket 路径| +|---|:---| +|dockerd|/var/run/docker.sock| + +#### 文件与权限 + +- isula-transform 运行需要 root 权限。 +- isula-transform 运行涉及文件权限如下表所示: + + |文件路径|权限|说明| + |:---|---|:---| + |/usr/bin/isula-transform|0550|可执行二进制文件| + |/var/log/isula-kits/transform.log|0600|isula-transform 默认日志文件| diff --git "a/content/zh/docs/Container/namespace\345\214\226\345\206\205\346\240\270\345\217\202\346\225\260\345\217\257\345\206\231.md" "b/docs/zh/docs/Container/namespace\345\214\226\345\206\205\346\240\270\345\217\202\346\225\260\345\217\257\345\206\231.md" similarity index 99% rename from "content/zh/docs/Container/namespace\345\214\226\345\206\205\346\240\270\345\217\202\346\225\260\345\217\257\345\206\231.md" rename to "docs/zh/docs/Container/namespace\345\214\226\345\206\205\346\240\270\345\217\202\346\225\260\345\217\257\345\206\231.md" index ab34a713fb0b997cc055fbade3220571e13ffcca..74e4f950a65614579fc534ab9ce57d77fcbce2d9 100644 --- "a/content/zh/docs/Container/namespace\345\214\226\345\206\205\346\240\270\345\217\202\346\225\260\345\217\257\345\206\231.md" +++ "b/docs/zh/docs/Container/namespace\345\214\226\345\206\205\346\240\270\345\217\202\346\225\260\345\217\257\345\206\231.md" @@ -1,20 +1,20 @@ -# namespace化内核参数可写 - -## 功能描述 - -对于运行在容器内的业务,如数据库,大数据,包括普通应用,有对部分内核参数进行设置和调整的需求,以满足最佳的业务运行性能和可靠性。内核参数要么不允许修改,要么全部允许修改(特权容器): - -在不允许用户在容器内修改时,只提供了--sysctl外部接口,而且容器内不能灵活修改参数值。 - -在允许用户在容器内修改时,部分内核参数是全局有效的,某个容器修改后,会影响主机上所有的程序,安全性降低。 - -   - -系统容器提供--ns-change-opt参数,可以指定namespace化的内核参数在容器内动态设置,当前仅支持net、ipc。 - -## 参数说明 - - +# namespace化内核参数可写 + +## 功能描述 + +对于运行在容器内的业务,如数据库,大数据,包括普通应用,有对部分内核参数进行设置和调整的需求,以满足最佳的业务运行性能和可靠性。内核参数要么不允许修改,要么全部允许修改(特权容器): + +在不允许用户在容器内修改时,只提供了--sysctl外部接口,而且容器内不能灵活修改参数值。 + +在允许用户在容器内修改时,部分内核参数是全局有效的,某个容器修改后,会影响主机上所有的程序,安全性降低。 + +   + +系统容器提供--ns-change-opt参数,可以指定namespace化的内核参数在容器内动态设置,当前仅支持net、ipc。 + +## 参数说明 + + -

命令

参数

@@ -46,45 +46,45 @@
- -## 约束限制 - -- 如果容器启动同时指定了--privileged(特权容器)和--ns-change-opt,则--ns-change-opt不生效。 - -## 使用示例 - -启动容器, 指定--ns-change-opt=net: - -``` -[root@localhost ~]# isula run -tid --ns-change-opt net --system-container --external-rootfs /root/myrootfs none init -4bf44a42b4a14fdaf127616c90defa64b4b532b18efd15b62a71cbf99ebc12d2 -[root@localhost ~]# isula exec -it 4b mount | grep /proc/sys -proc on /proc/sys type proc (ro,nosuid,nodev,noexec,relatime) -proc on /proc/sysrq-trigger type proc (ro,nosuid,nodev,noexec,relatime) -proc on /proc/sys/net type proc (rw,nosuid,nodev,noexec,relatime) -``` - -可以看到容器内/proc/sys/net挂载点为rw,说明net相关的namespace化的内核参数具有读写权限。 - -再启动一个容器,指定--ns-change-opt=ipc: - -``` -[root@localhost ~]# isula run -tid --ns-change-opt ipc --system-container --external-rootfs /root/myrootfs none init -c62e5e5686d390500dab2fa76b6c44f5f8da383a4cbbeac12cfada1b07d6c47f -[root@localhost ~]# isula exec -it c6 mount | grep /proc/sys -proc on /proc/sys type proc (ro,nosuid,nodev,noexec,relatime) -proc on /proc/sysrq-trigger type proc (ro,nosuid,nodev,noexec,relatime) -proc on /proc/sys/kernel/shmmax type proc (rw,nosuid,nodev,noexec,relatime) -proc on /proc/sys/kernel/shmmni type proc (rw,nosuid,nodev,noexec,relatime) -proc on /proc/sys/kernel/shmall type proc (rw,nosuid,nodev,noexec,relatime) -proc on /proc/sys/kernel/shm_rmid_forced type proc (rw,nosuid,nodev,noexec,relatime) -proc on /proc/sys/kernel/msgmax type proc (rw,nosuid,nodev,noexec,relatime) -proc on /proc/sys/kernel/msgmni type proc (rw,nosuid,nodev,noexec,relatime) -proc on /proc/sys/kernel/msgmnb type proc (rw,nosuid,nodev,noexec,relatime) -proc on /proc/sys/kernel/sem type proc (rw,nosuid,nodev,noexec,relatime) -proc on /proc/sys/fs/mqueue type proc (rw,nosuid,nodev,noexec,relatime) -``` - -可以看到容器内ipc相关的内核参数挂载点为rw,说明ipc相关的namespace化的内核参数具有读写权限。 - + + +## 约束限制 + +- 如果容器启动同时指定了--privileged(特权容器)和--ns-change-opt,则--ns-change-opt不生效。 + +## 使用示例 + +启动容器, 指定--ns-change-opt=net: + +``` +[root@localhost ~]# isula run -tid --ns-change-opt net --system-container --external-rootfs /root/myrootfs none init +4bf44a42b4a14fdaf127616c90defa64b4b532b18efd15b62a71cbf99ebc12d2 +[root@localhost ~]# isula exec -it 4b mount | grep /proc/sys +proc on /proc/sys type proc (ro,nosuid,nodev,noexec,relatime) +proc on /proc/sysrq-trigger type proc (ro,nosuid,nodev,noexec,relatime) +proc on /proc/sys/net type proc (rw,nosuid,nodev,noexec,relatime) +``` + +可以看到容器内/proc/sys/net挂载点为rw,说明net相关的namespace化的内核参数具有读写权限。 + +再启动一个容器,指定--ns-change-opt=ipc: + +``` +[root@localhost ~]# isula run -tid --ns-change-opt ipc --system-container --external-rootfs /root/myrootfs none init +c62e5e5686d390500dab2fa76b6c44f5f8da383a4cbbeac12cfada1b07d6c47f +[root@localhost ~]# isula exec -it c6 mount | grep /proc/sys +proc on /proc/sys type proc (ro,nosuid,nodev,noexec,relatime) +proc on /proc/sysrq-trigger type proc (ro,nosuid,nodev,noexec,relatime) +proc on /proc/sys/kernel/shmmax type proc (rw,nosuid,nodev,noexec,relatime) +proc on /proc/sys/kernel/shmmni type proc (rw,nosuid,nodev,noexec,relatime) +proc on /proc/sys/kernel/shmall type proc (rw,nosuid,nodev,noexec,relatime) +proc on /proc/sys/kernel/shm_rmid_forced type proc (rw,nosuid,nodev,noexec,relatime) +proc on /proc/sys/kernel/msgmax type proc (rw,nosuid,nodev,noexec,relatime) +proc on /proc/sys/kernel/msgmni type proc (rw,nosuid,nodev,noexec,relatime) +proc on /proc/sys/kernel/msgmnb type proc (rw,nosuid,nodev,noexec,relatime) +proc on /proc/sys/kernel/sem type proc (rw,nosuid,nodev,noexec,relatime) +proc on /proc/sys/fs/mqueue type proc (rw,nosuid,nodev,noexec,relatime) +``` + +可以看到容器内ipc相关的内核参数挂载点为rw,说明ipc相关的namespace化的内核参数具有读写权限。 + diff --git a/content/zh/docs/Installation/public_sys-resources/icon-caution.gif b/docs/zh/docs/Container/public_sys-resources/icon-caution.gif similarity index 100% rename from content/zh/docs/Installation/public_sys-resources/icon-caution.gif rename to docs/zh/docs/Container/public_sys-resources/icon-caution.gif diff --git a/content/zh/docs/Installation/public_sys-resources/icon-danger.gif b/docs/zh/docs/Container/public_sys-resources/icon-danger.gif similarity index 100% rename from content/zh/docs/Installation/public_sys-resources/icon-danger.gif rename to docs/zh/docs/Container/public_sys-resources/icon-danger.gif diff --git a/content/zh/docs/Installation/public_sys-resources/icon-note.gif b/docs/zh/docs/Container/public_sys-resources/icon-note.gif similarity index 100% rename from content/zh/docs/Installation/public_sys-resources/icon-note.gif rename to docs/zh/docs/Container/public_sys-resources/icon-note.gif diff --git a/content/zh/docs/Installation/public_sys-resources/icon-notice.gif b/docs/zh/docs/Container/public_sys-resources/icon-notice.gif similarity index 100% rename from content/zh/docs/Installation/public_sys-resources/icon-notice.gif rename to docs/zh/docs/Container/public_sys-resources/icon-notice.gif diff --git a/content/zh/docs/Installation/public_sys-resources/icon-tip.gif b/docs/zh/docs/Container/public_sys-resources/icon-tip.gif similarity index 100% rename from content/zh/docs/Installation/public_sys-resources/icon-tip.gif rename to docs/zh/docs/Container/public_sys-resources/icon-tip.gif diff --git a/content/zh/docs/Installation/public_sys-resources/icon-warning.gif b/docs/zh/docs/Container/public_sys-resources/icon-warning.gif similarity index 100% rename from content/zh/docs/Installation/public_sys-resources/icon-warning.gif rename to docs/zh/docs/Container/public_sys-resources/icon-warning.gif diff --git "a/content/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\347\275\221\347\273\234.md" "b/docs/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\347\275\221\347\273\234.md" similarity index 96% rename from "content/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\347\275\221\347\273\234.md" rename to "docs/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\347\275\221\347\273\234.md" index e6b1cc316d0cb8ee4a113f020bc45630a3bf9c65..4e744a60c5f1b6a1a0cf15e22adee35e52e97697 100644 --- "a/content/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\347\275\221\347\273\234.md" +++ "b/docs/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\347\275\221\347\273\234.md" @@ -46,7 +46,7 @@

必选

-

设置网卡的主机端名字。支持字母、数字、下划线“_”、“-” 以及“.”字符,必须以字母开头,且长度不超过15。需要确保同一个宿主机上device不能重复。

+

设置网卡的主机端名字。支持字母、数字、下划线“\_”、“-” 以及“.”字符,必须以字母开头,且长度不超过15。需要确保同一个宿主机上device不能重复。

name

@@ -114,7 +114,7 @@ null ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >当网卡添加成功时,如果为其指定了IP地址,则kata会为新添加的网卡添加一条destination为同网段地址的默认路由,如上例中添加网卡之后容器内有如下路由被添加: >``` >[root@6ec7a98 /]# ip route @@ -194,7 +194,7 @@ - gateway:设置路由的下一跳网关。设置"dest":"default"时,gateway必选;其他情况可选。 - device:必选。设置路由对应的网卡名称,最长支持15字符。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >如果为容器内的回环设备lo添加路由时,路由配置文件中的"device"字段对应的设备名称为"lo"。 4. **删除指定路由** @@ -225,7 +225,7 @@ null ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >- 输入字段中dest为必选,device/gateway均为可选。kata根据不同字段进行模糊匹配,删除对应的路由规则。例如指定了dest为某个IP,则所有该IP的规则都会被删除。 >- 如果删除的是容器内回环设备lo的路由时,路由配置文件中的"device"字段对应的设备名称为"lo"。 @@ -235,7 +235,7 @@ $ cat ./test-iface.json | kata-runtime kata-network del-iface 6ec7a98 - ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >删除网卡时,仅根据网卡容器内名称(name字段)来删除。即便填写其他字段,kata也不会使用。 kata-runtime kata-network del-iface删除网卡命令执行返回结果说明: @@ -314,7 +314,7 @@ kata-runtime kata-ipvs ipvsadm --restore - < <规则文件路径> ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >单条添加时默认使用NAT模式,批量导入时添加真实服务器需手动添加-m参数使用NAT模式。 >规则文件内容示例: >-A -t 10.10.11.12:100 -s rr -p 3000 @@ -334,7 +334,7 @@ kata-runtime kata-ipvs ipvsadm --parameters "--set 100 100 200" ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >1. 每个容器支持iptables规则数量最大为20000条(5k service,3个server/service),add-service和add-server都算作规则。 >2. 批量导入前需清空已有规则。 >3. 不存在并发测试场景。 diff --git "a/content/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" "b/docs/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" similarity index 98% rename from "content/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" rename to "docs/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" index 55aa35dfaaefe14d7d0afc5507bf98745601f98e..f0856085a8c84257048b870cd811577390165ec4 100644 --- "a/content/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" +++ "b/docs/zh/docs/Container/\344\270\272\345\256\211\345\205\250\345\256\271\345\231\250\351\205\215\347\275\256\350\265\204\346\272\220.md" @@ -45,7 +45,7 @@ Socket(s): 4 ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >CPU个数可以设置的最大值为当前OS上可供运行的CPU值(除去隔离核),最小值为0.5个CPU。 2. 配置容器CPU运行资源 @@ -98,7 +98,7 @@ 3. 配置CPU热插拔功能 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >安全容器CPU热插拔功能需要虚拟化组件qemu支持CPU热插拔。 kata-runtime配置文件config.toml中**enable\_cpu\_memory\_hotplug**选项负责开启和禁用CPU和内存热插拔。默认取值为false,表示禁用CPU和内存热插拔功能;取值为true,表示开启CPU和内存热插拔功能。 @@ -157,7 +157,7 @@    - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >由于pause容器只是一个占位容器没有工作负载,所以轻量级虚机启动时默认分配的1个CPU可以被其它容器共享,因此上面例子中启动的新容器只需要再热插3个CPU到轻量级虚机中即可。 - 当停止热插了CPU的容器后,启动容器时热插进去的CPU也会被拔出。 @@ -187,7 +187,7 @@ Swap: 0 0 0 ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >- 如果没有通过--annotation com.github.containers.virtcontainers.sandbox\_mem显示地设置轻量级虚机的内存大小,则轻量级虚机默认使用的内存大小为1GB。 >- 安全容器一个Pod的最小内存规格是1GB,支持的最大内存规格是256GB。如果用户分配的内存规格超过256GB,可能会出现未定义的错误,安全容器暂不支持超过256GB的大内存场景。 @@ -216,7 +216,7 @@ 同配置CPU热插拔功能一样,MEM的热插功能也是由kata-runtime配置文件config.toml中**enable\_cpu\_memory\_hotplug**选项配置,用法参见[3](#限制CPU资源.md#zh-cn_topic_0183903699_li2167326144011)。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >内存资源当前只支持热插,不支持内存热拔。 kata-runtime中复用了**-m**选项实现了MEM热插的功能,通过统计Pod中所有容器的**-m**选项的和,然后确定需要热插多少内存到轻量级虚机中,例如, @@ -255,7 +255,7 @@ Swap: 0 0 0 ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >由于pause容器只是一个占位容器没有工作负载,所以轻量级虚机启动时分配的内存可以被其它容器共享使用,因此上面例子中启动的新容器只需要再热插3GB的内存到轻量级虚机中即可。 @@ -334,7 +334,7 @@ docker run -tid --runtime kata-runtime --network none --annotation io.kubernetes.docker.type=podsandbox --files-limit bash ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 如果**--files-limit**选项的取值小于安全容器默认设置的最小值1024且不为0时,安全容器qemu进程最多可以打开的文件描述符数量会被设置为最小值1024。 >- 如果**--files-limit**选项的取值为0时,安全容器qemu进程最多可以打开的文件描述符数量为系统可以打开文件描述符的最大值/proc/sys/fs/file-max除以400后得到的默认值。 >- 如果启动安全容器时没有显示指定**--files-limit**可以打开的文件描述符的上限,安全容器qemu进程可以打开的文件描述符数量的上限和系统默认值保持一致。 diff --git "a/content/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227-1.md" "b/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227-1.md" similarity index 93% rename from "content/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227-1.md" rename to "docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227-1.md" index 2efb60fa790ddcf4c7b4d56646680ff91db30cd6..36943fc57b1829a1629916b8d7f691d4a76f6b66 100644 --- "a/content/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227-1.md" +++ "b/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227-1.md" @@ -16,5 +16,5 @@ isula create/run [OPTIONS] [COMMAND] [ARG...] - COMMAND:系统容器启动后执行的命令。 - ARG:系统容器启动后执行命令对应的参数。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >系统容器的使用需要root权限。 diff --git "a/content/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227.md" similarity index 94% rename from "content/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227.md" rename to "docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227.md" index 204d1b97fd50e5fbcfe66866410676bff526c889..a4caa9131f31b3532b9c9c2c34726a07405941ea 100644 --- "a/content/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227.md" +++ "b/docs/zh/docs/Container/\344\275\277\347\224\250\346\214\207\345\215\227.md" @@ -1,18 +1,18 @@ -# 使用指南 - -本章介绍iSula容器引擎的使用方法。 ->![](public_sys-resources/icon-note.gif) **说明:** ->iSulad的所有使用操作均需要使用root权限。 - - -- [容器管理](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%B9%E5%99%A8%E7%AE%A1%E7%90%86.html) -- [支持CNI网络](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E6%94%AF%E6%8C%81CNI%E7%BD%91%E7%BB%9C.html) -- [容器资源管理](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%B9%E5%99%A8%E8%B5%84%E6%BA%90%E7%AE%A1%E7%90%86.html) -- [特权容器](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E7%89%B9%E6%9D%83%E5%AE%B9%E5%99%A8.html) -- [CRI接口](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/CRI%E6%8E%A5%E5%8F%A3.html) -- [镜像管理](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E9%95%9C%E5%83%8F%E7%AE%A1%E7%90%86.html) -- [容器健康状态检查](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%B9%E5%99%A8%E5%81%A5%E5%BA%B7%E7%8A%B6%E6%80%81%E6%A3%80%E6%9F%A5.html) -- [查询信息](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E6%9F%A5%E8%AF%A2%E4%BF%A1%E6%81%AF.html) -- [安全特性](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%89%E5%85%A8%E7%89%B9%E6%80%A7.html) -- [支持OCI hooks](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E6%94%AF%E6%8C%81OCI-hooks.html) - +# 使用指南 + +本章介绍iSula容器引擎的使用方法。 +>![](./public_sys-resources/icon-note.gif) **说明:** +>iSulad的所有使用操作均需要使用root权限。 + + +- [容器管理](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%B9%E5%99%A8%E7%AE%A1%E7%90%86.html) +- [支持CNI网络](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E6%94%AF%E6%8C%81CNI%E7%BD%91%E7%BB%9C.html) +- [容器资源管理](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%B9%E5%99%A8%E8%B5%84%E6%BA%90%E7%AE%A1%E7%90%86.html) +- [特权容器](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E7%89%B9%E6%9D%83%E5%AE%B9%E5%99%A8.html) +- [CRI接口](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/CRI%E6%8E%A5%E5%8F%A3.html) +- [镜像管理](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E9%95%9C%E5%83%8F%E7%AE%A1%E7%90%86.html) +- [容器健康状态检查](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%B9%E5%99%A8%E5%81%A5%E5%BA%B7%E7%8A%B6%E6%80%81%E6%A3%80%E6%9F%A5.html) +- [查询信息](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E6%9F%A5%E8%AF%A2%E4%BF%A1%E6%81%AF.html) +- [安全特性](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E5%AE%89%E5%85%A8%E7%89%B9%E6%80%A7.html) +- [支持OCI hooks](https://openeuler.org/zh/docs/20.03_LTS/docs/Container/%E6%94%AF%E6%8C%81OCI-hooks.html) + diff --git "a/content/zh/docs/Container/\344\275\277\347\224\250\346\226\271\346\263\225-1.md" "b/docs/zh/docs/Container/\344\275\277\347\224\250\346\226\271\346\263\225-1.md" similarity index 63% rename from "content/zh/docs/Container/\344\275\277\347\224\250\346\226\271\346\263\225-1.md" rename to "docs/zh/docs/Container/\344\275\277\347\224\250\346\226\271\346\263\225-1.md" index 3df844abdc6d73e07372440ee141020c273a2c03..d72a36cfbb143542b48c4ae537063aa86b74aad7 100644 --- "a/content/zh/docs/Container/\344\275\277\347\224\250\346\226\271\346\263\225-1.md" +++ "b/docs/zh/docs/Container/\344\275\277\347\224\250\346\226\271\346\263\225-1.md" @@ -1,6 +1,6 @@ # 使用方法 本章介绍安全容器的使用方法。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >安全容器的使用需要root权限。 diff --git "a/content/zh/docs/Container/\345\205\261\344\272\253\345\206\205\345\255\230\351\200\232\351\201\223.md" "b/docs/zh/docs/Container/\345\205\261\344\272\253\345\206\205\345\255\230\351\200\232\351\201\223.md" similarity index 98% rename from "content/zh/docs/Container/\345\205\261\344\272\253\345\206\205\345\255\230\351\200\232\351\201\223.md" rename to "docs/zh/docs/Container/\345\205\261\344\272\253\345\206\205\345\255\230\351\200\232\351\201\223.md" index 159542efcb7f7bec800d96159ec79e41909892fc..ec3b77a3bb5c4264a83d3321ab7d58555bff8718 100644 --- "a/content/zh/docs/Container/\345\205\261\344\272\253\345\206\205\345\255\230\351\200\232\351\201\223.md" +++ "b/docs/zh/docs/Container/\345\205\261\344\272\253\345\206\205\345\255\230\351\200\232\351\201\223.md" @@ -1,12 +1,12 @@ -# 共享内存通道 - -## 功能描述 - -系统容器提供容器与主机进程通过共享内存进行通信的功能,通过在容器创建时配置\--host-channel参数,可以在容器与主机之间共享同一tmpfs,从而达到主机与容器间通信的功能。 - -## 参数说明 - - +# 共享内存通道 + +## 功能描述 + +系统容器提供容器与主机进程通过共享内存进行通信的功能,通过在容器创建时配置\--host-channel参数,可以在容器与主机之间共享同一tmpfs,从而达到主机与容器间通信的功能。 + +## 参数说明 + + -

命令

参数

@@ -28,29 +28,29 @@
- -## 约束限制 - -- 宿主机上挂载的tmpfs的生命周期为从容器启动到容器删除,容器删除并解除对空间的占用后会移除这片空间。 -- 容器删除时会将宿主机上挂载tmpfs的路径删除,所以不允许使用宿主机上已存在的目录。 -- 为了宿主机上非root用户运行的进程能够与容器内进行通信,宿主机上tmpfs挂载的权限为1777。 - -## 使用示例 - -创建容器时指定\--host-channel参数: - -``` -[root@localhost ~]# isula run --rm -it --host-channel /testdir:/testdir:rw:32M --system-container --external-rootfs /root/myrootfs none init -root@3b947668eb54:/# dd if=/dev/zero of=/testdir/test.file bs=1024 count=64K -dd: error writing '/testdir/test.file': No space left on device -32769+0 records in -32768+0 records out -33554432 bytes (34 MB, 32 MiB) copied, 0.0766899 s, 438 MB/s -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->- 使用--host-channel大小限制时,若在容器内创建共享文件,则会受到容器内的内存配额限制(在容器内存使用达到极限时可能会产生oom)。 ->- 若用户在主机端创建共享文件,则不受容器内的内存配额限制。 ->- 若用户需要在容器内创建共享文件,且业务为内存密集型,可以通过设置容器内存配额为在原本基础上加上--host-channel配置的大小来消除影响。 - + + +## 约束限制 + +- 宿主机上挂载的tmpfs的生命周期为从容器启动到容器删除,容器删除并解除对空间的占用后会移除这片空间。 +- 容器删除时会将宿主机上挂载tmpfs的路径删除,所以不允许使用宿主机上已存在的目录。 +- 为了宿主机上非root用户运行的进程能够与容器内进行通信,宿主机上tmpfs挂载的权限为1777。 + +## 使用示例 + +创建容器时指定\--host-channel参数: + +``` +[root@localhost ~]# isula run --rm -it --host-channel /testdir:/testdir:rw:32M --system-container --external-rootfs /root/myrootfs none init +root@3b947668eb54:/# dd if=/dev/zero of=/testdir/test.file bs=1024 count=64K +dd: error writing '/testdir/test.file': No space left on device +32769+0 records in +32768+0 records out +33554432 bytes (34 MB, 32 MiB) copied, 0.0766899 s, 438 MB/s +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>- 使用--host-channel大小限制时,若在容器内创建共享文件,则会受到容器内的内存配额限制(在容器内存使用达到极限时可能会产生oom)。 +>- 若用户在主机端创建共享文件,则不受容器内的内存配额限制。 +>- 若用户需要在容器内创建共享文件,且业务为内存密集型,可以通过设置容器内存配额为在原本基础上加上--host-channel配置的大小来消除影响。 + diff --git "a/content/zh/docs/Container/\345\212\250\346\200\201\345\212\240\350\275\275\345\206\205\346\240\270\346\250\241\345\235\227.md" "b/docs/zh/docs/Container/\345\212\250\346\200\201\345\212\240\350\275\275\345\206\205\346\240\270\346\250\241\345\235\227.md" similarity index 97% rename from "content/zh/docs/Container/\345\212\250\346\200\201\345\212\240\350\275\275\345\206\205\346\240\270\346\250\241\345\235\227.md" rename to "docs/zh/docs/Container/\345\212\250\346\200\201\345\212\240\350\275\275\345\206\205\346\240\270\346\250\241\345\235\227.md" index d5c65f9e4ea5c4b5047863f2acaba8ff08772c0e..0c6b898f04273d31bb1cac263b68a138095cc69d 100644 --- "a/content/zh/docs/Container/\345\212\250\346\200\201\345\212\240\350\275\275\345\206\205\346\240\270\346\250\241\345\235\227.md" +++ "b/docs/zh/docs/Container/\345\212\250\346\200\201\345\212\240\350\275\275\345\206\205\346\240\270\346\250\241\345\235\227.md" @@ -1,12 +1,12 @@ -# 动态加载内核模块 - -## 功能描述 - -容器内业务可能依赖某些内核模块,可通过设置环境变量的方式,在系统容器启动前动态加载容器中业务需要的内核模块到宿主机,此特性需要配合syscontainer-hooks一起使用,具体使用可参看"容器资源动态管理(syscontainer-tools)"章节。 - -## 参数说明 - - +# 动态加载内核模块 + +## 功能描述 + +容器内业务可能依赖某些内核模块,可通过设置环境变量的方式,在系统容器启动前动态加载容器中业务需要的内核模块到宿主机,此特性需要配合syscontainer-hooks一起使用,具体使用可参看"容器资源动态管理(syscontainer-tools)"章节。 + +## 参数说明 + + -

命令

参数

@@ -23,31 +23,31 @@
- -## 约束限制 - -- 如果加载的内核模块是未经过验证的,或者跟宿主机已有模块冲突的场景,会导致宿主机出现不可预知问题,在做加载内核模块时需要谨慎操作。 -- 动态加载内核模块通过将需要加载的内核模块传递给容器,此功能是依靠syscontainer-tools捕获到容器启动的环境变量实现,依赖syscontainer-tools的正确安装部署。 -- 加载的内核模块需要手动进行删除。 - -## 使用示例 - -启动系统容器时,指定-e KERNEL\_MODULES参数,待系统容器启动后,可以看到ip\_vs模块被成功加载到内核中。 - -``` -[root@localhost ~]# lsmod | grep ip_vs -[root@localhost ~]# isula run -tid -e KERNEL_MODULES=ip_vs,ip_vs_wrr --hook-spec /etc/syscontainer-tools/hookspec.json --system-container --external-rootfs /root/myrootfs none init -ae18c4281d5755a1e153a7bff6b3b4881f36c8e528b9baba8a3278416a5d0980 -[root@localhost ~]# lsmod | grep ip_vs -ip_vs_wrr 16384 0 -ip_vs 176128 2 ip_vs_wrr -nf_conntrack 172032 7 xt_conntrack,nf_nat,nf_nat_ipv6,ipt_MASQUERADE,nf_nat_ipv4,nf_conntrack_netlink,ip_vs -nf_defrag_ipv6 20480 2 nf_conntrack,ip_vs -libcrc32c 16384 3 nf_conntrack,nf_nat,ip_vs -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->- 宿主机需要安装syscontainer-tools。 ->- 需要指定--hooks-spec为syscontainer hooks。 - + + +## 约束限制 + +- 如果加载的内核模块是未经过验证的,或者跟宿主机已有模块冲突的场景,会导致宿主机出现不可预知问题,在做加载内核模块时需要谨慎操作。 +- 动态加载内核模块通过将需要加载的内核模块传递给容器,此功能是依靠syscontainer-tools捕获到容器启动的环境变量实现,依赖syscontainer-tools的正确安装部署。 +- 加载的内核模块需要手动进行删除。 + +## 使用示例 + +启动系统容器时,指定-e KERNEL\_MODULES参数,待系统容器启动后,可以看到ip\_vs模块被成功加载到内核中。 + +``` +[root@localhost ~]# lsmod | grep ip_vs +[root@localhost ~]# isula run -tid -e KERNEL_MODULES=ip_vs,ip_vs_wrr --hook-spec /etc/syscontainer-tools/hookspec.json --system-container --external-rootfs /root/myrootfs none init +ae18c4281d5755a1e153a7bff6b3b4881f36c8e528b9baba8a3278416a5d0980 +[root@localhost ~]# lsmod | grep ip_vs +ip_vs_wrr 16384 0 +ip_vs 176128 2 ip_vs_wrr +nf_conntrack 172032 7 xt_conntrack,nf_nat,nf_nat_ipv6,ipt_MASQUERADE,nf_nat_ipv4,nf_conntrack_netlink,ip_vs +nf_defrag_ipv6 20480 2 nf_conntrack,ip_vs +libcrc32c 16384 3 nf_conntrack,nf_nat,ip_vs +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>- 宿主机需要安装syscontainer-tools。 +>- 需要指定--hooks-spec为syscontainer hooks。 + diff --git "a/content/zh/docs/Container/\345\215\207\347\272\247.md" "b/docs/zh/docs/Container/\345\215\207\347\272\247.md" similarity index 94% rename from "content/zh/docs/Container/\345\215\207\347\272\247.md" rename to "docs/zh/docs/Container/\345\215\207\347\272\247.md" index b9ffd7f394b64640a1b98cd2461ad41a4fdb2fa1..c93a36cbeb91dde4ffd6d783f1608b2bec9a6a64 100644 --- "a/content/zh/docs/Container/\345\215\207\347\272\247.md" +++ "b/docs/zh/docs/Container/\345\215\207\347\272\247.md" @@ -8,7 +8,7 @@ - 若为不同大版本之间的升级,例如从1.x.x版本升级到2.x.x版本,请先保存当前的配置文件/etc/isulad/daemon.json,并卸载已安装的iSulad软件包,然后安装待升级的iSulad软件包,随后恢复配置文件。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 可通过** sudo rpm -qa |grep iSulad** 或 **isula version** 命令确认当前iSulad的版本号。 >- 相同大版本之间,如果希望手动升级,请下载iSulad及其所有依赖库的RPM包进行升级,参考命令如下: > ``` diff --git "a/content/zh/docs/Container/\345\215\270\350\275\275.md" "b/docs/zh/docs/Container/\345\215\270\350\275\275.md" similarity index 100% rename from "content/zh/docs/Container/\345\215\270\350\275\275.md" rename to "docs/zh/docs/Container/\345\215\270\350\275\275.md" diff --git "a/content/zh/docs/Container/\345\221\275\344\273\244\350\241\214\345\217\202\350\200\203.md" "b/docs/zh/docs/Container/\345\221\275\344\273\244\350\241\214\345\217\202\350\200\203.md" similarity index 100% rename from "content/zh/docs/Container/\345\221\275\344\273\244\350\241\214\345\217\202\350\200\203.md" rename to "docs/zh/docs/Container/\345\221\275\344\273\244\350\241\214\345\217\202\350\200\203.md" diff --git "a/content/zh/docs/Container/\345\256\211\345\205\250\345\256\271\345\231\250.md" "b/docs/zh/docs/Container/\345\256\211\345\205\250\345\256\271\345\231\250.md" similarity index 89% rename from "content/zh/docs/Container/\345\256\211\345\205\250\345\256\271\345\231\250.md" rename to "docs/zh/docs/Container/\345\256\211\345\205\250\345\256\271\345\231\250.md" index 59dfe5bf88d08372051bf6863ebc7a19312655fd..9c07b50a15d1b43b47734be29ec99af8bd6b3f46 100644 --- "a/content/zh/docs/Container/\345\256\211\345\205\250\345\256\271\345\231\250.md" +++ "b/docs/zh/docs/Container/\345\256\211\345\205\250\345\256\271\345\231\250.md" @@ -7,7 +7,7 @@ 安全容器是使用虚拟化层进行容器间的隔离,同一个主机上不同的容器间运行互相不受影响。 **图 1** 安全容器架构 -![](figures/kata-arch.png) +![](./figures/kata-arch.png) 安全容器与Kubernetes中的Pod概念紧密联系,Kubernetes为容器调度管理平台的开源生态标准,它定义了一组容器操作相关接口(Container Runtime Interface 简称CRI)。 @@ -20,8 +20,8 @@ 安全容器与周边组件的关系如[图2](#fig17734185518269)所示。 **图 2** 安全容器与周边组件的关系 -![](figures/安全容器与周边组件的关系.png "安全容器与周边组件的关系") +![](./figures/sec-container.png) ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >安全容器的安装和使用需要使用root权限。 diff --git "a/content/zh/docs/Container/\345\256\211\345\205\250\346\200\247\345\222\214\351\232\224\347\246\273\346\200\247.md" "b/docs/zh/docs/Container/\345\256\211\345\205\250\346\200\247\345\222\214\351\232\224\347\246\273\346\200\247.md" similarity index 99% rename from "content/zh/docs/Container/\345\256\211\345\205\250\346\200\247\345\222\214\351\232\224\347\246\273\346\200\247.md" rename to "docs/zh/docs/Container/\345\256\211\345\205\250\346\200\247\345\222\214\351\232\224\347\246\273\346\200\247.md" index 200736c81e65491a747287f965ca92f53ea6ff4d..a7e3676cf7e1eade5c0366b1bc6a0f7778ef724e 100644 --- "a/content/zh/docs/Container/\345\256\211\345\205\250\346\200\247\345\222\214\351\232\224\347\246\273\346\200\247.md" +++ "b/docs/zh/docs/Container/\345\256\211\345\205\250\346\200\247\345\222\214\351\232\224\347\246\273\346\200\247.md" @@ -46,7 +46,7 @@ user namespace是将容器的root映射到主机的普通用户,使得容器 ### 使用指导 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >指定--user-remap参数前,请先将rootfs下所有目录和文件的uid和gid做整体偏移,偏移量为--user-remap指定uid和gid的偏移量。 >例如将dev目录的uid和gid整体uid和gid偏移100000的参考命令为: >chown 100000:100000 dev @@ -184,7 +184,7 @@ exit - Alice可以执行任何container操作:\{"name":"policy\_5","users":\["alice"\],"actions":\["container"\]\}。 - Alice可以执行任何container操作,但请求的种类只能是get:\{"name":"policy\_5","users":\["alice"\],"actions":\["container"\], "readonly":true \}。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >- 配置中匹配action支持正则表达式。 >- users不支持正则表达式。 >- users不能有重复用户,即同一用户不能被多条规则匹配。 diff --git "a/content/zh/docs/Container/\345\256\211\345\205\250\347\211\271\346\200\247.md" "b/docs/zh/docs/Container/\345\256\211\345\205\250\347\211\271\346\200\247.md" similarity index 98% rename from "content/zh/docs/Container/\345\256\211\345\205\250\347\211\271\346\200\247.md" rename to "docs/zh/docs/Container/\345\256\211\345\205\250\347\211\271\346\200\247.md" index 2b42fa30891ad70be07fdea0620f7c9fe89f0d09..9c7701ba978e0d052be1fa1f5482e50324560c31 100644 --- "a/content/zh/docs/Container/\345\256\211\345\205\250\347\211\271\346\200\247.md" +++ "b/docs/zh/docs/Container/\345\256\211\345\205\250\347\211\271\346\200\247.md" @@ -31,7 +31,7 @@ seccomp(**secure computing** **mode**)是linux kernel从2.6.23版本开始 isula run -itd --security-opt seccomp=/path/to/seccomp/profile.json rnd-dockerhub.huawei.com/official/busybox ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >1. 创建容器时通过--security-opt将配置文件传给容器时,采用默认配置文件(/etc/isulad/seccomp\_default.json)。 >2. 创建容器时--security-opt设置为unconfined时,对容器不过滤系统调用。 >3. “/path/to/seccomp/profile.json”需要是绝对路径。 @@ -117,7 +117,7 @@ isula run --rm -it --security-opt seccomp:/path/to/seccomp/profile.json rnd-dock } ``` ->![](public_sys-resources/icon-notice.gif) **须知:** +>![](./public_sys-resources/icon-notice.gif) **须知:** >- defaultAction、syscalls:对应的action的类型是一样的,但其值是不能一样的,目的就是让所有的syscal都有一个默认的action,并且如果syscalls数组中有明确的定义,就以syscalls中的为准,由于defaultAction、action的值不一样,就能保证action不会有冲突。当前支持的action有: > "SCMP\_ACT\_ERRNO":禁止,并打印错误信息。 > "SCMP\_ACT\_ALLOW":允许。 @@ -196,7 +196,7 @@ SELinux\(Security-Enhanced Linux\)是一个Linux内核的安全模块,提供 - 引入SELinux会影响性能,设置SELinux之前需要对场景进行评估,确定必要时打开daemon端SELinux开关并设置容器SELinux配置 - 对挂载卷进行标签配置时,源目录不允许为/、/usr、/etc、/tmp、/home、/run、/var、/root以及/usr的子目录。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 目前iSulad不支持对容器的文件系统打标签,确保容器文件系统及配置目录打上容器可访问标签,需使用chcon命令对其打上标签。 >- 若iSulad启用SELinux访问控制,建议daemon启动前对/var/lib/isulad目录打上标签,容器容器创建时目录下生产的文件及文件夹将默认继承其标签,例如: > ``` diff --git "a/content/zh/docs/Container/\345\256\211\350\243\205-\345\215\207\347\272\247\344\270\216\345\215\270\350\275\275.md" "b/docs/zh/docs/Container/\345\256\211\350\243\205-\345\215\207\347\272\247\344\270\216\345\215\270\350\275\275.md" similarity index 100% rename from "content/zh/docs/Container/\345\256\211\350\243\205-\345\215\207\347\272\247\344\270\216\345\215\270\350\275\275.md" rename to "docs/zh/docs/Container/\345\256\211\350\243\205-\345\215\207\347\272\247\344\270\216\345\215\270\350\275\275.md" diff --git "a/content/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" "b/docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" similarity index 100% rename from "content/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" rename to "docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256-2.md" diff --git "a/content/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" "b/docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" similarity index 97% rename from "content/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" rename to "docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" index ba1a4f3a5434cc5ca2b683eae10c1f446cf03b3a..122f968b2247b2519972e74b3217edb6bc03c881 100644 --- "a/content/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" +++ "b/docs/zh/docs/Container/\345\256\211\350\243\205\344\270\216\351\205\215\347\275\256.md" @@ -1,6 +1,6 @@ # 安装与配置 本章介绍iSulad的安装、安装后配置,以及升级和卸载的方法。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >iSulad的安装、升级、卸载均需要使用root权限。 @@ -43,7 +43,7 @@ iSulad 安装完成后,可以根据需要进行相关配置。 轻量级容器引擎(iSulad)服务端daemon为isulad,isulad可以通过配置文件进行配置,也可以通过命令行的方式进行配置,例如:isulad --xxx,优先级从高到低是:命令行方式\>配置文件\>代码中默认配置。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >如果采用systemd管理iSulad进程,修改/etc/sysconfig/iSulad文件中的OPTIONS字段,等同于命令行方式进行配置。 - **命令行方式** @@ -70,7 +70,6 @@ iSulad 安装完成后,可以根据需要进行相关配置。 --hook-spec Default hook spec file applied to all containers -H, --host The socket name used to create gRPC server --image-layer-check Check layer intergrity when needed - --image-opt-timeout Max timeout(default 5m) for image operation --insecure-registry Disable TLS verification for the given registry --insecure-skip-verify-enforce Force to skip the insecure verify(default false) --log-driver Set daemon log driver, such as: file @@ -264,15 +263,6 @@ iSulad 安装完成后,可以根据需要进行相关配置。 overlay2.basesize=${size} #等价于overlay2.size -

--image-opt-timeout

- -

"image-opt-timeout": "5m"

- -

镜像操作超时时间,默认为5m

- -

值为-1表示不限制超时。

- -

--registry-mirrors

"registry-mirrors": [ "docker.io" ]

@@ -478,7 +468,6 @@ iSulad 安装完成后,可以根据需要进行相关配置。 "rnd-dockerhub.huawei.com" ], "pod-sandbox-image": "", - "image-opt-timeout": "5m", "native.umask": "secure", "network-plugin": "", "cni-bin-dir": "", @@ -489,12 +478,11 @@ iSulad 安装完成后,可以根据需要进行相关配置。 } ``` - >![](public_sys-resources/icon-notice.gif) **须知:** + >![](./public_sys-resources/icon-notice.gif) **须知:** >默认配置文件/etc/isulad/daemon.json仅供参考,请根据实际需要进行配置 ### 存储说明 - @@ -504,14 +492,14 @@ iSulad 安装完成后,可以根据需要进行相关配置。 - - @@ -532,35 +520,35 @@ iSulad 安装完成后,可以根据需要进行相关配置。 - - - - - @@ -592,7 +580,7 @@ iSulad 安装完成后,可以根据需要进行相关配置。 - 日志文件管理: - >![](public_sys-resources/icon-notice.gif) **须知:** + >![](./public_sys-resources/icon-notice.gif) **须知:** >日志功能对接: iSulad由systemd管理,日志也由systemd管理,然后传输给rsyslogd。rsyslog默认会对写日志速度有限制,可以通过修改/etc/rsyslog.conf文件,增加"$imjournalRatelimitInterval 0"配置项,然后重启rsyslogd的服务即可。 - 命令行参数解析限制 @@ -786,7 +774,7 @@ iSulad采用C/S模式进行设计,在默认情况,iSulad守护进程isulad 如果需要采用单向认证方式进行通讯,则服务端采用模式2,客户端采用模式2。 ->![](public_sys-resources/icon-notice.gif) **须知:** +>![](./public_sys-resources/icon-notice.gif) **须知:** >- 采用RPM安装方式时,服务端配置可通过/etc/isulad/daemon.json以及/etc/sysconfig/iSulad配置修改 >- 相比非认证或者单向认证方式,双向认证具备更高的安全性,推荐使用双向认证的方式进行通讯 >- GRPC开源组件日志不由iSulad进行接管,如果需要查看GRPC相关日志,请按需设置GRPC\_VERBOSITY和GRPC\_TRACE环境变量 diff --git "a/content/zh/docs/Container/\345\256\211\350\243\205\346\214\207\345\257\274.md" "b/docs/zh/docs/Container/\345\256\211\350\243\205\346\214\207\345\257\274.md" similarity index 84% rename from "content/zh/docs/Container/\345\256\211\350\243\205\346\214\207\345\257\274.md" rename to "docs/zh/docs/Container/\345\256\211\350\243\205\346\214\207\345\257\274.md" index fbcd663a6015c6b18d9b3b7e887ac5b045549b08..fcf2db30db8519b5fad347b79784a77788e783b0 100644 --- "a/content/zh/docs/Container/\345\256\211\350\243\205\346\214\207\345\257\274.md" +++ "b/docs/zh/docs/Container/\345\256\211\350\243\205\346\214\207\345\257\274.md" @@ -1,31 +1,31 @@ -# 安装指导 - ->![](public_sys-resources/icon-note.gif) **说明:** ->系统容器的安装需要使用root权限。 - -1. 首先需要安装iSulad容器引擎。 - - ``` - # yum install iSulad - ``` - -2. 安装系统容器依赖包。 - - ``` - # yum install syscontainer-tools authz lxcfs-tools lxcfs - ``` - -3. 查看iSulad是否已经启动。 - - ``` - # systemctl status isulad - ``` - -4. 开启lxcfs和authz服务。 - - ``` - # systemctl start lxcfs - # systemctl start authz - ``` - - +# 安装指导 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>系统容器的安装需要使用root权限。 + +1. 首先需要安装iSulad容器引擎。 + + ``` + # yum install iSulad + ``` + +2. 安装系统容器依赖包。 + + ``` + # yum install syscontainer-tools authz lxcfs-tools lxcfs + ``` + +3. 查看iSulad是否已经启动。 + + ``` + # systemctl status isulad + ``` + +4. 开启lxcfs和authz服务。 + + ``` + # systemctl start lxcfs + # systemctl start authz + ``` + + diff --git "a/content/zh/docs/Container/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" "b/docs/zh/docs/Container/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" similarity index 98% rename from "content/zh/docs/Container/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" rename to "docs/zh/docs/Container/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" index 12d586d56f7a819ae6437f0321f5d018d24970a3..84202b96449118f548e6a0bdac2e2ab3a96be1f3 100644 --- "a/content/zh/docs/Container/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" +++ "b/docs/zh/docs/Container/\345\256\211\350\243\205\351\205\215\347\275\256-3.md" @@ -52,12 +52,12 @@ cat /etc/docker/daemon.json 用户需要明白重新指定各种运行目录和文件(包括--graph、--exec-root等),可能会存在目录冲突,或文件属性变换,对应用的正常使用造成影响。 ->![](public_sys-resources/icon-notice.gif) **须知:** +>![](./public_sys-resources/icon-notice.gif) **须知:** >用户指定的目录或文件应为docker专用,避免冲突导致的文件属性变化带来安全问题。 - 以--graph为例,当我们使用/new/path/作为daemon新的Root Dir时,如果/new/path/下已经存在文件,且目录或文件名与docker需要使用的目录或文件名冲突(例如: containers、hooks、tmp等目录)时,docker可能会更新原有目录或文件的属性,包括属主、权限等为自己的属主和权限。 ->![](public_sys-resources/icon-notice.gif) **须知:** +>![](./public_sys-resources/icon-notice.gif) **须知:** >从docker-17.05开始,--graph参数被标记为Deprecated,用新的参数--data-root替代。 ### daemon自带网络配置 @@ -72,7 +72,7 @@ cat /etc/docker/daemon.json docker启动容器时的默认umask值为0027,可以在dockerd启动时,使用--exec-opt native.umask=normal参数将容器启动时的umask修改为0022。 ->![](public_sys-resources/icon-notice.gif) **须知:** +>![](./public_sys-resources/icon-notice.gif) **须知:** >如果docker create/run也配置了native.umask参数,则以docker create/run中的配置为准。 详细的配置见[docker create](#create.md#ZH-CN_TOPIC_0184808242)和[docker run](#run.md#ZH-CN_TOPIC_0184808254)章节的参数说明。 @@ -145,7 +145,7 @@ docker支持配置audit,但不是强制的。例如: [root@localhost signal]# auditctl -l | grep docker -w /var/lib/docker/ -p rwxa -k docker ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >-p \[r|w|x|a\] 和-w一起使用,观察用户对这个目录的读、写、执行或者属性变化(如时间戳变化)。这样的话,在/var/lib/docker目录下的任何文件、目录操作,都会打印日志到audit.log中,从而会有太多的日志往audit.log中记录,会严重地影响auditd, 比如内存、cpu占用等,进而影响os的运行。例如:每次执行"ls /var/lib/docker/containers"都会有类似如下日志记录到/var/log/audit/audit.log中。 ``` @@ -441,7 +441,7 @@ Error response from daemon: oci runtime error: container with id exists: xxxxxx - 构建缓存,构建缓存信息会在重启后删除。 - containerd保存的元数据,由于启动容器会重建containerd元数据,重启节点会清理containerd中保存的元数据。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >用户若选择采用手动清理恢复环境的方式,可通过配置环境变量“DISABLE\_CRASH\_FILES\_DELETE=true”屏蔽daemon掉电重启时db文件清理功能。 diff --git "a/content/zh/docs/Container/\345\256\271\345\231\250\345\201\245\345\272\267\347\212\266\346\200\201\346\243\200\346\237\245.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\201\245\345\272\267\347\212\266\346\200\201\346\243\200\346\237\245.md" similarity index 100% rename from "content/zh/docs/Container/\345\256\271\345\231\250\345\201\245\345\272\267\347\212\266\346\200\201\346\243\200\346\237\245.md" rename to "docs/zh/docs/Container/\345\256\271\345\231\250\345\201\245\345\272\267\347\212\266\346\200\201\346\243\200\346\237\245.md" diff --git "a/content/zh/docs/Container/\345\256\271\345\231\250\345\206\205reboot-shutdown.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\206\205reboot-shutdown.md" similarity index 98% rename from "content/zh/docs/Container/\345\256\271\345\231\250\345\206\205reboot-shutdown.md" rename to "docs/zh/docs/Container/\345\256\271\345\231\250\345\206\205reboot-shutdown.md" index 14508d324269ffafe4592db409c74aee17837129..fed94bfad7f1cb583826e4c20847dd8aaf351105 100644 --- "a/content/zh/docs/Container/\345\256\271\345\231\250\345\206\205reboot-shutdown.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\206\205reboot-shutdown.md" @@ -1,12 +1,12 @@ -# 容器内reboot/shutdown - -## 功能描述 - -系统容器支持在容器内执行reboot和shutdown命令。执行reboot命令效果同重启容器一致;执行shutdown命令效果同停止容器一致。 - -## 参数说明 - - +# 容器内reboot/shutdown + +## 功能描述 + +系统容器支持在容器内执行reboot和shutdown命令。执行reboot命令效果同重启容器一致;执行shutdown命令效果同停止容器一致。 + +## 参数说明 + +

文件名

*

+

\*

/etc/default/isulad/

存放isulad的OCI配置文件和钩子模板文件,文件夹下的配置文件权限设置为0640,sysmonitor检查脚本权限为0550

*

+

\*

/etc/isulad/

存放isulad的PID,同时也是一个文件锁防止启动多个isulad实例

*

+

\*

/run/lxc/

文件锁文件,isula运行过程创建的文件

*

+

\*

/var/run/isulad/

实时通讯缓存文件,isulad运行过程创建的文件

*

+

\*

/var/run/isula/

实时通讯缓存文件,isula运行过程创建的文件

*

+

\*

/var/lib/lcr/

LCR 组件临时目录

*

+

\*

/var/lib/isulad/
-

命令

参数

@@ -25,55 +25,55 @@
- -## 约束限制 - -- shutdown功能,依赖于不同的OS,以实际容器运行环境对应OS为准。 -- 执行“shutdown -h now”命令关闭系统时,不能多次占用console。例如“isula run -ti”命令打开一个console,在另一个host bash中isula attach该容器,会打开另一个console,此时执行shutdown会失败。 - -## 使用示例 - -- 容器启动时指定\--restart on-reboot参数,示例如下: - - ``` - [root@localhost ~]# isula run -tid --restart on-reboot --system-container --external-rootfs /root/myrootfs none init - 106faae22a926e22c828a0f2b63cf5c46e5d5986ea8a5b26de81390d0ed9714f - ``` - - -- 进入容器执行reboot命令: - - ``` - [root@localhost ~]# isula exec -it 10 bash - [root@localhost /]# reboot - ``` - - 查看容器是否重启: - - ``` - [root@localhost ~]# isula exec -it 10 ps aux - USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND - root 1 0.1 0.0 21588 9504 ? Ss 12:11 0:00 init - root 14 0.1 0.0 27024 9376 ? Ss 12:11 0:00 /usr/lib/system - root 17 0.0 0.0 18700 5876 ? Ss 12:11 0:00 /usr/lib/system - dbus 22 0.0 0.0 9048 3624 ? Ss 12:11 0:00 /usr/bin/dbus-d - root 26 0.0 0.0 8092 3012 ? Rs+ 12:13 0:00 ps aux - ``` - -- 进入容器执行shutdown命令: - - ``` - [root@localhost ~]# isula exec -it 10 bash - [root@localhost /]# shutdown -h now - [root@localhost /]# [root@localhost ~]# - ``` - - 检查容器是否停止: - - ``` - [root@localhost ~]# isula exec -it 10 bash - Error response from daemon: Exec container error;Container is not running:106faae22a926e22c828a0f2b63cf5c46e5d5986ea8a5b26de81390d0ed9714f - ``` - - + + +## 约束限制 + +- shutdown功能,依赖于不同的OS,以实际容器运行环境对应OS为准。 +- 执行“shutdown -h now”命令关闭系统时,不能多次占用console。例如“isula run -ti”命令打开一个console,在另一个host bash中isula attach该容器,会打开另一个console,此时执行shutdown会失败。 + +## 使用示例 + +- 容器启动时指定\--restart on-reboot参数,示例如下: + + ``` + [root@localhost ~]# isula run -tid --restart on-reboot --system-container --external-rootfs /root/myrootfs none init + 106faae22a926e22c828a0f2b63cf5c46e5d5986ea8a5b26de81390d0ed9714f + ``` + + +- 进入容器执行reboot命令: + + ``` + [root@localhost ~]# isula exec -it 10 bash + [root@localhost /]# reboot + ``` + + 查看容器是否重启: + + ``` + [root@localhost ~]# isula exec -it 10 ps aux + USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND + root 1 0.1 0.0 21588 9504 ? Ss 12:11 0:00 init + root 14 0.1 0.0 27024 9376 ? Ss 12:11 0:00 /usr/lib/system + root 17 0.0 0.0 18700 5876 ? Ss 12:11 0:00 /usr/lib/system + dbus 22 0.0 0.0 9048 3624 ? Ss 12:11 0:00 /usr/bin/dbus-d + root 26 0.0 0.0 8092 3012 ? Rs+ 12:13 0:00 ps aux + ``` + +- 进入容器执行shutdown命令: + + ``` + [root@localhost ~]# isula exec -it 10 bash + [root@localhost /]# shutdown -h now + [root@localhost /]# [root@localhost ~]# + ``` + + 检查容器是否停止: + + ``` + [root@localhost ~]# isula exec -it 10 bash + Error response from daemon: Exec container error;Container is not running:106faae22a926e22c828a0f2b63cf5c46e5d5986ea8a5b26de81390d0ed9714f + ``` + + diff --git "a/docs/zh/docs/Container/\345\256\271\345\231\250\345\267\245\345\205\267.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\267\245\345\205\267.md" new file mode 100644 index 0000000000000000000000000000000000000000..5462fd1d3ce91c594d10bced64fa3532f73f5472 --- /dev/null +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\267\245\345\205\267.md" @@ -0,0 +1,3 @@ +# 容器工具 + +为了更好地管理和使用容器,iSula 推出了一些容器相关工具,包括容器镜像构建工具 iSula-build、容器迁移工具 isula-transform等。本章介绍容器相关工具的安装和使用方法,以指导用户更好地使用对应工具。 \ No newline at end of file diff --git "a/content/zh/docs/Container/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" similarity index 99% rename from "content/zh/docs/Container/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" rename to "docs/zh/docs/Container/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" index a230e281993e13fb393c217bbce61dde05a1d314..1741c561a9434ae2a973e997ddcd8d7d59eb26c9 100644 --- "a/content/zh/docs/Container/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\345\274\225\346\223\216-4.md" @@ -125,11 +125,7 @@ docker命令支持多个参数选项,对于参数选项有以下约定:

设置运行时执行选项。

例如支持native.umask选项:

-
# 启动的容器umask值为0022 
---exec-opt native.umask=normal 
-
-# 启动的容器umask值为0027(默认值)
---exec-opt  native.umask=secure
+
# 启动的容器umask值为0022 --exec-opt native.umask=normal # 启动的容器umask值为0027(默认值)--exec-opt  native.umask=secure

注意如果docker create/run也配置了native.umask参数则以docker create/run中的配置为准。

diff --git "a/content/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" similarity index 99% rename from "content/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" rename to "docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" index 65e7d9a39a25be5d622e281a186159cafdb619ed..02e00cf5715d2c0768d035ccda20e25f368414f3 100644 --- "a/content/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-3.md" @@ -575,7 +575,7 @@ CONTAINER ID IMAGE COMMAND CREATED } ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 容器内健康检查的状态信息最多保存5条。会保存最后得到的5条记录。 >- 容器内健康检查相关配置同时最多只能有一条生效。Dockerfile中配置的靠后的条目会覆盖靠前的;容器创建时的配置会覆盖镜像中的。 >- 在Dockerfile中可以通过 HEALTHCHECK NONE来取消引用的镜像中的健康检查配置。在容器运行时可以通过配置--no-healthcheck来取消镜像中的健康检查配置。不允许在启动时同时配置健康检查相关选项与--no-healthcheck选项。 diff --git "a/content/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" similarity index 99% rename from "content/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" rename to "docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" index 9f9f5c15d95632319573d095b2a74399259b31e9..23b7f49276f5739e2525259eb331e28fdd3856d4 100644 --- "a/content/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206-4.md" @@ -1079,7 +1079,7 @@ b15976967abb busybox:latest "bash" 34 seconds ago $ sudo docker restart busybox ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >容器在restart过程中,如果容器内存在D状态或Z状态的进程,可能会导致容器重启失败,这需要进一步分析导致容器内进程D状态或Z状态的原因,待容器内进程D状态或Z状态解除后,再进行容器restart操作。 ## rm diff --git "a/content/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206.md" similarity index 99% rename from "content/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206.md" rename to "docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206.md" index 6d25ee645462cd89a5720dd2113c98053f4f29b0..9f3ca3b2d014045288eca3ca09033c48a5361de6 100644 --- "a/content/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\347\256\241\347\220\206.md" @@ -49,7 +49,7 @@ create命令支持参数参考下表。

说明

-

create

+

create

  

--annotation

@@ -232,7 +232,7 @@ create命令支持参数参考下表。

--mount

-

挂载主机目录到容器中

+

挂载主机目录/卷/文件系统到容器中

--no-healthcheck

@@ -301,6 +301,11 @@ create命令支持参数参考下表。

挂载一个卷

+

--volumes-from=[]

+ +

使用指定的容器的挂载配置

+ + @@ -561,11 +566,6 @@ run命令支持参数参考下表。

即使没有连接到容器的标准输入,也要保持容器的标准输入打开

-

--log-driver

- -

设置日志驱动,支持syslog和json-file。

- -

--log-opt=[]

日志驱动程序选项,默认禁用记录容器串口日志功能,可以通过"--log-opt disable-log=false"来开启。

@@ -743,19 +743,19 @@ run命令支持参数参考下表。 - >![](public_sys-resources/icon-notice.gif) **须知:** + >![](./public_sys-resources/icon-notice.gif) **须知:** >第一种情况,先挂载/home/test1,然后挂载/home/test2,这种情况会导致/home/test1的内容覆盖掉原来/mnt下面的内容,这样可能导致/mnt下面不存在abc目录,这样会导致挂载/home/test2到/mnt/abc失败。 >第二种情况,先挂载/home/test2,然后挂载/home/test1。这种情况,第二次的挂载会把/mnt的内容替换为/home/test1的内容,这样第一次挂载的/home/test2到/mnt/abc的内容就看不到了。 >因此,不支持第一种使用方式;第二种使用用户需要了解这种数据无法访问的风险 - >![](public_sys-resources/icon-notice.gif) **须知:** + >![](./public_sys-resources/icon-notice.gif) **须知:** >- 高并发场景(并发启动200容器)下,glibc的内存管理机制会导致内存空洞以及虚拟内存较大(例如10GB)的问题。该问题是高并发场景下glibc内存管理机制的限制,而不是内存泄露,不会导致内存消耗无限增大。可以通过设置MALLOC\_ARENA\_MAX环境变量来减少虚拟内存的问题,而且可以增大减少物理内存的概率。但是这个环境变量会导致iSulad的并发性能下降,需要用户根据实际情况做配置。 > ``` > 参考实践情况,平衡性能和内存,可以设置MALLOC_ARENA_MAX为4。(在arm64服务器上面对iSulad的性能影响在10%以内) > 配置方法: > 1. 手动启动iSulad的场景,可以直接export MALLOC_ARENA_MAX=4,然后再启动iSulad即可。 > 2. systemd管理iSulad的场景,可以修改/etc/sysconfig/iSulad,增加一条MALLOC_ARENA_MAX=4即可。 - > ``` + > ``` ### 示例 @@ -1244,7 +1244,7 @@ inspect命令支持参数参考下表。 ### 约束限制 -- 轻量级容器不支持format为“\{\{.State\}\}”的格式化输出,支持“\{\{json .State\}\}”的json格式化输出。当inspect镜像时,不支持-f参数。 +- 轻量级容器不支持format为“\{ \{.State\} \}”的格式化输出,支持“\{ \{json .State\} \}”的json格式化输出。当inspect镜像时,不支持-f参数。 ### 示例 diff --git "a/content/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\345\212\250\346\200\201\347\256\241\347\220\206.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\345\212\250\346\200\201\347\256\241\347\220\206.md" similarity index 99% rename from "content/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\345\212\250\346\200\201\347\256\241\347\220\206.md" rename to "docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\345\212\250\346\200\201\347\256\241\347\220\206.md" index c09fa4af20f3643963297e7a371796c88cf78262..5ab7230555dceebb3c97339c67f29bdee5687168 100644 --- "a/content/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\345\212\250\346\200\201\347\256\241\347\220\206.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\345\212\250\346\200\201\347\256\241\347\220\206.md" @@ -253,7 +253,7 @@ container\_id:容器id。 Add network interface to container 2aaca5c1af7c (eth3,eth1) done ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >添加虚拟网卡或物理网卡时,请确保网卡处于空闲状态,添加正在使用的网卡会导致系统网络断开。 diff --git "a/content/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" "b/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" similarity index 99% rename from "content/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" rename to "docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" index 20223d146e428ef50ec37117298c54a0f9aefedc..ce610af5f7d2a3934630027b5f0497edd0291666 100644 --- "a/content/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" +++ "b/docs/zh/docs/Container/\345\256\271\345\231\250\350\265\204\346\272\220\347\256\241\347\220\206.md" @@ -166,7 +166,7 @@ create/run时可以指定下列参数。 isula run -tid --cpuset-cpus 0,2-3 busybox sh ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >是否设置成功,请参见“查询单个容器信息”章节。 ## 限制运行时的内存 @@ -457,7 +457,7 @@ overlay 10.0M 10.0M 0 100% / 使用限额功能的isulad切换数据盘时,需要保证被切换的数据盘使用\`prjquota\`选项挂载,且/var/lib/isulad/storage/overlay2目录的挂载方式与/var/lib/isulad相同。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >切换数据盘时需要保证/var/lib/isulad/storage/overlay2的挂载点被卸载。 diff --git "a/content/zh/docs/Container/\346\214\207\345\256\232rootfs\345\210\233\345\273\272\345\256\271\345\231\250.md" "b/docs/zh/docs/Container/\346\214\207\345\256\232rootfs\345\210\233\345\273\272\345\256\271\345\231\250.md" similarity index 97% rename from "content/zh/docs/Container/\346\214\207\345\256\232rootfs\345\210\233\345\273\272\345\256\271\345\231\250.md" rename to "docs/zh/docs/Container/\346\214\207\345\256\232rootfs\345\210\233\345\273\272\345\256\271\345\231\250.md" index 7a5ab73002b37ece92515761b5b5742557ae6443..dd6a08280d086eaabbe4e98baf9428e663fcf03d 100644 --- "a/content/zh/docs/Container/\346\214\207\345\256\232rootfs\345\210\233\345\273\272\345\256\271\345\231\250.md" +++ "b/docs/zh/docs/Container/\346\214\207\345\256\232rootfs\345\210\233\345\273\272\345\256\271\345\231\250.md" @@ -1,12 +1,12 @@ -# 指定rootfs创建容器 - -## 功能描述 - -系统容器不同于普通容器,普通容器需要指定一个容器镜像来启动,而系统容器通过参数 \--external-rootfs 指定一个本地的根文件系统rootfs(Root File System)来启动,rootfs包含了容器运行时依赖的操作系统环境。 - -## 参数说明 - - +# 指定rootfs创建容器 + +## 功能描述 + +系统容器不同于普通容器,普通容器需要指定一个容器镜像来启动,而系统容器通过参数 \--external-rootfs 指定一个本地的根文件系统rootfs(Root File System)来启动,rootfs包含了容器运行时依赖的操作系统环境。 + +## 参数说明 + + -

命令

参数

@@ -23,24 +23,24 @@
- -## 约束限制 - -- 参数--external-rootfs指定的rootfs目录必须为绝对路径,不能为相对路径。 -- 参数--external-rootfs指定的rootfs目录必须为一个完整运行的操作系统环境,否则容器会启动失败。 -- 容器删除时,不会删除--external-rootfs指定的rootfs目录。 -- 不支持在x86环境上运行基于arm rootfs的容器,也不支持在arm环境上运行基于x86 rootfs的容器。 -- 同一份rootfs,不建议启动多个容器实例,即同一份rootfs只供一个生命周期内的容器实例使用。 - -## 使用示例 - -假设本地rootfs的路径为/root/myrootfs,那么启动一个系统容器的命令如下: - -``` -# isula run -tid --system-container --external-rootfs /root/myrootfs none init -``` - ->![](public_sys-resources/icon-note.gif) **说明:** ->rootfs为自定义的文件系统,请用户自行准备。例如容器镜像的tar包解压后,即为一个rootfs。 - + + +## 约束限制 + +- 参数--external-rootfs指定的rootfs目录必须为绝对路径,不能为相对路径。 +- 参数--external-rootfs指定的rootfs目录必须为一个完整运行的操作系统环境,否则容器会启动失败。 +- 容器删除时,不会删除--external-rootfs指定的rootfs目录。 +- 不支持在x86环境上运行基于arm rootfs的容器,也不支持在arm环境上运行基于x86 rootfs的容器。 +- 同一份rootfs,不建议启动多个容器实例,即同一份rootfs只供一个生命周期内的容器实例使用。 + +## 使用示例 + +假设本地rootfs的路径为/root/myrootfs,那么启动一个系统容器的命令如下: + +``` +# isula run -tid --system-container --external-rootfs /root/myrootfs none init +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +>rootfs为自定义的文件系统,请用户自行准备。例如容器镜像的tar包解压后,即为一个rootfs。 + diff --git "a/content/zh/docs/Container/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" "b/docs/zh/docs/Container/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" similarity index 96% rename from "content/zh/docs/Container/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" rename to "docs/zh/docs/Container/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" index a5444e4e8ed3b52005b1ef851998c10d045731c5..cb48737268e36d2c83e8af8cfa56e644d99d6acc 100644 --- "a/content/zh/docs/Container/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" +++ "b/docs/zh/docs/Container/\346\224\257\346\214\201CNI\347\275\221\347\273\234.md" @@ -14,12 +14,6 @@ 实现CRI接口对接CNI网络的能力,包括CNI网络配置文件的解析、CNI网络的加入和退出。Pod需要支持网络时,例如通过canal等容器网络插件提供网络能力,那么需要CRI接口能够和canal实现对接,并且调用canal的接口,为Pod提供网络能力。 -CNI配置文件相关行为描述: - -- 对--cni-conf-dir目录下的合法配置文件名进行字典排序,取第一个合法配置作为default网络平面的配置; -- 每隔5s对配置目录进行扫描,重新加载更新CNI配置; -- CRI Status接口不更新CNI的网络配置; - ## 接口 CNI对用户可见的接口,主要涉及CNI网络配置和Pod配置中CNI网络相关的项。 @@ -123,7 +117,7 @@ Pod配置中和网络相关的还有port\_mappings项,用于设置Pod的端口 StopPodSandbox的时候,会调用退出CNI网络的接口,清理网络相关的资源。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >1. 在调用RemovePodSandbox接口之前,至少要调用一次StopPodSandbox接口 >2. StopPodSandbox调用CNI接口失败,可能导致的网络资源残留。 diff --git "a/content/zh/docs/Container/\346\224\257\346\214\201OCI-hooks.md" "b/docs/zh/docs/Container/\346\224\257\346\214\201OCI-hooks.md" similarity index 100% rename from "content/zh/docs/Container/\346\224\257\346\214\201OCI-hooks.md" rename to "docs/zh/docs/Container/\346\224\257\346\214\201OCI-hooks.md" diff --git "a/content/zh/docs/Container/\346\234\200\345\244\247\345\217\245\346\237\204\346\225\260\351\231\220\345\210\266.md" "b/docs/zh/docs/Container/\346\234\200\345\244\247\345\217\245\346\237\204\346\225\260\351\231\220\345\210\266.md" similarity index 98% rename from "content/zh/docs/Container/\346\234\200\345\244\247\345\217\245\346\237\204\346\225\260\351\231\220\345\210\266.md" rename to "docs/zh/docs/Container/\346\234\200\345\244\247\345\217\245\346\237\204\346\225\260\351\231\220\345\210\266.md" index d17c211009369ef71b3d8c4482bcc054f065428a..4de230203107c3f2b4a9c11c9b8a2349a400c2bb 100644 --- "a/content/zh/docs/Container/\346\234\200\345\244\247\345\217\245\346\237\204\346\225\260\351\231\220\345\210\266.md" +++ "b/docs/zh/docs/Container/\346\234\200\345\244\247\345\217\245\346\237\204\346\225\260\351\231\220\345\210\266.md" @@ -1,12 +1,12 @@ -# 最大句柄数限制 - -## 功能描述 - -系统容器支持对容器内使用文件句柄数进行限制,文件句柄包括普通文件句柄和网络套接字,启动容器时,可以通过指定--files-limit参数限制容器内打开的最大句柄数。 - -## 参数说明 - - +# 最大句柄数限制 + +## 功能描述 + +系统容器支持对容器内使用文件句柄数进行限制,文件句柄包括普通文件句柄和网络套接字,启动容器时,可以通过指定--files-limit参数限制容器内打开的最大句柄数。 + +## 参数说明 + + -

命令

参数

@@ -24,33 +24,33 @@
- -## 约束限制 - -- 如果\--files-limit指定的值太小,可能会导致系统容器无法通过exec执行命令,报"open too many files"错误,所以files limit的值应该设置大一些。 -- 文件句柄包括普通文件句柄和网络套接字。 - -## 使用示例 - -使用\--files-limit限制容器内打开文件句柄数需要内核支持files cgroup,可以执行以下命令查看: - -``` -[root@localhost ~]# cat /proc/1/cgroup | grep files -10:files:/ -``` - -结果显示files,说明内核支持files cgroup。 - -容器启动指定--files-limit参数,并检查files.limit参数是否成功写入: - -``` -[root@localhost ~]# isula run -tid --files-limit 1024 --system-container --external-rootfs /tmp/root-fs empty init 01e82fcf97d4937aa1d96eb8067f9f23e4707b92de152328c3fc0ecb5f64e91d -[root@localhost ~]# isula exec -it 01e82fcf97d4 bash -[root@localhost ~]# cat /sys/fs/cgroup/files/files.limit -1024 - -``` - -可以看出,容器内文件句柄数被成功限制。 - + + +## 约束限制 + +- 如果\--files-limit指定的值太小,可能会导致系统容器无法通过exec执行命令,报"open too many files"错误,所以files limit的值应该设置大一些。 +- 文件句柄包括普通文件句柄和网络套接字。 + +## 使用示例 + +使用\--files-limit限制容器内打开文件句柄数需要内核支持files cgroup,可以执行以下命令查看: + +``` +[root@localhost ~]# cat /proc/1/cgroup | grep files +10:files:/ +``` + +结果显示files,说明内核支持files cgroup。 + +容器启动指定--files-limit参数,并检查files.limit参数是否成功写入: + +``` +[root@localhost ~]# isula run -tid --files-limit 1024 --system-container --external-rootfs /tmp/root-fs empty init 01e82fcf97d4937aa1d96eb8067f9f23e4707b92de152328c3fc0ecb5f64e91d +[root@localhost ~]# isula exec -it 01e82fcf97d4 bash +[root@localhost ~]# cat /sys/fs/cgroup/files/files.limit +1024 + +``` + +可以看出,容器内文件句柄数被成功限制。 + diff --git "a/docs/zh/docs/Container/\346\234\254\345\234\260\345\215\267\347\256\241\347\220\206.md" "b/docs/zh/docs/Container/\346\234\254\345\234\260\345\215\267\347\256\241\347\220\206.md" new file mode 100644 index 0000000000000000000000000000000000000000..f80a03b4ea62eb9327a80ebe5fe7293edc3408ef --- /dev/null +++ "b/docs/zh/docs/Container/\346\234\254\345\234\260\345\215\267\347\256\241\347\220\206.md" @@ -0,0 +1,199 @@ +# 本地卷管理 + +- [本地卷管理](#本地卷管理) + - [概述](#概述) + - [注意事项](#注意事项) + - [使用方法](#使用方法) + - [使用-v参数挂载数据](#使用-v参数挂载数据) + - [**命令格式**](#命令格式) + - [**功能描述**](#功能描述) + - [**参数说明**](#参数说明) + - [**示例**](#示例) + - [使用--mount参数挂载数据](#使用--mount参数挂载数据) + - [**命令格式**](#命令格式-1) + - [**功能描述**](#功能描述-1) + - [**参数说明**](#参数说明-1) + - [**示例**](#示例-1) + - [复用其他容器中的挂载配置](#复用其他容器中的挂载配置) + - [**命令格式**](#命令格式-2) + - [**功能描述**](#功能描述-2) + - [**参数说明**](#参数说明-2) + - [**示例**](#示例-2) + - [使用镜像中的匿名卷](#使用镜像中的匿名卷) + - [卷的查询](#卷的查询) + - [**命令格式**](#命令格式-3) + - [**功能描述**](#功能描述-3) + - [**参数说明**](#参数说明-3) + - [**示例**](#示例-3) + - [卷的删除](#卷的删除) + - [**命令格式**](#命令格式-4) + - [**功能描述**](#功能描述-4) + - [**参数说明**](#参数说明-4) + - [**示例**](#示例-4) + - [注意事项](#注意事项-1) + - [冲突合并规则](#冲突合并规则) + - [iSula和Docker的差异](#isula和docker的差异) + +## 概述 + +iSula 管理的容器销毁后,容器内自身所有的数据都会被销毁。如果用户希望容器销毁后依然保留数据,则需要有一种持久化数据的机制。iSula 允许将主机上的文件、目录或卷在容器运行时挂载到容器内。用户可以将需要持久化的数据写入容器内的挂载点。则容器销毁后,主机上的文件、目录、卷依然保留。如果用户需要销毁主机上的文件、目录、卷,可以手动删除文件、目录或者执行 iSula 的相关命令删除卷。对于卷的管理目前 iSula 只支持本地卷,本地卷又分为有名卷和匿名卷。由用户指定名称生产的卷叫有名卷,用户没有指定卷名称,由 iSula 自动生成卷名(一个64位的随机数)的卷为匿名卷。 + +本章介绍通过 iSula 管理本地卷的使用方法。 + +## 注意事项 +- 卷名称长度2-64个字符,符合正则表达式:^[a-zA-Z0-9][a-zA-Z0-9_.-]{1,63}$,即卷名称首字符必须为字母或者数字,从第二个字符开始可以为字母、数字或者"_"、"."、"-"这几个字符。 +- 创建容器时,如果卷对应的容器内的挂载点存在数据,则默认会拷贝到卷里。如果拷贝过程中出现了 iSula 崩溃重启或者系统掉电之类的异常,则卷内的数据可能是不完整的,这时需要手动删除卷或者卷内数据,确保数据的正确完整。 + +## 使用方法 + +### 使用-v参数挂载数据 + +#### **命令格式** +```shell +isula run -v [SRC:]DST[:MODE,MODE...] IMAGE +``` + +#### **功能描述** +使用 create / run 创建并运行容器时,使用 -v/--volume 参数将主机上的文件、目录或者卷挂载到容器内用于数据持久化。 + +#### **参数说明** +- SRC: 用于挂载的文件、目录或者卷在主机上的路径,当值为绝对路径时,表示挂载主机上的文件或者文件夹。当值为卷名时,表示挂载卷。当省略该项时,表示挂载匿名卷。当文件夹或者卷不存在时,iSula会先创建一个新的文件夹/卷,再进行挂载操作。 +- DST: 容器内的挂载路径,必须为绝对路径。 +- MODE: 当挂载的源是目录或者文件时,合法的参数是ro/rw/z/Z/private/rprivate/slave/rslave/shared/rshared。同类型的参数只能配置一个。当挂载的源是卷时,合法的参数是ro/rw/z/Z/nocopy,同类型的参数只能配置一个。多个属性之间使用","连接。参数含义如下: + +| 参数 | 参数含义 | +| -------- | -----------------------------------------------| +| ro | 容器内挂载点挂载为只读属性 | +| rw | 容器内挂载点挂载为只读属性 | +| z | 如果开启了SELinux,则挂载时添加SELinux共享标签 | +| Z | 如果开启了SELinux,则挂载时添加SELinux私有标签 | +| private | 容器内挂载点挂载为私有传播属性 | +| rprivate | 容器内挂载点递归挂载为私有传播属性 | +| slave | 容器内挂载点挂载为从属传播属性 | +| rslave | 容器内挂载点递归挂载为从属传播属性 | +| shared | 容器内挂载点挂载为共享传播属性 | +| rshared | 容器内挂载点递归挂载为共享传播属性 | +| nocopy | 不拷贝挂载点内的数据,该参数不进行配置时默认会拷贝数据。另外,如果卷里已经有数据了,也不会进行拷贝 | + + +#### **示例** +基于 busybox 运行容器并创建/挂载名称为 vol 的卷到容器的 /vol 目录,同时配置挂载点为只读,并且如果容器中对应挂载点有数据也不进行拷贝。 +```shell +isula run -v vol:/vol:ro,nocopy busybox +``` + +### 使用--mount参数挂载数据 + +#### **命令格式** +```shell +isula run --mount [type=TYPE,][src=SRC,]dst=DST[,KEY=VALUE] busybox +``` + +#### **功能描述** +使用 create / run 创建并运行容器时,使用 --mount 参数将主机上的文件、目录、卷或者文件系统挂载到容器内用于数据持久化。 + +#### **参数说明** +- type: 挂载到容器中的数据的类型,类型可以是 bind、volume、squashfs, 省略该项时默认为volume类型。 +- src: 用于挂载的文件、目录或者卷在主机上的路径。当值为绝对路径时,表示挂载主机上的文件或者目录。当值为卷名时,表示挂载卷。当省略该项时,表示匿名卷。当文件夹或者卷不存在时,iSula会先创建一个新的文件/卷,再进行挂载操作。该项的关键字 src 也可以写成 source。 +- dst: 容器内的挂载路径,必须为绝对路径。该项的关键字 dst 也可以写成 destination 或者 target。 +- KEY=VALUE: 表示 --mount 的参数,可以取如下值: + +| KEY 值 | VALUE | +| ------------------------------ | --------------------------------------------------------------------------- | +| selinux-opts/bind-selinux-opts | z或者Z。z表示如果开启了SElinux,则挂载时添加SElinux共享标签;Z表示如果开启了SElinux,则挂载时添加SElinux私有标签 | +| ro/readonly | 0/false 表示挂载成读写属性,1/true 表示挂载成只读属性。该项的值可以省略表示挂载成只读。该项只在 type=bind 时支持配置该参数 | +| volume-nocopy | 不拷贝挂载点内的数据,该参数不进行配置时默认会拷贝数据。另外,如果卷里已经有数据了,也不会进行拷贝。只在 type=volume 时支持该参数 | + +#### **示例** +基于 busybox 运行容器并创建/挂载名称为 vol 的卷到容器的 /vol 目录,同时配置挂载点为只读,并且如果容器中对应挂载点有数据也不进行拷贝。 +```shell +isula run --mount type=volume,src=vol,dst=/vol,ro=true,volume-nocopy=true busybox +``` + +### 复用其他容器中的挂载配置 + +#### **命令格式** +```shell +isula run --volumes-from CON1[:MODE] busybox +``` + +#### **功能描述** +使用 create / run 创建并运行容器时,使用 --volumes-from 参数表示挂载点配置包括CON1容器的挂载点配置。可以配置多个 --volumes-from 参数。 + +#### **参数说明** +- CON1: 被复用挂载点的容器的名称或者ID。 +- MODE: 值为ro表示复用的挂载点挂载为只读属性,值为rw表示复用的挂载点挂载为读写属性。 + +#### **示例** +假设已经有名称为 container1 的容器配置了卷 vol1 到容器目录 /vol1,名称为 container2 的容器配置了卷 vol2 到容器目录 /vol2。现在运行一个新的容器复用 container1 和 container2 的挂载配置,即卷 vol1 挂载到容器的 /vol1 目录,vol2 挂载到容器的 /vol2 目录。 +```shell +isula run --volumes-from container1 --volumes-from container2 busbyox +``` + +### 使用镜像中的匿名卷 + +使用镜像中的匿名卷不需要用户做任何配置。如果镜像中配置了匿名卷,则在运行容器时 iSula 会自动创建一个匿名卷并挂载到镜像中指定的路径供用户使用。用户可以往容器中的匿名卷挂载点写入数据进行数据持久化。 + +### 卷的查询 + +#### **命令格式** +```shell +isula volume ls [OPTIONS] +``` + +#### **功能描述** +查询 iSula 管理的所有卷。 + +#### **参数说明** +OPTIONS 可选参数: +- -q,--quit: 如果不加这个参数,默认只会查询到卷的驱动信息和卷的名称,添加该参数表示只查询卷的名称。 + +#### **示例** +查询 iSula 管理的所有卷,只返回卷名称。 +```shell +isula volume ls -q +``` + +### 卷的删除 + +#### **命令格式** +``` +isula volume rm [OPTIONS] VOLUME [VOLUME...] +isula volume prune [OPTIONS] +``` + +#### **功能描述** +- rm 命令:删除指定的卷,如果卷被容器使用了,则会删除失败。 +- prune 命令:删除所有未被容器使用的卷。 + +#### **参数说明** +prune 命令的 OPTIONS 可选参数: +- -f,--force: 表示不弹出“确认是否要删除”的提示,默认会有风险提示,需要输入 y 才能继续执行。 + +#### **示例** +删除卷 vol1 和卷 vol2 +```shell +isula volume rm vol1 vol2 +``` +删除所有未被使用的卷,不弹出风险提示,格式如下: +```shell +isula volume prune -f +``` + +### 注意事项 + +#### 冲突合并规则 +如果卷的挂载点有冲突,则按照如下规则处理: +- -v 和 --mount 的配置冲突,则返回失败。 +- --volumes-from 里获取的配置,如果和 -v/--mount 配置有冲突,则丢弃。 +- 镜像中的匿名卷配置,如果和 -v/--mount/--volumes-from 配置有冲突,则丢弃。 + +#### iSula和Docker的差异 +| iSula行为 | Docker行为 | +| ------------------------------------------- | ------------------------------------------- | +| 卷名称最长64个字符 | 卷名称长度没有限制 | +| --mount 参数,如果挂载的源不存在,则会创建 | --mount 参数,如果挂载的源不存在,则会报错 | +| --mount 参数,支持 bind-selinux-opts 和 selinux-opts 参数配置 z/Z | --mount 参数,不支持 bind-selinux-opts 和 selinux-opts 参数 | +| 挂载点冲突合并规则,不做特殊处理 | 挂载点冲突合并规则,将 -v 指定的匿名卷当成镜像中的匿名卷一样处理 | +| volume prune 命令,提示回收了多少空间 | volume prune 命令,不会提示回收了多少空间 | +| -v/--mount/--volumes-from 配置在 hostconfig 中,匿名卷配置在 config 中 | -v 配置的匿名卷放在 config 配置中,其他配置在 hostconfig 中 | diff --git "a/content/zh/docs/Container/\346\237\245\350\257\242\344\277\241\346\201\257.md" "b/docs/zh/docs/Container/\346\237\245\350\257\242\344\277\241\346\201\257.md" similarity index 100% rename from "content/zh/docs/Container/\346\237\245\350\257\242\344\277\241\346\201\257.md" rename to "docs/zh/docs/Container/\346\237\245\350\257\242\344\277\241\346\201\257.md" diff --git "a/content/zh/docs/Container/\347\211\271\346\235\203\345\256\271\345\231\250.md" "b/docs/zh/docs/Container/\347\211\271\346\235\203\345\256\271\345\231\250.md" similarity index 100% rename from "content/zh/docs/Container/\347\211\271\346\235\203\345\256\271\345\231\250.md" rename to "docs/zh/docs/Container/\347\211\271\346\235\203\345\256\271\345\231\250.md" diff --git "a/content/zh/docs/Container/\347\216\257\345\242\203\345\217\230\351\207\217\346\214\201\344\271\205\345\214\226.md" "b/docs/zh/docs/Container/\347\216\257\345\242\203\345\217\230\351\207\217\346\214\201\344\271\205\345\214\226.md" similarity index 98% rename from "content/zh/docs/Container/\347\216\257\345\242\203\345\217\230\351\207\217\346\214\201\344\271\205\345\214\226.md" rename to "docs/zh/docs/Container/\347\216\257\345\242\203\345\217\230\351\207\217\346\214\201\344\271\205\345\214\226.md" index 22d36c8ab32d16d7812596ba14d792c34379f0c0..1127d322cf4670ae291e7b20812efe0f573c5c18 100644 --- "a/content/zh/docs/Container/\347\216\257\345\242\203\345\217\230\351\207\217\346\214\201\344\271\205\345\214\226.md" +++ "b/docs/zh/docs/Container/\347\216\257\345\242\203\345\217\230\351\207\217\346\214\201\344\271\205\345\214\226.md" @@ -1,12 +1,12 @@ -# 环境变量持久化 - -## 功能描述 - -系统容器支持通过指定--env-target-file接口参数将env变量持久化到容器rootfs目录下的配置文件中。 - -## 参数说明 - - +# 环境变量持久化 + +## 功能描述 + +系统容器支持通过指定--env-target-file接口参数将env变量持久化到容器rootfs目录下的配置文件中。 + +## 参数说明 + + -

命令

参数

@@ -23,26 +23,26 @@
- -## 约束限制 - -- --env-target-file指定的目标文件如果存在的话,大小不能超过10MB。 -- --env-target-file指定的参数为rootfs目录下的绝对路径。 -- 如果--env和目标文件里面的env出现冲突,以--env指定值的参数为准。 - -## 使用示例 - -启动系统容器,指定env环境变量和--env-target-file参数: - -``` -[root@localhost ~]# isula run -tid -e abc=123 --env-target-file /etc/environment --system-container --external-rootfs /root/myrootfs none init -b75df997a64da74518deb9a01d345e8df13eca6bcc36d6fe40c3e90ea1ee088e -[root@localhost ~]# isula exec b7 cat /etc/environment -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -TERM=xterm -abc=123 -``` - -可以看到容器的env变量(abc=123)已经持久化到/etc/environment配置文件中。 - + + +## 约束限制 + +- --env-target-file指定的目标文件如果存在的话,大小不能超过10MB。 +- --env-target-file指定的参数为rootfs目录下的绝对路径。 +- 如果--env和目标文件里面的env出现冲突,以--env指定值的参数为准。 + +## 使用示例 + +启动系统容器,指定env环境变量和--env-target-file参数: + +``` +[root@localhost ~]# isula run -tid -e abc=123 --env-target-file /etc/environment --system-container --external-rootfs /root/myrootfs none init +b75df997a64da74518deb9a01d345e8df13eca6bcc36d6fe40c3e90ea1ee088e +[root@localhost ~]# isula exec b7 cat /etc/environment +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +TERM=xterm +abc=123 +``` + +可以看到容器的env变量(abc=123)已经持久化到/etc/environment配置文件中。 + diff --git "a/content/zh/docs/Container/\347\233\221\346\216\247\345\256\211\345\205\250\345\256\271\345\231\250.md" "b/docs/zh/docs/Container/\347\233\221\346\216\247\345\256\211\345\205\250\345\256\271\345\231\250.md" similarity index 96% rename from "content/zh/docs/Container/\347\233\221\346\216\247\345\256\211\345\205\250\345\256\271\345\231\250.md" rename to "docs/zh/docs/Container/\347\233\221\346\216\247\345\256\211\345\205\250\345\256\271\345\231\250.md" index 35acb6ad27a8156a9c537f7dd2bb6453cd0084f7..7e7785a55e798b064c4186b983228e9fbaec12ea 100644 --- "a/content/zh/docs/Container/\347\233\221\346\216\247\345\256\211\345\205\250\345\256\271\345\231\250.md" +++ "b/docs/zh/docs/Container/\347\233\221\346\216\247\345\256\211\345\205\250\345\256\271\345\231\250.md" @@ -1,144 +1,144 @@ -# 监控安全容器 - -## 描述 - -kata events命令用于显示指定容器状态。包括但不限于容器内存、CPU、Pid、 Blkio、大页内存、网络等信息。 - -## 用法 - -``` -kata-runtime events [command options] -``` - -## 参数 - -- \-- interval value:设置查询周期。如果不使用该参数,默认查询周期为5秒。 -- \--stats: 显示容器信息并退出查询。 - -## 前置条件 - -要查询的容器状态必须为running,否则报错:Container ID \(\) does not exist。 - -该命令只支持查询监控一个容器的状态 - -## 示例 - -- 每隔三秒显示容器状态。 - - ``` - $ kata-runtime events --interval 3s 5779b2366f47 - { - "data": { - "blkio": {}, - "cpu": { - "throttling": {}, - "usage": { - "kernel": 130000000, - "percpu": [ - 214098440 - ], - "total": 214098440, - "user": 10000000 - } - }, - "hugetlb": {}, - "intel_rdt": {}, - "interfaces": [ - { - "name": "lo", - "rx_bytes": 0, - "rx_dropped": 0, - "rx_errors": 0, - "rx_packets": 0, - "tx_bytes": 0, - "tx_dropped": 0, - "tx_errors": 0, - "tx_packets": 0 - } - ], - "memory": { - "cache": 827392, - "kernel": { - "failcnt": 0, - "limit": 9223372036854771712, - "max": 421888, - "usage": 221184 - }, - "kernelTCP": { - "failcnt": 0, - "limit": 0 - }, - "raw": { - "active_anon": 49152, - "active_file": 40960, - "cache": 827392, - "dirty": 0, - "hierarchical_memory_limit": 9223372036854771712, - "hierarchical_memsw_limit": 9223372036854771712, - "inactive_anon": 0, - "inactive_file": 839680, - "mapped_file": 540672, - "pgfault": 6765, - "pgmajfault": 0, - "pgpgin": 12012, - "pgpgout": 11803, - "rss": 4096, - "rss_huge": 0, - "shmem": 32768, - "swap": 0, - "total_active_anon": 49152, - "total_active_file": 40960, - "total_cache": 827392, - "total_dirty": 0, - "total_inactive_anon": 0, - "total_inactive_file": 839680, - "total_mapped_file": 540672, - "total_pgfault": 6765, - "total_pgmajfault": 0, - "total_pgpgin": 12012, - "total_pgpgout": 11803, - "total_rss": 4096, - "total_rss_huge": 0, - "total_shmem": 32768, - "total_swap": 0, - "total_unevictable": 0, - "total_writeback": 0, - "unevictable": 0, - "writeback": 0 - }, - "swap": { - "failcnt": 0, - "limit": 9223372036854771712, - "max": 34201600, - "usage": 1204224 - }, - "usage": { - "failcnt": 0, - "limit": 9223372036854771712, - "max": 34201600, - "usage": 1204224 - } - }, - "pids": { - "current": 1 - }, - "tcp": {}, - "tcp6": {}, - "udp": {}, - "udp6": {} - }, - "id": "5779b2366f47cd1468ebb1ba7c52cbdde3c7d3a5f2af3eefadc8356700fc860b", - "type": "stats" - } - ``` - - -- 显示容器状态并立即返回 - - ``` - kata-runtime events --stats - ``` - - 该命令返回内容的格式与上一条相同,区别为只显示一次信息后便退出。 - - +# 监控安全容器 + +## 描述 + +kata events命令用于显示指定容器状态。包括但不限于容器内存、CPU、Pid、 Blkio、大页内存、网络等信息。 + +## 用法 + +``` +kata-runtime events [command options] +``` + +## 参数 + +- \-- interval value:设置查询周期。如果不使用该参数,默认查询周期为5秒。 +- \--stats: 显示容器信息并退出查询。 + +## 前置条件 + +要查询的容器状态必须为running,否则报错:Container ID \(\) does not exist。 + +该命令只支持查询监控一个容器的状态 + +## 示例 + +- 每隔三秒显示容器状态。 + + ``` + $ kata-runtime events --interval 3s 5779b2366f47 + { + "data": { + "blkio": {}, + "cpu": { + "throttling": {}, + "usage": { + "kernel": 130000000, + "percpu": [ + 214098440 + ], + "total": 214098440, + "user": 10000000 + } + }, + "hugetlb": {}, + "intel_rdt": {}, + "interfaces": [ + { + "name": "lo", + "rx_bytes": 0, + "rx_dropped": 0, + "rx_errors": 0, + "rx_packets": 0, + "tx_bytes": 0, + "tx_dropped": 0, + "tx_errors": 0, + "tx_packets": 0 + } + ], + "memory": { + "cache": 827392, + "kernel": { + "failcnt": 0, + "limit": 9223372036854771712, + "max": 421888, + "usage": 221184 + }, + "kernelTCP": { + "failcnt": 0, + "limit": 0 + }, + "raw": { + "active_anon": 49152, + "active_file": 40960, + "cache": 827392, + "dirty": 0, + "hierarchical_memory_limit": 9223372036854771712, + "hierarchical_memsw_limit": 9223372036854771712, + "inactive_anon": 0, + "inactive_file": 839680, + "mapped_file": 540672, + "pgfault": 6765, + "pgmajfault": 0, + "pgpgin": 12012, + "pgpgout": 11803, + "rss": 4096, + "rss_huge": 0, + "shmem": 32768, + "swap": 0, + "total_active_anon": 49152, + "total_active_file": 40960, + "total_cache": 827392, + "total_dirty": 0, + "total_inactive_anon": 0, + "total_inactive_file": 839680, + "total_mapped_file": 540672, + "total_pgfault": 6765, + "total_pgmajfault": 0, + "total_pgpgin": 12012, + "total_pgpgout": 11803, + "total_rss": 4096, + "total_rss_huge": 0, + "total_shmem": 32768, + "total_swap": 0, + "total_unevictable": 0, + "total_writeback": 0, + "unevictable": 0, + "writeback": 0 + }, + "swap": { + "failcnt": 0, + "limit": 9223372036854771712, + "max": 34201600, + "usage": 1204224 + }, + "usage": { + "failcnt": 0, + "limit": 9223372036854771712, + "max": 34201600, + "usage": 1204224 + } + }, + "pids": { + "current": 1 + }, + "tcp": {}, + "tcp6": {}, + "udp": {}, + "udp6": {} + }, + "id": "5779b2366f47cd1468ebb1ba7c52cbdde3c7d3a5f2af3eefadc8356700fc860b", + "type": "stats" + } + ``` + + +- 显示容器状态并立即返回 + + ``` + kata-runtime events --stats + ``` + + 该命令返回内容的格式与上一条相同,区别为只显示一次信息后便退出。 + + diff --git "a/content/zh/docs/Container/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" "b/docs/zh/docs/Container/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" similarity index 96% rename from "content/zh/docs/Container/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" rename to "docs/zh/docs/Container/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" index 17648bbfddb7319853dd551af9a320e892548515..dce9e2e799bc6bd71df97264fe3839feca7505dc 100644 --- "a/content/zh/docs/Container/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" +++ "b/docs/zh/docs/Container/\347\256\241\347\220\206\345\256\211\345\205\250\345\256\271\345\231\250\347\232\204\347\224\237\345\221\275\345\221\250\346\234\237.md" @@ -34,7 +34,7 @@ isula run -tid --runtime kata-runtime --network none busybox ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >安全容器网络使用仅支持CNI网络,不支持CNM网络,不支持使用-p和--expose暴露容器端口,使用安全容器时需指定参数--net=none。 4. 启动一个Pod @@ -99,7 +99,7 @@ docker rm -f docker exec -ti ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >1. 如遇到docker exec -ti进入容器的同时,另一终端执行docker restart或者docker stop命令造成exec界面卡住的情况,可使用Ctrl+P+Q退出docker exec操作界面。 >2. 如果使用-d参数则命令在后台执行,不会打印错误信息,其退出码也不能作为命令执行是否正确的判断依据。 diff --git "a/content/zh/docs/Container/\347\263\273\347\273\237\345\256\271\345\231\250.md" "b/docs/zh/docs/Container/\347\263\273\347\273\237\345\256\271\345\231\250.md" similarity index 99% rename from "content/zh/docs/Container/\347\263\273\347\273\237\345\256\271\345\231\250.md" rename to "docs/zh/docs/Container/\347\263\273\347\273\237\345\256\271\345\231\250.md" index f9432195d79c18e57e4f49fe5094a2be80aea1c4..9990642dc705743d0b96b5dd53930e30b3984431 100644 --- "a/content/zh/docs/Container/\347\263\273\347\273\237\345\256\271\345\231\250.md" +++ "b/docs/zh/docs/Container/\347\263\273\347\273\237\345\256\271\345\231\250.md" @@ -1,2 +1,2 @@ -# 系统容器 +# 系统容器 系统容器主要应对在重计算、高性能、大并发的场景下,重型应用和业务云化的问题。相比较虚拟机技术,系统容器可直接继承物理机特性,同时具备性能更优良,较少overhead的优点。从系统资源分配来看,系统容器在有限资源上相比虚拟机可分配更多计算单元,降低成本,通过系统容器可以构建产品的差异化竞争力,提供计算密度更高,价格更便宜,性能更优良的的计算单元实例。 \ No newline at end of file diff --git "a/content/zh/docs/Container/\347\273\237\350\256\241\344\277\241\346\201\257-4.md" "b/docs/zh/docs/Container/\347\273\237\350\256\241\344\277\241\346\201\257-4.md" similarity index 100% rename from "content/zh/docs/Container/\347\273\237\350\256\241\344\277\241\346\201\257-4.md" rename to "docs/zh/docs/Container/\347\273\237\350\256\241\344\277\241\346\201\257-4.md" diff --git "a/content/zh/docs/Container/\351\200\232\350\277\207systemd\345\220\257\345\212\250\345\256\271\345\231\250.md" "b/docs/zh/docs/Container/\351\200\232\350\277\207systemd\345\220\257\345\212\250\345\256\271\345\231\250.md" similarity index 98% rename from "content/zh/docs/Container/\351\200\232\350\277\207systemd\345\220\257\345\212\250\345\256\271\345\231\250.md" rename to "docs/zh/docs/Container/\351\200\232\350\277\207systemd\345\220\257\345\212\250\345\256\271\345\231\250.md" index 401fe4720d49081620d8808d069728b6c042be46..a70e8dc59002233c3ddddb0a67c315f919c28b0d 100644 --- "a/content/zh/docs/Container/\351\200\232\350\277\207systemd\345\220\257\345\212\250\345\256\271\345\231\250.md" +++ "b/docs/zh/docs/Container/\351\200\232\350\277\207systemd\345\220\257\345\212\250\345\256\271\345\231\250.md" @@ -1,12 +1,12 @@ -# 通过systemd启动容器 - -## 功能描述 - -系统容器与普通容器最大的差异就在于容器启动的init进程,普通容器无法通过systemd启动系统服务,而系统容器具备这个能力,通过在启动容器时指定\--system-contianer参数可以使能systemd服务。 - -## 参数说明 - - +# 通过systemd启动容器 + +## 功能描述 + +系统容器与普通容器最大的差异就在于容器启动的init进程,普通容器无法通过systemd启动系统服务,而系统容器具备这个能力,通过在启动容器时指定\--system-contianer参数可以使能systemd服务。 + +## 参数说明 + + -

命令

参数

@@ -23,66 +23,66 @@
- -## 约束限制 - -- systemd服务需要调用一些特殊系统调用,包括mount、umount2、unshare、reboot以及name\_to\_handle\_at,所以在不开启特权容器标签的情况下,系统容器打开了调用上述接口的权限。 -- 系统容器都是init启动,init进程不响应表示正常退出的SIGTERM信号,stop默认在10s之后才会强制杀死容器。如果需要快速结束,可以手动指定stop的超时时间。 -- \--system-container必须配合\--external-rootfs参数一起使用。 -- 系统容器内支持运行各类服务,服务的启停通过systemctl来管理,服务之间可能会出现相互依赖关系导致异常情况下某些服务进程出现D/Z状态,使得容器无法正常退出。 -- 系统容器内的某些服务进程可能会影响其它操作结果,例如容器内若运行了NetworkManager服务,可能会影响向容器添加网卡的行为(网卡添加成功然后被NetworkManger停掉),导致不可预期的结果。 -- 系统容器和主机暂时无法实现udev事件隔离,所以fstab配置也暂不支持。 -- systemd服务可能和libcgroup提供的cgconfig服务在功能上出现冲突,建议在容器内去掉libcgroup相关的包或者配置cgconfig服务的Delegate值为no。 - -## 使用示例 - -- 指定\--system-container和\--external-rootfs参数启动系统容器。 - - ``` - [root@localhost ~]# isula run -tid -n systest01 --system-container --external-rootfs /root/myrootfs none init - ``` - -- 执行以上命令后容器成功运行,通过exec进容器查看进程信息,可看到systemd服务已启动。 - - ``` - [root@localhost ~]# isula exec -it systest01 bash - [root@localhost /]# ps -ef - UID PID PPID C STIME TTY TIME CMD - root 1 0 2 06:49 ? 00:00:00 init - root 14 1 2 06:49 ? 00:00:00 /usr/lib/systemd/systemd-journal - root 16 1 0 06:49 ? 00:00:00 /usr/lib/systemd/systemd-network - dbus 23 1 0 06:49 ? 00:00:00 /usr/bin/dbus-daemon --system -- - root 25 0 0 06:49 ? 00:00:00 bash - root 59 25 0 06:49 ? 00:00:00 ps –ef - ``` - - -- 容器内执行systemctl命令查看服务状态,可看到服务被systemd管理。 - - ``` - [root@localhost /]# systemctl status dbus - ● dbus.service - D-Bus System Message Bus - Loaded: loaded (/usr/lib/systemd/system/dbus.service; static; vendor preset: - disabled) - Active: active (running) since Mon 2019-07-22 06:49:38 UTC; 2min 5 - 8s ago - Docs: man:dbus-daemon(1) - Main PID: 23 (dbus-daemon) - CGroup: /system.slice/dbus.service - └─23 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidf - ile --systemd-activation --syslog-only - - Jul 22 06:49:38 localhost systemd[1]: Started D-Bus System Message Bus. - ``` - -- 容器内通过systemctl stop/start服务,可看到服务被systemd管理。 - - ``` - [root@localhost /]# systemctl stop dbus - Warning: Stopping dbus.service, but it can still be activated by: - dbus.socket - [root@localhost /]# systemctl start dbus - ``` - - + + +## 约束限制 + +- systemd服务需要调用一些特殊系统调用,包括mount、umount2、unshare、reboot以及name\_to\_handle\_at,所以在不开启特权容器标签的情况下,系统容器打开了调用上述接口的权限。 +- 系统容器都是init启动,init进程不响应表示正常退出的SIGTERM信号,stop默认在10s之后才会强制杀死容器。如果需要快速结束,可以手动指定stop的超时时间。 +- \--system-container必须配合\--external-rootfs参数一起使用。 +- 系统容器内支持运行各类服务,服务的启停通过systemctl来管理,服务之间可能会出现相互依赖关系导致异常情况下某些服务进程出现D/Z状态,使得容器无法正常退出。 +- 系统容器内的某些服务进程可能会影响其它操作结果,例如容器内若运行了NetworkManager服务,可能会影响向容器添加网卡的行为(网卡添加成功然后被NetworkManger停掉),导致不可预期的结果。 +- 系统容器和主机暂时无法实现udev事件隔离,所以fstab配置也暂不支持。 +- systemd服务可能和libcgroup提供的cgconfig服务在功能上出现冲突,建议在容器内去掉libcgroup相关的包或者配置cgconfig服务的Delegate值为no。 + +## 使用示例 + +- 指定\--system-container和\--external-rootfs参数启动系统容器。 + + ``` + [root@localhost ~]# isula run -tid -n systest01 --system-container --external-rootfs /root/myrootfs none init + ``` + +- 执行以上命令后容器成功运行,通过exec进容器查看进程信息,可看到systemd服务已启动。 + + ``` + [root@localhost ~]# isula exec -it systest01 bash + [root@localhost /]# ps -ef + UID PID PPID C STIME TTY TIME CMD + root 1 0 2 06:49 ? 00:00:00 init + root 14 1 2 06:49 ? 00:00:00 /usr/lib/systemd/systemd-journal + root 16 1 0 06:49 ? 00:00:00 /usr/lib/systemd/systemd-network + dbus 23 1 0 06:49 ? 00:00:00 /usr/bin/dbus-daemon --system -- + root 25 0 0 06:49 ? 00:00:00 bash + root 59 25 0 06:49 ? 00:00:00 ps –ef + ``` + + +- 容器内执行systemctl命令查看服务状态,可看到服务被systemd管理。 + + ``` + [root@localhost /]# systemctl status dbus + ● dbus.service - D-Bus System Message Bus + Loaded: loaded (/usr/lib/systemd/system/dbus.service; static; vendor preset: + disabled) + Active: active (running) since Mon 2019-07-22 06:49:38 UTC; 2min 5 + 8s ago + Docs: man:dbus-daemon(1) + Main PID: 23 (dbus-daemon) + CGroup: /system.slice/dbus.service + └─23 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidf + ile --systemd-activation --syslog-only + + Jul 22 06:49:38 localhost systemd[1]: Started D-Bus System Message Bus. + ``` + +- 容器内通过systemctl stop/start服务,可看到服务被systemd管理。 + + ``` + [root@localhost /]# systemctl stop dbus + Warning: Stopping dbus.service, but it can still be activated by: + dbus.socket + [root@localhost /]# systemctl start dbus + ``` + + diff --git "a/content/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-3.md" "b/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-3.md" similarity index 100% rename from "content/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-3.md" rename to "docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-3.md" diff --git "a/content/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-4.md" "b/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-4.md" similarity index 100% rename from "content/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-4.md" rename to "docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206-4.md" diff --git "a/content/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206.md" "b/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206.md" similarity index 87% rename from "content/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206.md" rename to "docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206.md" index f89089da77ba00f09e2892adc50a9e7a179289b9..9bf404f8b67f0bcaf902f2aec8cf39bb47ab6dd4 100644 --- "a/content/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206.md" +++ "b/docs/zh/docs/Container/\351\225\234\345\203\217\347\256\241\347\220\206.md" @@ -1,420 +1,376 @@ -# 镜像管理 - - - -- [镜像管理](#镜像管理) - - [docker镜像管理](#docker镜像管理) - - [登录到镜像仓库](#登录到镜像仓库) - - [从镜像仓库退出登录](#从镜像仓库退出登录) - - [从镜像仓库拉取镜像](#从镜像仓库拉取镜像) - - [删除镜像](#删除镜像) - - [加载镜像](#加载镜像) - - [列出镜像](#列出镜像) - - [检视镜像](#检视镜像) - - [双向认证](#双向认证) - - [embedded镜像管理](#embedded镜像管理) - - [加载镜像](#加载镜像-1) - - [列出镜像](#列出镜像-1) - - [检视镜像](#检视镜像-1) - - [删除镜像](#删除镜像-1) - - - - -## docker镜像管理 - -### 登录到镜像仓库 - -#### 描述 - -isula login命令用于登录到镜像仓库。登录成功后可以使用isula pull命令从该镜像仓库拉取镜像。如果镜像仓库不需要密码,则拉取镜像前不需要执行该命令。 - -#### 用法 - -``` -isula login [OPTIONS] SERVER -``` - -#### 参数 - -login命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表1 表1-20 login命令参数列表" 。 - -#### 示例 - -``` -$ isula login -u abc my.csp-edge.com:5000 - -Login Succeeded -``` - -### 从镜像仓库退出登录 - -#### 描述 - -isula logout命令用于从镜像仓库退出登录。退出登录成功后再执行isula pull命令从该镜像仓库拉取镜像会因为未认证而拉取失败。 - -#### 用法 - -``` -isula logout SERVER -``` - -#### 参数 - -logout命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表2 logout命令参数列表"。 - -#### 示例 - -``` -$ isula logout my.csp-edge.com:5000 -Logout Succeeded -``` - -### 从镜像仓库拉取镜像 - -#### 描述 - -从镜像仓库拉取镜像到本地。 - -#### 用法 - -``` -isula pull [OPTIONS] NAME[:TAG|@DIGEST] -``` - -#### 参数 - -login命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表3 pull命令参数列表"。 - -#### 示例 - -``` -$ isula pull localhost:5000/official/busybox -Image "localhost:5000/official/busybox" pulling -Image "localhost:5000/official/busybox@sha256:bf510723d2cd2d4e3f5ce7e93bf1e52c8fd76831995ac3bd3f90ecc866643aff" pulled -``` - -### 删除镜像 - -#### 描述 - -删除一个或多个镜像。 - -#### 用法 - -``` -isula rmi [OPTIONS] IMAGE [IMAGE...] -``` - -#### 参数 - -rmi命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表4 rmi命令参数列表"。 - -#### 示例 - -``` -$ isula rmi rnd-dockerhub.huawei.com/official/busybox -Image "rnd-dockerhub.huawei.com/official/busybox" removed -``` - -### 加载镜像 - -#### 描述 - -从一个tar包加载镜像。该tar包必须是使用docker save命令导出的tar包或格式一致的tar包。 - -#### 用法 - -``` -isula load [OPTIONS] -``` - -#### 参数 - -load命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表5 load命令参数列表"。 - -#### 示例 - -``` -$ isula load -i busybox.tar -Load image from "/root/busybox.tar" success -``` - -### 列出镜像 - -#### 描述 - -列出当前环境中所有镜像。 - -#### 用法 - -``` -isula images -``` - -#### 参数 - -images命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表6 images命令参数列表"。 - -#### 示例 - -``` -$ isula images -REF IMAGE ID CREATED SIZE -rnd-dockerhub.huawei.com/official/busybox:latest e4db68de4ff2 2019-06-15 08:19:54 1.376 MB -``` - -### 检视镜像 - -#### 描述 - -返回该镜像的配置信息。可以使用-f参数过滤出需要的信息。 - -#### 用法 - -``` -isula inspect [options] CONTAINER|IMAGE [CONTAINER|IMAGE...] -``` - -#### 参数 - -inspect命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表7 inspect命令参数列表"。 - -#### 示例 - -``` -$ isula inspect -f "{{json .image.id}}" rnd-dockerhub.huawei.com/official/busybox -"e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b" -``` - -### 双向认证 - -#### 描述 - -开启该功能后isulad和镜像仓库之间的通信采用https通信,isulad和镜像仓库都会验证对方的合法性。 - -#### 用法 - -要支持该功能,需要镜像仓库支持该功能,同时isulad也需要做相应的配置: - -1. 修改isulad的配置\(默认路径/etc/isulad/daemon.json\),将配置里的use-decrypted-key项配置为false。 -2. 需要将相关的证书放置到/etc/isulad/certs.d目录下对应的镜像仓库命名的文件夹下,证书具体的生成方法见docker的官方链接: - - [https://docs.docker.com/engine/security/certificates/](https://docs.docker.com/engine/security/certificates/) - - [https://docs.docker.com/engine/security/https/](https://docs.docker.com/engine/security/https/) - - -1. 执行systemctl restart isulad重启isulad。 - -#### 参数 - -可以在/etc/isulad/daemon.json中配置参数,也可以在启动isulad时携带参数: - -``` -isulad --use-decrypted-key=false -``` - -#### 示例 - -配置use-decrypted-key参数为false - -``` -$ cat /etc/isulad/daemon.json -{ - "group": "isulad", - "graph": "/var/lib/isulad", - "state": "/var/run/isulad", - "engine": "lcr", - "log-level": "ERROR", - "pidfile": "/var/run/isulad.pid", - "log-opts": { - "log-file-mode": "0600", - "log-path": "/var/lib/isulad", - "max-file": "1", - "max-size": "30KB" - }, - "log-driver": "stdout", - "hook-spec": "/etc/default/isulad/hooks/default.json", - "start-timeout": "2m", - "storage-driver": "overlay2", - "storage-opts": [ - "overlay2.override_kernel_check=true" - ], - "registry-mirrors": [ - "docker.io" - ], - "insecure-registries": [ - "rnd-dockerhub.huawei.com" - ], - "pod-sandbox-image": "", - "image-opt-timeout": "5m", - "native.umask": "secure", - "network-plugin": "", - "cni-bin-dir": "", - "cni-conf-dir": "", - "image-layer-check": false, - "use-decrypted-key": false, - "insecure-skip-verify-enforce": false -} -``` - -将证书放到对应的目录下 - -``` -$ pwd -/etc/isulad/certs.d/my.csp-edge.com:5000 -$ ls -ca.crt tls.cert tls.key -``` - -重启isulad - -``` -$ systemctl restart isulad -``` - -执行pull命令从仓库下载镜像 - -``` -$ isula pull my.csp-edge.com:5000/busybox -Image "my.csp-edge.com:5000/busybox" pulling -Image "my.csp-edge.com:5000/busybox@sha256:f1bdc62115dbfe8f54e52e19795ee34b4473babdeb9bc4f83045d85c7b2ad5c0" pulled -``` - -## embedded镜像管理 - -### 加载镜像 - -#### 描述 - -根据embedded镜像的manifest加载镜像。注意--type的值必须填写embedded。 - -#### 用法 - -``` -isula load [OPTIONS] --input=FILE --type=TYPE -``` - -#### 参数 - -load命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表5 load命令参数列表"。 - -#### 示例 - -``` -$ isula load -i test.manifest --type embedded -Load image from "/root/work/bugfix/tmp/ci_testcase_data/embedded/img/test.manifest" success -``` - -### 列出镜像 - -#### 描述 - -列出当前环境中所有镜像。 - -#### 用法 - -``` -isula images [OPTIONS] -``` - -#### 参数 - -images命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表6 images命令参数列表"。 - -#### 示例 - -``` -$ isula images -REF IMAGE ID CREATED SIZE -test:v1 9319da1f5233 2018-03-01 10:55:44 1.273 MB -``` - -### 检视镜像 - -#### 描述 - -返回该镜像的配置信息。可以使用-f参数过滤出需要的信息。 - -#### 用法 - -``` -isula inspect [options] CONTAINER|IMAGE [CONTAINER|IMAGE...] -``` - -#### 参数 - -inspect命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表7 inspect命令参数列表"。 - -#### 示例 - -``` -$ isula inspect -f "{{json .created}}" test:v1 -"2018-03-01T15:55:44.322987811Z" -``` - -### 删除镜像 - -#### 描述 - -删除一个或多个镜像。 - -#### 用法 - -``` -isula rmi [OPTIONS] IMAGE [IMAGE...] -``` - -#### 参数 - -rmi命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表4 rmi命令参数列表"。 - -#### 示例 - -``` -$ isula rmi test:v1 -Image "test:v1" removed -``` - -### 添加名称 - -#### 描述 - -给镜像添加一个名称。 - -#### 用法 - -``` -isula tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] -``` - -#### 参数 - -tag命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表8 tag命令参数列表"。 - -#### 示例 - -``` -$ isula tag test:v1 test:v2 -``` - -### 导入镜像 - -#### 描述 - -将tar格式的rootfs导入生成一个新的镜像,该tar包必须是通过export命令导出的tar包。 - -#### 用法 - -``` -isula export [command options] [ID|NAME] -``` - -#### 参数 - -export命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表9 export命令参数列表"。 - -#### 示例 - -``` -$ isula export -o test.tar containername -``` +# 镜像管理 + + + +- [镜像管理](#镜像管理) + - [docker镜像管理](#docker镜像管理) + - [登录到镜像仓库](#登录到镜像仓库) + - [从镜像仓库退出登录](#从镜像仓库退出登录) + - [从镜像仓库拉取镜像](#从镜像仓库拉取镜像) + - [删除镜像](#删除镜像) + - [加载镜像](#加载镜像) + - [列出镜像](#列出镜像) + - [检视镜像](#检视镜像) + - [双向认证](#双向认证) + - [embedded镜像管理](#embedded镜像管理) + - [加载镜像](#加载镜像-1) + - [列出镜像](#列出镜像-1) + - [检视镜像](#检视镜像-1) + - [删除镜像](#删除镜像-1) + + + + +## docker镜像管理 + +### 登录到镜像仓库 + +#### 描述 + +isula login命令用于登录到镜像仓库。登录成功后可以使用isula pull命令从该镜像仓库拉取镜像。如果镜像仓库不需要密码,则拉取镜像前不需要执行该命令。 + +#### 用法 + +``` +isula login [OPTIONS] SERVER +``` + +#### 参数 + +login命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表1 表1-20 login命令参数列表" 。 + +#### 示例 + +``` +$ isula login -u abc my.csp-edge.com:5000 + +Login Succeeded +``` + +### 从镜像仓库退出登录 + +#### 描述 + +isula logout命令用于从镜像仓库退出登录。退出登录成功后再执行isula pull命令从该镜像仓库拉取镜像会因为未认证而拉取失败。 + +#### 用法 + +``` +isula logout SERVER +``` + +#### 参数 + +logout命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表2 logout命令参数列表"。 + +#### 示例 + +``` +$ isula logout my.csp-edge.com:5000 +Logout Succeeded +``` + +### 从镜像仓库拉取镜像 + +#### 描述 + +从镜像仓库拉取镜像到本地。 + +#### 用法 + +``` +isula pull [OPTIONS] NAME[:TAG|@DIGEST] +``` + +#### 参数 + +login命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表3 pull命令参数列表"。 + +#### 示例 + +``` +$ isula pull localhost:5000/official/busybox +Image "localhost:5000/official/busybox" pulling +Image "localhost:5000/official/busybox@sha256:bf510723d2cd2d4e3f5ce7e93bf1e52c8fd76831995ac3bd3f90ecc866643aff" pulled +``` + +### 删除镜像 + +#### 描述 + +删除一个或多个镜像。 + +#### 用法 + +``` +isula rmi [OPTIONS] IMAGE [IMAGE...] +``` + +#### 参数 + +rmi命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表4 rmi命令参数列表"。 + +#### 示例 + +``` +$ isula rmi rnd-dockerhub.huawei.com/official/busybox +Image "rnd-dockerhub.huawei.com/official/busybox" removed +``` + +### 加载镜像 + +#### 描述 + +从一个tar包加载镜像。该tar包必须是使用docker save命令导出的tar包或格式一致的tar包。 + +#### 用法 + +``` +isula load [OPTIONS] +``` + +#### 参数 + +load命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表5 load命令参数列表"。 + +#### 示例 + +``` +$ isula load -i busybox.tar +Load image from "/root/busybox.tar" success +``` + +### 列出镜像 + +#### 描述 + +列出当前环境中所有镜像。 + +#### 用法 + +``` +isula images +``` + +#### 参数 + +images命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表6 images命令参数列表"。 + +#### 示例 + +``` +$ isula images +REF IMAGE ID CREATED SIZE +rnd-dockerhub.huawei.com/official/busybox:latest e4db68de4ff2 2019-06-15 08:19:54 1.376 MB +``` + +### 检视镜像 + +#### 描述 + +返回该镜像的配置信息。可以使用-f参数过滤出需要的信息。 + +#### 用法 + +``` +isula inspect [options] CONTAINER|IMAGE [CONTAINER|IMAGE...] +``` + +#### 参数 + +inspect命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表7 inspect命令参数列表"。 + +#### 示例 + +``` +$ isula inspect -f "{{json .image.id}}" rnd-dockerhub.huawei.com/official/busybox +"e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b" +``` + +### 双向认证 + +#### 描述 + +开启该功能后isulad和镜像仓库之间的通信采用https通信,isulad和镜像仓库都会验证对方的合法性。 + +#### 用法 + +要支持该功能,需要镜像仓库支持该功能,同时isulad也需要做相应的配置: + +1. 修改isulad的配置\(默认路径/etc/isulad/daemon.json\),将配置里的use-decrypted-key项配置为false。 +2. 需要将相关的证书放置到/etc/isulad/certs.d目录下对应的镜像仓库命名的文件夹下,证书具体的生成方法见docker的官方链接: + - [https://docs.docker.com/engine/security/certificates/](https://docs.docker.com/engine/security/certificates/) + - [https://docs.docker.com/engine/security/https/](https://docs.docker.com/engine/security/https/) + + +1. 执行systemctl restart isulad重启isulad。 + +#### 参数 + +可以在/etc/isulad/daemon.json中配置参数,也可以在启动isulad时携带参数: + +``` +isulad --use-decrypted-key=false +``` + +#### 示例 + +配置use-decrypted-key参数为false + +``` +$ cat /etc/isulad/daemon.json +{ + "group": "isulad", + "graph": "/var/lib/isulad", + "state": "/var/run/isulad", + "engine": "lcr", + "log-level": "ERROR", + "pidfile": "/var/run/isulad.pid", + "log-opts": { + "log-file-mode": "0600", + "log-path": "/var/lib/isulad", + "max-file": "1", + "max-size": "30KB" + }, + "log-driver": "stdout", + "hook-spec": "/etc/default/isulad/hooks/default.json", + "start-timeout": "2m", + "storage-driver": "overlay2", + "storage-opts": [ + "overlay2.override_kernel_check=true" + ], + "registry-mirrors": [ + "docker.io" + ], + "insecure-registries": [ + "rnd-dockerhub.huawei.com" + ], + "pod-sandbox-image": "", + "native.umask": "secure", + "network-plugin": "", + "cni-bin-dir": "", + "cni-conf-dir": "", + "image-layer-check": false, + "use-decrypted-key": false, + "insecure-skip-verify-enforce": false +} +``` + +将证书放到对应的目录下 + +``` +$ pwd +/etc/isulad/certs.d/my.csp-edge.com:5000 +$ ls +ca.crt tls.cert tls.key +``` + +重启isulad + +``` +$ systemctl restart isulad +``` + +执行pull命令从仓库下载镜像 + +``` +$ isula pull my.csp-edge.com:5000/busybox +Image "my.csp-edge.com:5000/busybox" pulling +Image "my.csp-edge.com:5000/busybox@sha256:f1bdc62115dbfe8f54e52e19795ee34b4473babdeb9bc4f83045d85c7b2ad5c0" pulled +``` + +## embedded镜像管理 + +### 加载镜像 + +#### 描述 + +根据embedded镜像的manifest加载镜像。注意--type的值必须填写embedded。 + +#### 用法 + +``` +isula load [OPTIONS] --input=FILE --type=TYPE +``` + +#### 参数 + +load命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表5 load命令参数列表"。 + +#### 示例 + +``` +$ isula load -i test.manifest --type embedded +Load image from "/root/work/bugfix/tmp/ci_testcase_data/embedded/img/test.manifest" success +``` + +### 列出镜像 + +#### 描述 + +列出当前环境中所有镜像。 + +#### 用法 + +``` +isula images [OPTIONS] +``` + +#### 参数 + +images命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表6 images命令参数列表"。 + +#### 示例 + +``` +$ isula images +REF IMAGE ID CREATED SIZE +test:v1 9319da1f5233 2018-03-01 10:55:44 1.273 MB +``` + +### 检视镜像 + +#### 描述 + +返回该镜像的配置信息。可以使用-f参数过滤出需要的信息。 + +#### 用法 + +``` +isula inspect [options] CONTAINER|IMAGE [CONTAINER|IMAGE...] +``` + +#### 参数 + +inspect命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表7 inspect命令参数列表"。 + +#### 示例 + +``` +$ isula inspect -f "{{json .created}}" test:v1 +"2018-03-01T15:55:44.322987811Z" +``` + +### 删除镜像 + +#### 描述 + +删除一个或多个镜像。 + +#### 用法 + +``` +isula rmi [OPTIONS] IMAGE [IMAGE...] +``` + +#### 参数 + +rmi命令支持参数请参见"附录 > 命令行参数说明" 章节的 "表4 rmi命令参数列表"。 + +#### 示例 + +``` +$ isula rmi test:v1 +Image "test:v1" removed +``` + diff --git "a/content/zh/docs/Container/\351\231\204\345\275\225-2.md" "b/docs/zh/docs/Container/\351\231\204\345\275\225-2.md" similarity index 100% rename from "content/zh/docs/Container/\351\231\204\345\275\225-2.md" rename to "docs/zh/docs/Container/\351\231\204\345\275\225-2.md" diff --git "a/content/zh/docs/Container/\351\231\204\345\275\225-3.md" "b/docs/zh/docs/Container/\351\231\204\345\275\225-3.md" similarity index 99% rename from "content/zh/docs/Container/\351\231\204\345\275\225-3.md" rename to "docs/zh/docs/Container/\351\231\204\345\275\225-3.md" index 0e73dca0d1fbe538ba4ae637e6c434d9676cd229..ae47613246784147f91d844289ac99e09eed616a 100644 --- "a/content/zh/docs/Container/\351\231\204\345\275\225-3.md" +++ "b/docs/zh/docs/Container/\351\231\204\345\275\225-3.md" @@ -5,7 +5,7 @@ ## configuration-toml配置说明 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >configuration.toml配置文件中各个字段的取值以kata-containers-.rpm包中的configuration.toml文件为准,不支持用户对配置文件中的字段任意取值。 ``` @@ -133,7 +133,7 @@ experimental :开启实验特性,不支持用户自定义配置

设置网卡的容器内名称

-

必选。支持字母、数字、下划线“_”、“-” 以及“.”字符,必须以字母开头,且长度不超过15。需要确保同一个Sandbox内name不能重复。

+

必选。支持字母、数字、下划线“\_”、“-” 以及“.”字符,必须以字母开头,且长度不超过15。需要确保同一个Sandbox内name不能重复。

IPAddresses

diff --git "a/content/zh/docs/Container/\351\231\204\345\275\225.md" "b/docs/zh/docs/Container/\351\231\204\345\275\225.md" similarity index 94% rename from "content/zh/docs/Container/\351\231\204\345\275\225.md" rename to "docs/zh/docs/Container/\351\231\204\345\275\225.md" index 0757c9f93bbaac874755bff8e0293fdc40c608c8..858096ce5f302f179f7831fae4b0cfc04fe604a4 100644 --- "a/content/zh/docs/Container/\351\231\204\345\275\225.md" +++ "b/docs/zh/docs/Container/\351\231\204\345\275\225.md" @@ -214,51 +214,6 @@ -**表 8** tag命令参数列表 - - - - - - - - - - - -

命令

-

参数

-

说明

-

tag

-

-H, --host

-

指定要连接的iSulad socket文件路径

-
- -
- -**表 9** import命令参数列表 - - - - - - - - - - - -

命令

-

参数

-

说明

-

import

-

-H, --host

-

指定要连接的iSulad socket文件路径

-
- -
- - ## CNI配置参数 **表 1** CNI单网络配置参数 diff --git a/docs/zh/docs/Installation/FAQ-1.md b/docs/zh/docs/Installation/FAQ-1.md new file mode 100644 index 0000000000000000000000000000000000000000..359d8c23fe65b0a24fbad4b89396fee9e7b20511 --- /dev/null +++ b/docs/zh/docs/Installation/FAQ-1.md @@ -0,0 +1,54 @@ +# FAQ + + +- [FAQ](#faq) + - [树莓派启动失败](#树莓派启动失败) + - [nmcli 命令连接 WIFI 失败](#nmcli-命令连接-wifi-失败) + + + +## 树莓派启动失败 + +### 问题现象 + +将 openEuler 发布的树莓派镜像刷写入 SD 卡后,树莓派启动失败。 + +### 原因分析 + +刷写 openEuler 发布的树莓派镜像后,树莓派启动失败,大致有以下几种情况: + +1. 下载的镜像文件不完整,请确保该镜像通过完整性校验。 +2. 镜像写入 SD 卡过程中出现问题,多出现在 Windows 环境下使用应用软件刷写镜像到 SD 卡的情况。 + +### 解决方法 + +将完整的镜像重新刷写入 SD 卡。 + +## nmcli 命令连接 WIFI 失败 + +### 问题现象 + +执行 `nmcli dev wifi connect SSID password PWD` 命令连接 WIFI 失败。例如提示 `Error: Connection activation failed: (7) Secrets were required, but not provided.` 等错误。 + +### 原因分析 + +执行的命令缺少密码。注意,如果密码中包含特殊字符,需要使用单引号将密码括起来。如果使用 nmcli 命令行连接 WIFI 失败,建议使用 nmtui 字符界面进行连接。 + +### 解决方法 + +执行 `nmtui` 命令进入到 nmtui 字符界面,按照以下步骤连接 WIFI。 + +1. 选择 `Edit a connection`,按 `Enter` 进入编辑网络连接窗口。 +2. 按下键盘右方向键选择 `Add`,按 `Enter` 进入新建网络连接窗口。 +3. 连接类型选择 `Wi-Fi` ,然后按下键盘右方向键选择 `Create`,按 `Enter` 进入 WIFI 编辑连接信息的界面。 +4. WIFI 连接信息界面主要需要编辑以下内容,其他信息根据实际情况而定。编辑结束后选择 `OK`,按 `Enter` 完成编辑并回退到编辑网络连接窗口。 + 1. `Profile name` 栏输入该 WIFI 连接的名称,这里可以使用默认名称,如 `Wi-Fi connection 1`; + 2. `Device` 栏输入要使用的无线网卡接口,这里输入 `wlan0`; + 3. `SSID` 栏输入要连接的 WIFI 的 SSID; + 4. `Security` 栏选择 WIFI 密码加密方式,这里根据实际情况选择,例如选择 `WPA & WPA2 Personal`; + 5. `Password` 栏输入 WIFI 密码。 + +5. 选择 `Back` 回退到最初的 nmtui 字符界面。 +6. 选择 `Activate a connection`,按 `Enter` 进入激活网络连接窗口。 +7. 查看添加的 WIFI 连接是否已激活(已激活的连接名称前有 `*` 标记)。如果未激活,选择该 WIFI 连接,然后按下键盘右方向键选择 `Activate`,按 `Enter` 激活该连接。待激活完成后,选择 `Back`,按 `Enter` 退出该激活界面,回退到最初的 nmtui 字符界面。 +8. 选择 `Quit`,然后按下键盘右方向键选择 `OK`,按 `Enter` 退出 nmtui 字符界面。 \ No newline at end of file diff --git a/content/zh/docs/Installation/FAQ.md b/docs/zh/docs/Installation/FAQ.md similarity index 88% rename from content/zh/docs/Installation/FAQ.md rename to docs/zh/docs/Installation/FAQ.md index 07a428057c41869e9b8ead8489e8b4d764cb543f..8e6282d88406978bede61cd992f9cdaa54e95419 100644 --- a/content/zh/docs/Installation/FAQ.md +++ b/docs/zh/docs/Installation/FAQ.md @@ -3,13 +3,13 @@ - [FAQ](#faq) - [安装openEuler时选择第二盘位为安装目标,操作系统无法启动](#安装openeuler时选择第二盘位为安装目标操作系统无法启动) - - [网络配置约束限制](#网络配置约束限制) - [openEuler开机后进入emergency模式](#openeuler开机后进入emergency模式) - [系统中存在无法激活的逻辑卷组时,重装系统失败](#系统中存在无法激活的逻辑卷组时重装系统失败) - [选择安装源出现异常](#选择安装源出现异常) - [如何手动开启kdump服务](#如何手动开启kdump服务) - [多块磁盘组成逻辑卷安装系统后,再次安装不能只选其中一块磁盘](#多块磁盘组成逻辑卷安装系统后再次安装不能只选其中一块磁盘) - [x86物理机UEFI模式由于security boot安全选项问题无法安装](#x86物理机uefi模式由于security-boot安全选项问题无法安装) + - [安装openEuler时,软件选择页面选择“服务器-性能工具”,安装后messages日志有pmie_check报错信息](#安装openEuler时软件选择页面选择服务器-性能工具安装后messages日志有pmie_check报错信息) @@ -35,30 +35,6 @@ - 当系统处于安装过程中,在选择磁盘(选择第一块或者两块都选择)后,指定引导程序安装到第一块盘sda中。 - 当系统已经安装完成,若BIOS支持选择从哪个磁盘启动,则可以通过修改BIOS中磁盘启动顺序,尝试重新启动系统。 -## 网络配置约束限制 - -NetworkManager、network两个服务均是网络服务管理包,两个服务之间存在部分功能重叠。 - -- 如果使用NetworkManager管理服务,则必须使用nmcli命令或修改配置文件来配置网络(如IP、路由等),而不能使用ip/ifconfig/route命令来配置。 - - >![](public_sys-resources/icon-note.gif) **说明:** - >在开启NetworkManager服务的场景下,使用ip/ifconfig/route等命令配置网络,则一段时间后配置会被NetworkManager覆盖,导致 ip/ifconfig/route配置不生效。 - - 查看NetworkManager 服务是否开启: - - ``` - systemctl status NetworkManager - ``` - - >![](public_sys-resources/icon-note.gif) **说明:** - >nmcli命令使用参考“nmcli \--help”或者“man nmcli”。 - -- 如果要使用ip/ifconfig/route等命令来管理网络,请先关闭NetworkManager服务,使用如下命令: - - ``` - systemctl stop NetworkManager - ``` - ## openEuler开机后进入emergency模式 @@ -66,7 +42,7 @@ NetworkManager、network两个服务均是网络服务管理包,两个服务 openEuler系统开机后进入emergency模式,如下图所示: -![](figures/zh-cn_image_0229291264.jpg) +![](./figures/zh-cn_image_0229291264.jpg) ### 原因分析 @@ -79,7 +55,7 @@ openEuler系统开机后进入emergency模式,如下图所示: 1. 用户直接输入root账号的密码,登录系统。 2. 使用fsck工具,检测并修复文件系统,然后重启。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >fsck(file system check)用来检查和维护不一致的文件系统。若系统掉电或磁盘发生问题,可利用fsck命令对文件系统进行检查。 用户可以通过“fsck.ext3 -h”、“fsck.ext4 -h”命令查看fsck的使用方法。 @@ -167,7 +143,7 @@ UUID=afcc811f-4b20-42fc-9d31-7307a8cfe0df /boot ext4 defaults,x-systemd.device-t 执行systemctl status kdump命令,显示状态信息如下,提示无预留内存。 -![](figures/zh-cn_image_0229291280.png) +![](./figures/zh-cn_image_0229291280.png) ### 原因分析 @@ -187,7 +163,7 @@ kdump服务需要系统预留一段内存用于运行kdump内核,而当前系 若回显如下,即kdump的状态为active,说明kdump已使能,操作结束。 - ![](figures/zh-cn_image_0229291272.png) + ![](./figures/zh-cn_image_0229291272.png) ### 参数说明 @@ -254,7 +230,7 @@ kdump内核预留内存参数说明如下: 在安装系统时,如果之前的系统选择多块磁盘组成逻辑卷进行安装,再次安装时,如果只选择了其中的一块或几块磁盘,没有全部选择,在保存配置时提示配置错误,如[图1](#fig115949762617)所示。 **图 1** 配置错误提示 -![](figures/配置错误提示.png "配置错误提示") +![](./figures/Configuration_error_prompt.png) ### 原因分析 @@ -270,7 +246,7 @@ kdump内核预留内存参数说明如下: vgs ``` - ![](figures/zh-cn_image_0231657950.png) + ![](./figures/zh-cn_image_0231657950.png) 2. 执行如下命令,删除卷组。 @@ -284,7 +260,7 @@ kdump内核预留内存参数说明如下: systemctl restart anaconda ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >图形模式下也可以按“Ctrl+Alt+F6”回到图形界面,点击[图1](#fig115949762617)右下角的“Refresh”刷新存储配置生效。 @@ -295,7 +271,7 @@ kdump内核预留内存参数说明如下: x86物理机安装系统时,由于设置了BIOS选项security boot 为enable(默认是disable),导致系统一直停留在“No bootable device”提示界面,无法继续安装,如[图2](#fig115949762617)所示。 **图 2** “No bootable device”提示界面 -![](figures/No-bootable-device-提示界面.png "No-bootable-device-提示界面") +![](./figures/No-bootable-device.png) ### 原因分析 @@ -307,16 +283,39 @@ x86物理机安装系统时,由于设置了BIOS选项security boot 为enable 1. 系统启动时,按“F11”,输入密码“Admin@9000”进入BIOS。 - ![](figures/BIOS.png) + ![](./figures/BIOS.png) 2. 选择进入Administer Secure Boot。 - ![](figures/security.png) + ![](./figures/security.png) 3. 设置Enforce Secure Boot为Disabled。 - ![](figures/选择.png) + ![](./figures/select.png) - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >设置security boot为disable之后,保存退出,重新安装即可。 +## 安装openEuler时,软件选择页面选择“服务器-性能工具”,安装后messages日志有pmie_check报错信息 + +### 问题现象 + +安装系统时软件选择勾选服务器-性能工具,会安装pcp相关软件包,正常安装并重启后,/var/log/messages日志文件中会产生报错:pmie_check failed in /usr/share/pcp/lib/pmie。 + +### 原因分析 + +anaconda不支持在chroot环境中安装selinux策略模块,当安装pcp-selinux时,postin脚本安装pcp相关selinux策略模块执行失败,从而导致重启后产生报错。 + +### 解决办法 + +完成安装并重启后,以下方法选择其一。 + +1. 执行如下命令,安装selinux策略模块pcpupstream + ``` + /usr/libexec/pcp/bin/selinux-setup /var/lib/pcp/selinux install "pcpupstream" + ``` + +2. 重新安装pcp-selinux + ``` + sudo dnf reinstall pcp-selinux + ``` diff --git a/docs/zh/docs/Installation/figures/Advanced_User_Configuration.png b/docs/zh/docs/Installation/figures/Advanced_User_Configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..86a61bef60a456061aa90cbca533bcb174b15450 Binary files /dev/null and b/docs/zh/docs/Installation/figures/Advanced_User_Configuration.png differ diff --git "a/content/zh/docs/Installation/figures/\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205\345\256\214\346\210\220.png" b/docs/zh/docs/Installation/figures/Automatic_installation_complete.png similarity index 100% rename from "content/zh/docs/Installation/figures/\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205\345\256\214\346\210\220.png" rename to docs/zh/docs/Installation/figures/Automatic_installation_complete.png diff --git a/content/zh/docs/Installation/figures/BIOS.png b/docs/zh/docs/Installation/figures/BIOS.png similarity index 100% rename from content/zh/docs/Installation/figures/BIOS.png rename to docs/zh/docs/Installation/figures/BIOS.png diff --git "a/content/zh/docs/Installation/figures/\345\205\211\351\251\261\345\233\276\346\240\207.png" b/docs/zh/docs/Installation/figures/CD-ROM_drive_icon.png similarity index 100% rename from "content/zh/docs/Installation/figures/\345\205\211\351\251\261\345\233\276\346\240\207.png" rename to docs/zh/docs/Installation/figures/CD-ROM_drive_icon.png diff --git a/docs/zh/docs/Installation/figures/Configuration_error_prompt.png b/docs/zh/docs/Installation/figures/Configuration_error_prompt.png new file mode 100644 index 0000000000000000000000000000000000000000..c5802a2b7a750eed8429ec06c7e4919a3d161a9e Binary files /dev/null and b/docs/zh/docs/Installation/figures/Configuration_error_prompt.png differ diff --git a/docs/zh/docs/Installation/figures/Ending_Configuration-new.png b/docs/zh/docs/Installation/figures/Ending_Configuration-new.png new file mode 100644 index 0000000000000000000000000000000000000000..db408008865e51d7f92f0cb767b1cb61e3e12793 Binary files /dev/null and b/docs/zh/docs/Installation/figures/Ending_Configuration-new.png differ diff --git "a/content/zh/docs/Installation/figures/\351\225\234\345\203\217\345\257\271\350\257\235\346\241\206.png" b/docs/zh/docs/Installation/figures/Image_dialog_box.png similarity index 100% rename from "content/zh/docs/Installation/figures/\351\225\234\345\203\217\345\257\271\350\257\235\346\241\206.png" rename to docs/zh/docs/Installation/figures/Image_dialog_box.png diff --git a/docs/zh/docs/Installation/figures/Installation_Overview.png b/docs/zh/docs/Installation/figures/Installation_Overview.png new file mode 100644 index 0000000000000000000000000000000000000000..d6746719c2de8c1beff36e969219ea837a676270 Binary files /dev/null and b/docs/zh/docs/Installation/figures/Installation_Overview.png differ diff --git a/docs/zh/docs/Installation/figures/Installation_Procedure.png b/docs/zh/docs/Installation/figures/Installation_Procedure.png new file mode 100644 index 0000000000000000000000000000000000000000..594d9d878a58ba0ffb9d62f648c980f853429b6c Binary files /dev/null and b/docs/zh/docs/Installation/figures/Installation_Procedure.png differ diff --git a/docs/zh/docs/Installation/figures/Installation_source.png b/docs/zh/docs/Installation/figures/Installation_source.png new file mode 100644 index 0000000000000000000000000000000000000000..f9cece48e6a849e6dd0deac4508a36e7bab9bff8 Binary files /dev/null and b/docs/zh/docs/Installation/figures/Installation_source.png differ diff --git a/docs/zh/docs/Installation/figures/Installation_wizard.png b/docs/zh/docs/Installation/figures/Installation_wizard.png new file mode 100644 index 0000000000000000000000000000000000000000..8e64b70503f21ac80034e8825f9cb0cd60965d32 Binary files /dev/null and b/docs/zh/docs/Installation/figures/Installation_wizard.png differ diff --git a/docs/zh/docs/Installation/figures/Keyboard_layout.png b/docs/zh/docs/Installation/figures/Keyboard_layout.png new file mode 100644 index 0000000000000000000000000000000000000000..76749121bf8e5d6fec45303aed2ad8d63270c2da Binary files /dev/null and b/docs/zh/docs/Installation/figures/Keyboard_layout.png differ diff --git a/docs/zh/docs/Installation/figures/Manual_partitioning.png b/docs/zh/docs/Installation/figures/Manual_partitioning.png new file mode 100644 index 0000000000000000000000000000000000000000..aa6ff9f59ce60ecd673f4959ff6fa537728b3f6b Binary files /dev/null and b/docs/zh/docs/Installation/figures/Manual_partitioning.png differ diff --git a/docs/zh/docs/Installation/figures/NetworkandHostName.png b/docs/zh/docs/Installation/figures/NetworkandHostName.png new file mode 100644 index 0000000000000000000000000000000000000000..9916c679c896d6f4a9697c75a4f71248bcaa057e Binary files /dev/null and b/docs/zh/docs/Installation/figures/NetworkandHostName.png differ diff --git "a/content/zh/docs/Installation/figures/No-bootable-device-\346\217\220\347\244\272\347\225\214\351\235\242.png" b/docs/zh/docs/Installation/figures/No-bootable-device.png similarity index 100% rename from "content/zh/docs/Installation/figures/No-bootable-device-\346\217\220\347\244\272\347\225\214\351\235\242.png" rename to docs/zh/docs/Installation/figures/No-bootable-device.png diff --git "a/content/zh/docs/Installation/figures/\345\210\206\345\214\272\346\211\251\345\256\271.png" b/docs/zh/docs/Installation/figures/Partition_expansion.png similarity index 100% rename from "content/zh/docs/Installation/figures/\345\210\206\345\214\272\346\211\251\345\256\271.png" rename to docs/zh/docs/Installation/figures/Partition_expansion.png diff --git a/docs/zh/docs/Installation/figures/Semi-automatic-new.png b/docs/zh/docs/Installation/figures/Semi-automatic-new.png new file mode 100644 index 0000000000000000000000000000000000000000..82218558de7ffacb4835087c90c0206b52f89198 Binary files /dev/null and b/docs/zh/docs/Installation/figures/Semi-automatic-new.png differ diff --git a/docs/zh/docs/Installation/figures/Target_installation_position.png b/docs/zh/docs/Installation/figures/Target_installation_position.png new file mode 100644 index 0000000000000000000000000000000000000000..76e1585299fdc7335992f4552d09304ef9246177 Binary files /dev/null and b/docs/zh/docs/Installation/figures/Target_installation_position.png differ diff --git a/docs/zh/docs/Installation/figures/add_inst-noverifyssl.png b/docs/zh/docs/Installation/figures/add_inst-noverifyssl.png new file mode 100644 index 0000000000000000000000000000000000000000..dc92fedd71a5331af870e449f843ecd0eefc9278 Binary files /dev/null and b/docs/zh/docs/Installation/figures/add_inst-noverifyssl.png differ diff --git a/docs/zh/docs/Installation/figures/choosesoftware.png b/docs/zh/docs/Installation/figures/choosesoftware.png new file mode 100644 index 0000000000000000000000000000000000000000..9c410aa6292acabd2520b0d519ed8574c41b9c82 Binary files /dev/null and b/docs/zh/docs/Installation/figures/choosesoftware.png differ diff --git a/docs/zh/docs/Installation/figures/completeinstall.png b/docs/zh/docs/Installation/figures/completeinstall.png new file mode 100644 index 0000000000000000000000000000000000000000..91d38b80cf2310a7427788feb089da8d106b97b5 Binary files /dev/null and b/docs/zh/docs/Installation/figures/completeinstall.png differ diff --git a/docs/zh/docs/Installation/figures/createuser.png b/docs/zh/docs/Installation/figures/createuser.png new file mode 100644 index 0000000000000000000000000000000000000000..a5cfa3fe2897bf1047e5c0ad3bfd5f6afe9850da Binary files /dev/null and b/docs/zh/docs/Installation/figures/createuser.png differ diff --git a/docs/zh/docs/Installation/figures/dateandtime.png b/docs/zh/docs/Installation/figures/dateandtime.png new file mode 100644 index 0000000000000000000000000000000000000000..136ce5357ad714b78a402f5daed00b248fb029cf Binary files /dev/null and b/docs/zh/docs/Installation/figures/dateandtime.png differ diff --git a/docs/zh/docs/Installation/figures/installsource.png b/docs/zh/docs/Installation/figures/installsource.png new file mode 100644 index 0000000000000000000000000000000000000000..9aa8766e747c5a58eb830f9e677d80d28e991bf0 Binary files /dev/null and b/docs/zh/docs/Installation/figures/installsource.png differ diff --git a/docs/zh/docs/Installation/figures/languagesupport.png b/docs/zh/docs/Installation/figures/languagesupport.png new file mode 100644 index 0000000000000000000000000000000000000000..27382fc331ca2f05fd1ff74788f955ab60f05f5a Binary files /dev/null and b/docs/zh/docs/Installation/figures/languagesupport.png differ diff --git "a/content/zh/docs/Installation/figures/\351\207\215\345\220\257\345\233\276\346\240\207.png" b/docs/zh/docs/Installation/figures/restarticon.png similarity index 100% rename from "content/zh/docs/Installation/figures/\351\207\215\345\220\257\345\233\276\346\240\207.png" rename to docs/zh/docs/Installation/figures/restarticon.png diff --git a/docs/zh/docs/Installation/figures/root_password.png b/docs/zh/docs/Installation/figures/root_password.png new file mode 100644 index 0000000000000000000000000000000000000000..ca40df8b04ac21f8ffcc8a99653832526b69340d Binary files /dev/null and b/docs/zh/docs/Installation/figures/root_password.png differ diff --git a/content/zh/docs/Installation/figures/security.png b/docs/zh/docs/Installation/figures/security.png similarity index 100% rename from content/zh/docs/Installation/figures/security.png rename to docs/zh/docs/Installation/figures/security.png diff --git "a/content/zh/docs/Installation/figures/\351\200\211\346\213\251.png" b/docs/zh/docs/Installation/figures/select.png similarity index 100% rename from "content/zh/docs/Installation/figures/\351\200\211\346\213\251.png" rename to docs/zh/docs/Installation/figures/select.png diff --git a/docs/zh/docs/Installation/figures/selectlanguage.png b/docs/zh/docs/Installation/figures/selectlanguage.png new file mode 100644 index 0000000000000000000000000000000000000000..0567fb4f90b6d3a751d0a17211b66d9afa7d71fd Binary files /dev/null and b/docs/zh/docs/Installation/figures/selectlanguage.png differ diff --git a/docs/zh/docs/Installation/figures/sourceftp.png b/docs/zh/docs/Installation/figures/sourceftp.png new file mode 100644 index 0000000000000000000000000000000000000000..5ad9f51194cca15288504f6dcc2800cc60917533 Binary files /dev/null and b/docs/zh/docs/Installation/figures/sourceftp.png differ diff --git a/docs/zh/docs/Installation/figures/sourcenfs.png b/docs/zh/docs/Installation/figures/sourcenfs.png new file mode 100644 index 0000000000000000000000000000000000000000..0f873d1c70ae5a2f27105c7ba7e575cf495b127b Binary files /dev/null and b/docs/zh/docs/Installation/figures/sourcenfs.png differ diff --git a/docs/zh/docs/Installation/figures/startinstall.png b/docs/zh/docs/Installation/figures/startinstall.png new file mode 100644 index 0000000000000000000000000000000000000000..227ec876dc1b0d6cbe6991c1bce1fc0837a344c0 Binary files /dev/null and b/docs/zh/docs/Installation/figures/startinstall.png differ diff --git a/docs/zh/docs/Installation/figures/startparam.png b/docs/zh/docs/Installation/figures/startparam.png new file mode 100644 index 0000000000000000000000000000000000000000..c40c02239a84d19b1520c7454d5c4f26dd38b1dd Binary files /dev/null and b/docs/zh/docs/Installation/figures/startparam.png differ diff --git a/content/zh/docs/Installation/figures/zh-cn_image_0229291229.png b/docs/zh/docs/Installation/figures/zh-cn_image_0229291229.png similarity index 100% rename from content/zh/docs/Installation/figures/zh-cn_image_0229291229.png rename to docs/zh/docs/Installation/figures/zh-cn_image_0229291229.png diff --git a/content/zh/docs/Installation/figures/zh-cn_image_0229291236.png b/docs/zh/docs/Installation/figures/zh-cn_image_0229291236.png similarity index 100% rename from content/zh/docs/Installation/figures/zh-cn_image_0229291236.png rename to docs/zh/docs/Installation/figures/zh-cn_image_0229291236.png diff --git a/content/zh/docs/Installation/figures/zh-cn_image_0229291243.png b/docs/zh/docs/Installation/figures/zh-cn_image_0229291243.png similarity index 100% rename from content/zh/docs/Installation/figures/zh-cn_image_0229291243.png rename to docs/zh/docs/Installation/figures/zh-cn_image_0229291243.png diff --git a/content/zh/docs/Installation/figures/zh-cn_image_0229291247.png b/docs/zh/docs/Installation/figures/zh-cn_image_0229291247.png similarity index 100% rename from content/zh/docs/Installation/figures/zh-cn_image_0229291247.png rename to docs/zh/docs/Installation/figures/zh-cn_image_0229291247.png diff --git a/content/zh/docs/Installation/figures/zh-cn_image_0229291264.jpg b/docs/zh/docs/Installation/figures/zh-cn_image_0229291264.jpg similarity index 100% rename from content/zh/docs/Installation/figures/zh-cn_image_0229291264.jpg rename to docs/zh/docs/Installation/figures/zh-cn_image_0229291264.jpg diff --git a/content/zh/docs/Installation/figures/zh-cn_image_0229291270.png b/docs/zh/docs/Installation/figures/zh-cn_image_0229291270.png similarity index 100% rename from content/zh/docs/Installation/figures/zh-cn_image_0229291270.png rename to docs/zh/docs/Installation/figures/zh-cn_image_0229291270.png diff --git a/content/zh/docs/Installation/figures/zh-cn_image_0229291272.png b/docs/zh/docs/Installation/figures/zh-cn_image_0229291272.png similarity index 100% rename from content/zh/docs/Installation/figures/zh-cn_image_0229291272.png rename to docs/zh/docs/Installation/figures/zh-cn_image_0229291272.png diff --git a/content/zh/docs/Installation/figures/zh-cn_image_0229291280.png b/docs/zh/docs/Installation/figures/zh-cn_image_0229291280.png similarity index 100% rename from content/zh/docs/Installation/figures/zh-cn_image_0229291280.png rename to docs/zh/docs/Installation/figures/zh-cn_image_0229291280.png diff --git a/content/zh/docs/Installation/figures/zh-cn_image_0229291286.png b/docs/zh/docs/Installation/figures/zh-cn_image_0229291286.png similarity index 100% rename from content/zh/docs/Installation/figures/zh-cn_image_0229291286.png rename to docs/zh/docs/Installation/figures/zh-cn_image_0229291286.png diff --git a/content/zh/docs/Installation/figures/zh-cn_image_0229420473.png b/docs/zh/docs/Installation/figures/zh-cn_image_0229420473.png similarity index 100% rename from content/zh/docs/Installation/figures/zh-cn_image_0229420473.png rename to docs/zh/docs/Installation/figures/zh-cn_image_0229420473.png diff --git a/content/zh/docs/Installation/figures/zh-cn_image_0231657950.png b/docs/zh/docs/Installation/figures/zh-cn_image_0231657950.png similarity index 100% rename from content/zh/docs/Installation/figures/zh-cn_image_0231657950.png rename to docs/zh/docs/Installation/figures/zh-cn_image_0231657950.png diff --git a/content/zh/docs/Installation/installation.md b/docs/zh/docs/Installation/installation.md similarity index 100% rename from content/zh/docs/Installation/installation.md rename to docs/zh/docs/Installation/installation.md diff --git a/content/zh/docs/Quickstart/public_sys-resources/icon-caution.gif b/docs/zh/docs/Installation/public_sys-resources/icon-caution.gif similarity index 100% rename from content/zh/docs/Quickstart/public_sys-resources/icon-caution.gif rename to docs/zh/docs/Installation/public_sys-resources/icon-caution.gif diff --git a/content/zh/docs/Quickstart/public_sys-resources/icon-danger.gif b/docs/zh/docs/Installation/public_sys-resources/icon-danger.gif similarity index 100% rename from content/zh/docs/Quickstart/public_sys-resources/icon-danger.gif rename to docs/zh/docs/Installation/public_sys-resources/icon-danger.gif diff --git a/content/zh/docs/Quickstart/public_sys-resources/icon-note.gif b/docs/zh/docs/Installation/public_sys-resources/icon-note.gif similarity index 100% rename from content/zh/docs/Quickstart/public_sys-resources/icon-note.gif rename to docs/zh/docs/Installation/public_sys-resources/icon-note.gif diff --git a/content/zh/docs/Quickstart/public_sys-resources/icon-notice.gif b/docs/zh/docs/Installation/public_sys-resources/icon-notice.gif similarity index 100% rename from content/zh/docs/Quickstart/public_sys-resources/icon-notice.gif rename to docs/zh/docs/Installation/public_sys-resources/icon-notice.gif diff --git a/content/zh/docs/Quickstart/public_sys-resources/icon-tip.gif b/docs/zh/docs/Installation/public_sys-resources/icon-tip.gif similarity index 100% rename from content/zh/docs/Quickstart/public_sys-resources/icon-tip.gif rename to docs/zh/docs/Installation/public_sys-resources/icon-tip.gif diff --git a/content/zh/docs/Quickstart/public_sys-resources/icon-warning.gif b/docs/zh/docs/Installation/public_sys-resources/icon-warning.gif similarity index 100% rename from content/zh/docs/Quickstart/public_sys-resources/icon-warning.gif rename to docs/zh/docs/Installation/public_sys-resources/icon-warning.gif diff --git "a/content/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" "b/docs/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" similarity index 91% rename from "content/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" rename to "docs/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" index ccf0fcdc377b462e1f9c5428b37e703e588b3176..d66146d669db0ef556ca1e1d93002360c592d725 100644 --- "a/content/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" +++ "b/docs/zh/docs/Installation/\344\275\277\347\224\250kickstart\350\207\252\345\212\250\345\214\226\345\256\211\350\243\205.md" @@ -80,7 +80,7 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 - 物理机/虚拟机(虚拟机创建可参考对应厂商的资料)。包括使用kickstart工具进行自动化安装的计算机和被安装的计算机。 - httpd:存放kickstart文件。 -- ISO: openEuler-20.09-beta-aarch64-dvd.iso +- ISO: openEuler-20.03-LTS-SP1-aarch64-dvd.iso ### 操作步骤 @@ -88,7 +88,7 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 **环境准备** ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >安装之前,请确保http服务器的防火墙处于关闭状态。关闭防火墙可参照如下命令: >``` >iptables -F @@ -156,7 +156,7 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 ===================================== ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >密码密文生成方式: >\# python3 >Python 3.7.0 \(default, Apr 1 2019, 00:00:00\) @@ -175,18 +175,18 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 **安装系统** 1. 启动系统进入安装选择界面。 - 1. 在“[启动安装](安装指导.html#启动安装)”中的“安装引导界面”中选择“Install openEuler 20.09-beta”,并按下“e”键。 + 1. 在“[启动安装](./安装指导.html#启动安装)”中的“安装引导界面”中选择“Install openEuler 20.03 LTS SP1”,并按下“e”键。 2. 启动参数中追加“inst.ks=http://server ip/ks/openEuler-ks.cfg”。 - ![](figures/半自动-new.png) + ![](./figures/startparam.png) 3. 按“Ctrl+x”,开始系统的自动安装。 2. 确认系统安装完毕。 - 系统安装完毕以后会自动重启,然后再次进入到安装界面,此时关闭计算机,调整启动顺序(优先从硬盘启动)。 + 系统安装完毕以后会自动重启,如果优先从光驱启动,会再次进入到安装界面,此时关闭计算机,调整启动顺序(优先从硬盘启动)。 - ![](figures/自动化安装完成.png) + ![](./figures/Automatic_installation_complete.png) ## 全自动化安装指导 @@ -199,7 +199,7 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 - httpd:存放kickstart文件。 - tftp:提供vmlinuz和initrd文件。 - dhcpd/pxe:提供DHCP服务。 -- ISO:openEuler-20.09-beta-aarch64-dvd.iso。 +- ISO:openEuler-20.03-LTS-SP1-aarch64-dvd.iso。 ### 操作步骤 @@ -207,7 +207,7 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 **环境准备** ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >安装之前,请确保http服务器的防火墙处于关闭状态。关闭防火墙可参照如下命令: >``` >iptables -F @@ -249,7 +249,7 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 3. 安装源的制作。 ``` - # mount openEuler-20.09-beta-aarch64-dvd.iso /mnt + # mount openEuler-20.03-LTS-SP1-aarch64-dvd.iso /mnt # cp -r /mnt/* /var/www/html/openEuler/ ``` @@ -271,7 +271,7 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 # System language lang zh_CN.UTF-8 #Use http installation source - url --url=http://192.168.122.1/openEuler/ + url --url=http://192.168.122.1/openEuler/ %post #enable kdump sed -i "s/ ro / ro crashkernel=1024M,high /" /boot/efi/EFI/openEuler/grub.cfg @@ -314,8 +314,8 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 ### BEGIN /etc/grub.d/10_linux ### - menuentry 'Install openEuler 20.09-beta' --class red --class gnu-linux --class gnu --class os { - set root=(tftp,192.168.122.1) + menuentry 'Install openEuler 20.03 LTS SP1' --class red --class gnu-linux --class gnu --class os { + set root=(tftp,192.168.1.1) linux /vmlinuz ro inst.geoloc=0 console=ttyAMA0 console=tty0 rd.iscsi.waitnet=0 inst.ks=http://192.168.122.1/ks/openEuler-ks.cfg initrd /initrd.img } @@ -351,14 +351,14 @@ TFTP(Trivial File Transfer Protocol,简单文件传输协议),该协议 1. 在“Start boot option”界面按下“F2”选择从网络pxe启动,开始自动化安装。 - ![](figures/zh-cn_image_0229291270.png) + ![](./figures/zh-cn_image_0229291270.png) - ![](figures/zh-cn_image_0229291286.png) + ![](./figures/zh-cn_image_0229291286.png) - ![](figures/zh-cn_image_0229291247.png) + ![](./figures/zh-cn_image_0229291247.png) 2. 进入系统全自动化安装界面。 3. 确认系统安装完毕。 - ![](figures/自动化安装完成.png) + ![](./figures/Automatic_installation_complete.png) diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205DDE.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205DDE.md" new file mode 100644 index 0000000000000000000000000000000000000000..7cdeeccca4c140588b3f16f171897a3076d08af8 --- /dev/null +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205DDE.md" @@ -0,0 +1,31 @@ +# 在 openEuler 上安装 DDE +#### 简介 + +DDE是统信软件团队研发的一款功能强大的桌面环境。包含数十款功能强大的桌面应用,是真正意义上的自主自研桌面产品。 + +#### 安装方法 + +1. [下载](https://openeuler.org/zh/download/)openEuler ISO镜像并安装系统 +2. 更新软件源 +```bash +sudo dnf update +``` +3. 安装DDE +```bash +sudo dnf install dde +``` +4. 设置以图形界面的方式启动 +```bash +sudo systemctl set-default graphical.target +``` +5. 重启 +```bash +sudo reboot +``` +6. 在重启完成后,使用安装过程中创建的用户或openeuler用户登陆桌面 + + > dde桌面无法使用root账号登陆 + > dde内置了openeuler用户,此用户的密码为openeuler + +现在您可以尽情的使用dde桌面了。 + diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205UKUI.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205UKUI.md" new file mode 100644 index 0000000000000000000000000000000000000000..6a59caedb1c2ae320bce9c074583c125c5931e6b --- /dev/null +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205UKUI.md" @@ -0,0 +1,21 @@ +# openEuler 20.03 SP1上UKUI的安装方法 +UKUI是麒麟软件团队历经多年打造的一款Linux 桌面,主要基于 GTK 和 QT开发。与其它UI界面相比,UKUI更加注重易用性和敏捷度,各元件相依性小,可以不依赖其它套件而独自运行,给用户带来亲切和高效的使用体验。 + +UKUI支持x86_64和aarch64两种架构。 + +安装时,建议新建一个管理员用户。 + +1.下载 openEuler-20.03-LTS SP1 镜像并安装系统。 +``` +sudo dnf update +``` +2.安装UKUI。 +``` +sudo dnf install ukui +``` +3.在确认正常安装后,如果希望以图形界面的方式启动,请在命令行运行以下代码,并重启(`reboot`)。 +``` +systemctl set-default graphical.target +``` +目前UKUI版本还在不断的更新,最新的安装方法请查阅: +[https://gitee.com/openkylin/ukui-issues](https://gitee.com/openkylin/ukui-issues) diff --git "a/content/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207-1.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207-1.md" similarity index 87% rename from "content/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207-1.md" rename to "docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207-1.md" index 41f27886ddf0917cd3a694d068872ef1f493dac7..84799f40559d3f1e5b28385c387d994d83a58c6c 100644 --- "a/content/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207-1.md" +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207-1.md" @@ -19,16 +19,13 @@ 在安装开始前,您需要获取 openEuler 发布的树莓派镜像及其校验文件。 -1. 登录[openEuler社区](https://openeuler.org)网站。 -2. 单击“下载”。 -3. 单击“获取ISO:”后面的“Link”,显示版本列表。 -4. 单击“openEuler-20.09”,进入 openEuler 20.09 版本下载列表。 -5. 单击“RaspberryPi”,进入树莓派镜像的下载列表。 +1. 登录[openEuler社区](https://openeuler.org/zh/download/)网站。 +2. 单击卡片 openEuler 20.03 LTS SP1 上的“下载”按钮。 +3. 单击“raspi_img”,进入树莓派镜像的下载列表。 - aarch64:AArch64 架构的镜像。 - -6. 单击“aarch64”,进入树莓派 AArch64 架构镜像的下载列表。 -7. 单击“openEuler-20.09-RaspberryPi.aarch64.img.xz”,将 openEuler 发布的树莓派镜像下载到本地。 -8. 单击“openEuler-20.09-RaspberryPi.aarch64.img.xz.sha256sum”,将 openEuler 发布的树莓派镜像的校验文件下载到本地。 +4. 单击“aarch64”,进入树莓派 AArch64 架构镜像的下载列表。 +5. 单击“openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz”,将 openEuler 发布的树莓派镜像下载到本地。 +6. 单击“openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum”,将 openEuler 发布的树莓派镜像的校验文件下载到本地。 ## 镜像完整性校验 @@ -42,9 +39,9 @@ 在校验镜像文件的完整性之前,需要准备如下文件: -镜像文件:openEuler-20.09-RaspberryPi.aarch64.img.xz +镜像文件:openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz -校验文件:openEuler-20.09-RaspberryPi.aarch64.img.xz.sha256sum +校验文件:openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum ### 操作指导 @@ -53,13 +50,13 @@ 1. 获取校验文件中的校验值。执行命令如下: ``` - $ cat openEuler-20.09-RaspberryPi.aarch64.img.xz.sha256sum + $ cat openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz.sha256sum ``` 2. 计算文件的 sha256 校验值。执行命令如下: ``` - $ sha256sum openEuler-20.09-RaspberryPi.aarch64.img.xz + $ sha256sum openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz ``` 命令执行完成后,输出校验值。 diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" new file mode 100644 index 0000000000000000000000000000000000000000..333dd0195c8a373c958a7730856e7c0ad3b13644 --- /dev/null +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\207\206\345\244\207.md" @@ -0,0 +1,145 @@ +# 安装准备 + +介绍安装前需要考虑软硬件兼容性状况,以及相关的配置和准备工作。 + + +- [安装准备](#安装准备) + - [获取安装源](#获取安装源) + - [发布包完整性校验](#发布包完整性校验) + - [简介](#简介) + - [前提条件](#前提条件) + - [操作指导](#操作指导) + - [物理机的安装要求](#物理机的安装要求) + - [硬件兼容支持](#硬件兼容支持) + - [最小硬件要求](#最小硬件要求) + - [虚拟机的安装要求](#虚拟机的安装要求) + - [虚拟化平台兼容性](#虚拟化平台兼容性) + - [最小虚拟化空间要求](#最小虚拟化空间要求) + + + +## 获取安装源 + +在安装开始前,您需要获取openEuler的发布包和校验文件。 + +请按以下步骤获取openEuler的发布包和校验文件: + +1. 登录[openEuler社区](https://openeuler.org)网站。 +2. 单击“下载”。 +3. 单击“获取ISO:”后面的“Link”,显示版本列表。 +4. 单击“openEuler-20.03-LTS-SP1”,进入openEuler 20.03 LTS SP1版本下载列表。 +5. 单击“ISO”,进入ISO下载列表。 + - aarch64:AArch64架构的ISO。 + - x86\_64:x86\_64架构的ISO。 + - source:openEuler源码ISO。 + +6. 根据实际待安装环境的架构选择需要下载的openEuler的发布包和校验文件。 + - 若为AArch64架构。 + 1. 单击“aarch64”。 + 2. 若选择本地安装,分别将发布包 “openEuler-20.03-LTS-SP1-aarch64-dvd.iso”和校验文件“openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum”下载到本地。 + 3. 若选择网络安装,分别将发布包 “openEuler-20.03-LTS-SP1-netinst-aarch64-dvd.iso”和校验文件“openEuler-20.03-LTS-SP1-netinst-aarch64-dvd.iso.sha256sum”下载到本地。 + + - 若为x86\_64架构。 + 1. 单击“x86\_64”。 + 2. 若选择本地安装,分别将发布包 “openEuler-20.03-LTS-SP1-x86\_64-dvd.iso”和校验文件“openEuler-20.03-LTS-SP1-x86\_64-dvd.iso.sha256sum”下载到本地。 + 3. 若选择网络安装,分别将发布包 “openEuler-20.03-LTS-SP1-netinst-x86\_64-dvd.iso ”和校验文件“openEuler-20.03-LTS-SP1-netinst-x86\_64-dvd.iso.sha256sum”下载到本地。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> 网络安装方式的 ISO 发布包较小,在有网络的安装环境可以选择网络安装方式。 + +## 发布包完整性校验 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>本章节以AArch64架构的发布包完整性校验为例,x86\_64架构的发布包完整性校验的操作方法相同。 + +### 简介 + +为了防止软件包在传输过程中由于网络原因或者存储设备原因出现下载不完整的问题,在获取到软件包后,需要对软件包的完整性进行校验,通过了校验的软件包才能部署。 + +这里通过对比校验文件中记录的校验值和手动方式计算的iso文件校验值,判断软件包是否完成。若两个值相同,说明iso文件完整,否则,iso完整性被破坏,请重新获取iso发布包。 + +### 前提条件 + +在校验发布包完整性之前,需要准备如下文件: + +iso文件:openEuler-20.03-LTS-SP1-aarch64-dvd.iso + +校验文件:openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum + +### 操作指导 + +文件完整性校验操作步骤如下: + +1. 获取校验文件中的校验值。执行命令如下: + + ``` + $ cat openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum + ``` + +2. 计算文件的sha256校验值。执行命令如下: + + ``` + $ sha256sum openEuler-20.03-LTS-SP1-aarch64-dvd.iso + ``` + + 命令执行完成后,输出校验值。 + +3. 对比步骤1和步骤2计算的校验值是否一致。 + + 如果校验值一致说明iso文件完整性没有破坏,如果校验值不一致则可以确认文件完整性已被破坏,需要重新获取。 + +## 物理机的安装要求 + +若需要在物理机环境上安装openEuler操作系统,则物理机需要满足如下的硬件兼容性和最小硬件要求。 + +### 硬件兼容支持 + +openEuler安装时,应注意硬件兼容性方面的问题,当前已支持的服务器类型如[表1](#table14948632047)所示。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- TaiShan 200服务器基于华为鲲鹏920处理器。 +>- 当前仅支持华为TaiShan服务器和FusionServer Pro 机架服务器,后续将逐步增加对其他厂商服务器的支持。 + +**表 1** 支持的服务器类型 +| 服务器形态 | 服务器名称 | 服务器型号 | +| :---- | :---- | :---- | +| 机架服务器 | TaiShan 200 | 2280均衡型 | +| 机架服务器 | FusionServer Pro 机架服务器 | FusionServer Pro 2288H V5(服务器要求配置Avago 3508 RAID控制卡和启用LOM-X722网卡) | + +### 最小硬件要求 + +openEuler所需的最小硬件要求如[表2](#tff48b99c9bf24b84bb602c53229e2541)所示。 + +**表 2** 最小硬件要求 + +| 部件名称 | 最小硬件要求 | +| :---- | :---- | +| 架构 | AArch64或x86_64 | +| CPU | 2个CPU | +| 内存 | 不小于4GB(为了获得更好的应用体验,建议不小于8GB) | +| 硬盘 | 不小于32GB(为了获得更好的应用体验,建议不小于120GB) | + +## 虚拟机的安装要求 + +若需要在虚拟机环境上安装openEuler操作系统,则虚拟机需要满足如下的虚拟化平台兼容性和最小虚拟化要求。 + +### 虚拟化平台兼容性 + +openEuler安装时,应注意虚拟化平台兼容性的问题,当前已支持的虚拟化平台为: + +- openEuler自有的虚拟化组件(HostOS为openEuler,虚拟化组件为发布包中的qemu、KVM)创建的虚拟化平台。 +- 华为公有云的x86虚拟化平台。 + +### 最小虚拟化空间要求 + +openEuler所需的最小虚拟化空间要求如[表3](#tff48b99c9bf24b84bb602c53229e2541)所示。 + +**表 3** 最小虚拟化空间要求 + +| 部件名称 | 最小虚拟化空间要求 | +| :---- | :---- | +| 架构 | AArch64或x86_64 | +| CPU | 2个CPU | +| 内存 | 不小于4GB(为了获得更好的应用体验,建议不小于8GB) | +| 硬盘 | 不小于32GB(为了获得更好的应用体验,建议不小于120GB) | diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md" new file mode 100644 index 0000000000000000000000000000000000000000..256a1f0899d9030ac421b6cc4dbc00d88f7821d3 --- /dev/null +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md" @@ -0,0 +1,3 @@ +# 安装在服务器 + +本文是介绍 openEuler 操作系统安装在服务器的方法,使用本手册的用户需要具备基础的 Linux 系统管理知识。 \ No newline at end of file diff --git "a/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md" new file mode 100644 index 0000000000000000000000000000000000000000..72f5e0c176383b7ccedbf937240d6263b082355e --- /dev/null +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md" @@ -0,0 +1,3 @@ +# 安装在树莓派 + +本文是介绍 openEuler 操作系统安装在树莓派的方法,使用本手册的用户需要具备基础的 Linux 系统管理知识。 \ No newline at end of file diff --git "a/content/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274-1.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274-1.md" similarity index 89% rename from "content/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274-1.md" rename to "docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274-1.md" index 73ea046de2099e3662fcb3f365b7df861e9f2929..d8416251b0e3eb647842b0558fc3d07226173443 100644 --- "a/content/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274-1.md" +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274-1.md" @@ -1,6 +1,6 @@ # 安装指导 -本章介绍将“[树莓派镜像刷写入 SD 卡](安装方式介绍-1.html)”后,启用树莓派的主要过程。 +本章介绍将“[树莓派镜像刷写入 SD 卡](./安装方式介绍-1.html)”后,启用树莓派的主要过程。 - [安装指导](#安装指导) @@ -24,15 +24,11 @@ 1. 本地登录 - 树莓派连接显示器(树莓派视频输出接口为 Micro HDMI)、键盘、鼠标后,启动树莓派,可以看到树莓派启动日志输出到显示器上。待树莓派启动成功,输入用户名(root)和密码(openEuler12#$)登录。 + 树莓派连接显示器(树莓派视频输出接口为 Micro HDMI)、键盘、鼠标后,启动树莓派,可以看到树莓派启动日志输出到显示器上。待树莓派启动成功,输入用户名(root)和密码(openeuler)登录。 2. ssh 远程登录 - 树莓派默认采用 DHCP 的方式自动获取 IP。如果树莓派连接已知路由器,可登录路由器查看,新增的 IP 即为树莓派 IP。 - - **图 1** 获取 IP - ![](figures/获取IP.png "获取 IP") - - 从上图看到,树莓派对应 IP 为:192.168.31.109,使用命令 `ssh root@192.168.1.109` 后输入密码 `openEuler12#$`,即可远程登录树莓派。 + + 树莓派默认采用 DHCP 的方式自动获取 IP。如果树莓派连接已知路由器,可登录路由器查看,新增的 IP 即为树莓派 IP。例如,树莓派对应 IP 为:192.168.31.109,使用命令 `ssh root@192.168.1.109` 后输入密码 `openeuler`,即可远程登录树莓派。 ## 配置系统 @@ -67,7 +63,7 @@ 这里我们需要将根目录分区 `/dev/mmcblk0p3` 进行扩容。 -2. 在 root 权限下执行 `fdisk /dev/mmcblk0` 命令进入到交互式命令行界面,按照以下步骤扩展分区,如[图3](#zh-cn_topic_0151920806_f6ff7658b349942ea87f4521c0256c315)所示。 +2. 在 root 权限下执行 `fdisk /dev/mmcblk0` 命令进入到交互式命令行界面,按照以下步骤扩展分区,如[图 1](#zh-cn_topic_0151920806_f6ff7658b349942ea87f4521c0256c315)所示。 1. 输入 `p`,查看分区信息。 @@ -80,15 +76,15 @@ 6. 输入 `3` 或直接按 `Enter`,创建序号为 `3` 的分区,即 `/dev/mmcblk0p3` 分区。 7. 输入新分区的起始扇区号,即第 `1` 步中记录的起始扇区号,示例中为 `1593344`。 - >![](public_sys-resources/icon-notice.gif) **须知:** + >![](./public_sys-resources/icon-notice.gif) **须知:** >请勿直接按“Enter”或使用默认参数。 8. 按 `Enter`,使用默认的最后一个扇区号作为新分区的终止扇区号。 9. 输入 `N`,不修改扇区标记。 10. 输入 `w`,保存分区设置并退出交互式命令行界面。 - **图 3** 分区扩容 - ![](figures/分区扩容.png "分区扩容") + **图 1** 分区扩容 + ![](./figures/Partition_expansion.png) 3. 在 root 权限下执行 `fdisk -l` 命令查看磁盘分区信息,以确保磁盘分区正确。命令和回显如下: @@ -110,7 +106,7 @@ 4. 在 root 权限下执行 `resize2fs /dev/mmcblk0p3`,增大未加载的文件系统大小。 5. 执行 `df -lh` 命令查看磁盘空间信息,以确保根目录分区已扩展。 - >![](public_sys-resources/icon-notice.gif) **须知:** + >![](./public_sys-resources/icon-notice.gif) **须知:** >如果根目录分区未扩展,可执行 `reboot` 命令重启树莓派之后再在 root 权限下执行 `resize2fs /dev/mmcblk0p3`。 ### 连接 WIFI diff --git "a/content/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" similarity index 64% rename from "content/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" rename to "docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" index e120f9e6650022b6922f41cadd53cae795781790..c1da42b74f2f6139e497ae2c16674da069c03ce9 100644 --- "a/content/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\214\207\345\257\274.md" @@ -1,324 +1,331 @@ -# 安装指导 - -本章以光盘安装为例介绍安装openEuler,其他安装方式除在启动安装时的引导方式不同外,待启动安装后则安装流程相同,在此不再说明。 - - -- [安装指导](#安装指导) - - [启动安装](#启动安装) - - [使用光盘引导安装](#使用光盘引导安装) - - [安装引导界面](#安装引导界面) - - [图形化模式安装](#图形化模式安装) - - [设置安装程序语言](#设置安装程序语言) - - [进入安装界面](#进入安装界面) - - [设置键盘](#设置键盘) - - [设置系统语言](#设置系统语言) - - [设置时间和日期](#设置时间和日期) - - [设置安装源](#设置安装源) - - [选择安装软件](#选择安装软件) - - [设置安装目的地](#设置安装目的地) - - [存储配置](#存储配置) - - [设置网络和主机名](#设置网络和主机名) - - [设置根密码](#设置根密码) - - [密码复杂度](#密码复杂度) - - [创建用户](#创建用户) - - [开始安装](#开始安装) - - [安装过程](#安装过程) - - [安装完成](#安装完成) - - - -## 启动安装 - -### 使用光盘引导安装 - -在服务器的光驱中加载openEuler安装镜像,重启服务器,具体步骤如下。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->在安装开始前,需要保证服务器启动选项为光驱优先。安装步骤以BMC挂载虚拟光驱进行光盘安装的操作举例。通过物理光驱安装的操作简单,启动安装后的流程相同,在此不再说明。 - -1. 在虚拟界面工具栏中,单击虚拟光驱工具如下图所示。 - - **图 1** 光驱图标 - ![](figures/光驱图标.png "光驱图标") - - 弹出镜像对话框,如下图所示。 - - **图 2** 镜像对话框 - ![](figures/镜像对话框.png "镜像对话框") - -2. 在镜像对话框中,选择“镜像文件”, 并单击“浏览”。弹出“打开”对话框。 -3. 选择镜像文件,单击“打开”。然后在镜像对话框中,单击“连接”。当“连接”显示为“断开”后,表示虚拟光驱已连接到服务器。 -4. 在工具栏中,单击重启工具重启设备,如下图所示。 - - **图 3** 重启图标 - ![](figures/重启图标.png "重启图标") - - -### 安装引导界面 - -系统使用引导介质完成引导后会显示引导菜单。该引导菜单除启动安装程序外还提供一些选项。安装系统时,默认采用“Test this media & install openEuler 20.09-beta”方式进行安装。如果要选择默认选项之外的选项,请使用键盘中的“↑”和“↓”方向键进行选择,并在选项为高亮状态时按“Enter”。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->- 如果60秒内未按任何键,系统将从默认选项“Test this media & install openEuler 20.09-beta”自动进入安装界面。 ->- 安装物理机时,如果使用键盘上下键无法选择启动选项,按“Enter”键无响应,可以单击BMC界面上的鼠标控制图标“![](figures/zh-cn_image_0229420473.png)”,设置“键鼠复位”。 - -**图 4** 安装引导界面 -![](figures/安装引导界面.png "安装引导界面") - -安装引导选项说明如下: - -- Install openEuler 20.09-beta —— 在您的服务器上使用图形用户界面模式安装。 - -- Test this media & install openEuler 20.09-beta —— 默认选项,在您的服务器上使用图形用户界面模式安装,但在启动安装程序前会进行安装介质的完整性检查。 - -- Troubleshooting —— 问题定位模式,系统无法正常安装时使用。进入问题定位模式后,有如下两个选项。 - - Install openEuler 20.09-beta in basic graphics mode —— 简单图形安装模式,该模式下在系统启动并运行之前不启动视频驱动程序。 - - Rescue the openEuler system —— 救援模式,用于修复系统。该模式下输出定向到VNC或BMC(Baseboard Management Controller)端,串口不可用。 - -在安装引导界面,按“e”进入已选选项的参数编辑界面,按“c”进入命令行模式。 - -### 图形化模式安装 - -在“安装引导界面”中选择“Test this media & install openEuler 20.09-beta”进入图形化模式安装。 - -可以通过键盘操作图形化安装程序。 - -- “Tab”、“shift Tab”:界面控件(按钮、区域框、复选框等)间的移动。 -- “↑”、“↓”方向键:列表里的移动。 -- “←”、“→”方向键:水平工具条和表条间移动。 -- “空格”、“Enter”:选择或删除高亮显示的选项、展开或折叠下拉菜单。 -- “Alt”+“快捷键”:选择快捷键所在的控件,其中快捷键可通过按住Alt高亮(加下划线)显示。 - -## 设置安装程序语言 - -启动安装后,在进入安装程序主界面之前,系统会提示用户设置安装过程中使用的语言。当前默认为英语,用户可根据实际情况进行调整,如[图5](#zh-cn_topic_0186390093_zh-cn_topic_0122145864_fig144630179151)所示,选择“中文”。 - -**图 5** 选择语言 -![](figures/选择语言.png "选择语言") - -完成设置后,单击“继续”,进入安装设置主界面。 - -如果您想退出安装,可以单击“退出”并在弹出的“您确定要退出安装程序吗?”对话框中单击“是”重新进入“安装引导界面”。 - -## 进入安装界面 - -系统安装程序正常启动后,会进入[图6](#zh-cn_topic_0186390094_zh-cn_topic_0122145883_fig5969171592212)所示的安装设置主界面。用户可以进行时间、语言、安装源、网络、安装位置等相关设置。 - -部分配置项会有告警符号,用户完成该选项配置后,告警符号消失。当界面上不存在告警符号时,用户才能单击“开始安装”进行系统安装。 - -如果您想退出安装,可以单击“退出”并在弹出的“您确定要退出安装程序吗?”对话框中单击“是”重新进入“安装引导界面”。 - -**图 6** 安装概览 -![](figures/安装概览.png "安装概览") - -## 设置键盘 - -在“安装概览”页面中选择“键盘”,用户可以在系统中添加或者删除多个键盘布局。 - -- 要查看键盘布局,请在左侧选框中单击选中该键盘布局,然后单击下面的“键盘”按钮。 -- 要测试键盘布局,请在左侧选框中添加键盘布局,然后在右上角键盘图标处进行点击切换为目标键盘,单击右侧文本框内部,输入文本以确认所选键盘布局可正常工作。 - -**图 7** 键盘布局 -![](figures/键盘布局.png "键盘布局") - -设置完成后,请单击左上角“完成”返回“安装概览”页面。 - -## 设置系统语言 - -在“安装概览”页面中选择“语言支持”,设置系统的语言。如[图8](#zh-cn_topic_0186390098_zh-cn_topic_0122145772_fig187301927172619)所示,用户也可根据实际情况进行调整,选择“中文”。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->若选择“中文”,系统安装完成后,使用VNC登录不支持中文显示,使用串口登录支持中文显示,使用SSH登录时是否支持中文显示与使用的SSH客户端有关。若选择“English”,则无影响。 - -**图 8** 语言支持 -![](figures/语言支持.png "语言支持") - -设置完成后,请单击左上角“完成”返回“安装概览”页面。 - -## 设置时间和日期 - -在“安装概览”页面中选择“时间和日期”,设置系统的时区、日期、时间等。 - -设置时区时,用户可通过鼠标在地图上单击指定的城市,也可以通过页面顶部的“地区”和“城市”下拉菜单中进行选择,如[图9](#zh-cn_topic_0186390096_zh-cn_topic_0122145900_fig1260162652312)所示。 - -如果您所在城市没有出现在地图或下拉菜单中,请选择同一时区中离您最近的城市。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->- 手动设置时区时,请先关闭右上角“网络时间”同步开关。 ->- 如需使用网络时间,请保证网络能连通远程NTP服务器,设置网络具体请参见“[设置网络和主机名](#设置网络和主机名)”。 - -**图 9** 日期和时间 -![](figures/日期和时间.png "日期和时间") - -设置完成后,请单击左上角“完成”返回“安装概览”页面。 - -## 设置安装源 - -在“安装概览”页面中选择“安装源”,指定安装源的位置。 - -当使用完整光盘安装,安装程序会自动探测并显示安装源信息,用户直接使用默认配置即可,不需要进行设置,如[图10](#zh-cn_topic_0186390100_zh-cn_topic_0144427079_fig93633295132)所示。 - -**图 10** 安装源 -![](figures/安装源.png "安装源") - -当使用网络https源进行安装的时候,如果https服务器使用的是私有证书,则需要在安装引导界面按“e”进入已选选项的参数编辑界面,在参数中增加inst.noverifyssl参数,如[图11](#fig113517811415)所示。 - -**图 11** 增加inst.noverifyssl参数 -![](figures/增加inst-noverifyssl参数.png "增加inst-noverifyssl参数") - -设置完成后,请单击左上角“完成”返回“安装概览”页面。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->安装过程中,如果“设置安装源”有疑问,可参考“[选择安装源出现异常](FAQ.html#选择安装源出现异常)”。 - -## 选择安装软件 - -在“安装概览”页面中选择“软件选择”,指定需要安装的软件包。 - -用户需要根据实际的业务需求,在左侧选择一个“最小安装”,在右侧选择安装环境的附加选项,如[图12](#zh-cn_topic_0186390261_zh-cn_topic_0122145865_fig03031519101414)所示。 - -**图 12** 软件选择 -![](figures/软件选择.png "软件选择") - ->![](public_sys-resources/icon-note.gif) **说明:** ->- 在最小安装的环境下,并非安装源中所有的包都会安装。如果用户需要使用的包未安装,可将安装源挂载到本地制作repo源,通过DNF工具单独安装。 ->- 选择“虚拟化主机”时会默认安装虚拟化组件qemu、libvirt、edk2,且可在附件选项处选择是否安装ovs等组件。 - -设置完成后,请单击左上角“完成”返回“安装概览”页面。 - -## 设置安装目的地 - -在“安装概览”页面中选择“安装目的地”,设置操作系统的安装磁盘及分区。 - -在[图13](#fig1195417125015)所示的页面中您可以看到计算机中的本地可用存储设备。 - ->![](public_sys-resources/icon-notice.gif) **须知:** ->在选择您需要安装的设备时,建议不要选择NVMe SSD存储介质作为操作系统的安装磁盘。 - -**图 13** 安装目标位置 -![](figures/安装目标位置.png "安装目标位置") - -### 存储配置 - -在“安装目标位置”界面,您需要进行存储配置以便对系统分区。您可以手动配置分区,也可以选择让安装程序自动分区。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->- 在进行分区时,出于系统性能和安全的考虑,建议您划分如下单独分区:/boot、/var、/var/log 、/var/log/audit、/home、/tmp。 ->- 系统如果配置了swap分区,当系统的物理内存不够用时,会使用swap分区。虽然 swap分区可以增大物理内存大小的限制,但是如果由于内存不足使用到swap分区,会增加系统的响应时间,性能变差。因此在物理内存充足或者性能敏感的系统中,不建议配置swap分区。 ->- 如果需要拆分逻辑卷组则需要选择“自定义”进行手动分区,并在“手动分区”界面单击“卷组”区域中的“修改”按钮重新配置卷组。 - -**自动** - -如果是在未使用过的存储设备中执行全新安装,或者不需要保留该存储设备中任何数据,建议选择“自动”进行自动分区。 - -若您需要对数据进行加密,您可以在“安装目标位置”界面选择“加密我的数据”,并单击左上角“完成”,出现如[图14](#fig_setcode)所示的“磁盘加密口令”对话框。请分别在“口令”和“确认”中输入相同的加密口令,且口令需要符合密码复杂度,具体请参考[密码复杂度](#密码复杂度)。设置完成后,请单击“保存口令”返回“安装概览”页面。 - ->![](figures/zh-cn_image_0229291229.png) ->若口令丢失,将无法找回,且无法访问所有加密的分区以及其中的数据。请妥善保管口令。 - -**图 14** 磁盘加密口令 -![](figures/磁盘加密口令.png "磁盘加密口令") - -**自定义** - -若用户需进行手动分区,选择“自定义”按钮,并单击左上角“完成”,出现手动分区界面。 - -在“手动分区”界面可以通过如下两种方式进行分区,分区完成后如[图15](#fig1277151815248)所示。 - -- 自动创建:在界面单击“点击这里自动创建它们”,系统会根据可用的存储空间,自动分出4个挂载点:/boot 、/、/boot/efi、swap。 - -- 手动创建:单击“![](figures/zh-cn_image_0229291243.png)”添加新挂载点,建议每个挂载点的期望容量不超过可用空间。 - - >![](public_sys-resources/icon-note.gif) **说明:** - >若设置的挂载点期望容量超过了可用空间,系统将剩余的可用空间全部分配给该挂载点。 - -**图 15** 手动分区 -![](figures/手动分区.png "手动分区") - -若您需要对数据进行加密,您可以在需要加密的挂载点的“设备类型”区域中选择“加密”,并单击左上角“完成”,出现如[图14](#fig_setcode)所示的“磁盘加密口令”对话框。请分别在“口令”和“确认”中输入相同的加密口令,且口令需要符合密码复杂度,具体请参考[密码复杂度](#密码复杂度)。设置完成后,请单击“保存口令”返回“手动分区”界面。 - ->![](figures/zh-cn_image_0229291229.png) ->若口令丢失,将无法找回,且无法访问所有加密的分区以及其中的数据。请妥善保管口令。 - -设置完成后,请单击左上角“完成”返回“安装概览”页面。 - -## 设置网络和主机名 - -在“安装概览”页面中选择“网络和主机名”,设置系统的网络功能。 - -安装程序会自动探测可本地访问的接口。探测到的接口列在左侧方框中,右侧显示相应的接口详情,如[图16](#zh-cn_topic_0186390264_zh-cn_topic_0122145831_fig123700157297)所示。用户可以通过页面右上角的开关,来开启或者关闭网络接口。用户还可以单击“配置”以配置选中的接口。 - -用户可在页面下方“主机名”字段输入主机名。主机名可以是完全限定域名(FQDN),其格式为hostname.domainname;也可以是简要主机名,其格式为hostname。 - -**图 16** 网络和主机名 -![](figures/网络和主机名.png "网络和主机名") - -设置完成后,请单击左上角“完成”返回“安装概览”页面。 - -## 设置根密码 - -在“安装概览”页面中选择“根密码”,弹出设置“ROOT密码”界面,如[图17](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018)所示,根据[密码复杂度](#密码复杂度)输入密码并再次输入密码进行确认。 - ->![](public_sys-resources/icon-note.gif) **说明:** -> ->- root帐户是用来执行关键系统管理任务,不建议您在日常工作及系统访问时使用root帐户。 -> ->- 在“ROOT密码”界面若选择“锁定root帐户”则root帐户将禁用。 - -**图 17** root密码 -![](figures/root密码.png "root密码") - -### 密码复杂度 - -用户设置的root用户密码或新创建用户的密码均需要满足密码复杂度要求,否则会导致密码设置或用户创建失败。设置密码的复杂度的要求如下: - -1. 口令长度至少8个字符。 -2. 口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种。 -3. 口令不能和账号一样。 -4. 口令不能使用字典词汇。 - - >![](public_sys-resources/icon-note.gif) **说明:** - > 在已装好的openEuler环境中,可以通过`cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt`命令导出字典库文件dictionary.txt,用户可以查询密码是否在该字典中。 - -完成设置后,单击左上角的“完成”返回“安装概览”页面。 - -## 创建用户 - -在“安装概览”页面中选择“创建用户”,弹出“创建用户”的界面如[图18](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319)所示。输入用户名,并设置密码。另外您还可以通过“高级”选项设置用户主目录、用户组等,如[图19](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig128716531312)所示。 - -**图 18** 创建用户 -![](figures/创建用户.png "创建用户") - -**图 19** 高级用户配置 -![](figures/高级用户配置.png "高级用户配置") - -完成设置后,单击左上角的“完成”返回“安装概览”页面。 - - -## 开始安装 - -在安装界面上完成所有必填选项的配置后,界面上的警告会消失。此时,用户可以单击“开始安装”进行系统安装。 - -**图 20** 开始安装 -![](figures/开始安装.png "开始安装") - -## 安装过程 - -开始安装后会出现进度页面,显示安装进度及所选软件包写入系统的进度,如[图21](zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1590863119306)所示。 - ->![](figures/zh-cn_image_0229291229.png) ->若系统安装过程中,单击“退出”,或复位、下电服务器,则安装过程被中断,系统将不可用,需要重新进行安装。 - -**图 21** 安装过程 -![](figures/安装过程.png "安装过程") - - -## 安装完成 - -此刻,openEuler已完成安装,如[图22](#zh-cn_topic_0186390267_zh-cn_topic_0122145917_fig1429512116338)所示。单击“重启系统”后,系统将重新启动。 - -**图 22** 完成安装 -![](figures/完成安装.png "完成安装") - -- 如果当前使用物理光盘安装操作系统,且在重启过程中安装光盘没有自动弹出,请手动取出光盘,则可以直接进入openEuler命令行登录界面。 -- 如果当前使用虚拟光驱安装操作系统,则需要修改服务器的启动项为“硬盘”,然后重启服务器,则可以直接进入openEuler命令行登录界面。 +# 安装指导 + +本章以光盘安装为例介绍安装openEuler,其他安装方式除在启动安装时的引导方式不同外,待启动安装后则安装流程相同,在此不再说明。 + + +- [安装指导](#安装指导) + - [启动安装](#启动安装) + - [使用光盘引导安装](#使用光盘引导安装) + - [安装引导界面](#安装引导界面) + - [图形化模式安装](#图形化模式安装) + - [设置安装程序语言](#设置安装程序语言) + - [进入安装界面](#进入安装界面) + - [设置键盘](#设置键盘) + - [设置系统语言](#设置系统语言) + - [设置时间和日期](#设置时间和日期) + - [设置安装源](#设置安装源) + - [选择安装软件](#选择安装软件) + - [设置安装目的地](#设置安装目的地) + - [存储配置](#存储配置) + - [设置网络和主机名](#设置网络和主机名) + - [设置根密码](#设置根密码) + - [密码复杂度](#密码复杂度) + - [创建用户](#创建用户) + - [开始安装](#开始安装) + - [安装过程](#安装过程) + - [安装完成](#安装完成) + + + +## 启动安装 + +### 使用光盘引导安装 + +在服务器的光驱中加载openEuler安装镜像,重启服务器,具体步骤如下。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>在安装开始前,需要保证服务器启动选项为光驱优先。安装步骤以BMC挂载虚拟光驱进行光盘安装的操作举例。通过物理光驱安装的操作简单,启动安装后的流程相同,在此不再说明。 + +1. 在虚拟界面工具栏中,单击虚拟光驱工具如下图所示。 + + **图 1** 光驱图标 + ![](./figures/CD-ROM_drive_icon.png) + + 弹出镜像对话框,如下图所示。 + + **图 2** 镜像对话框 + ![](./figures/Image_dialog_box.png) + +2. 在镜像对话框中,选择“镜像文件”, 并单击“浏览”。弹出“打开”对话框。 +3. 选择镜像文件,单击“打开”。然后在镜像对话框中,单击“连接”。当“连接”显示为“断开”后,表示虚拟光驱已连接到服务器。 +4. 在工具栏中,单击重启工具重启设备,如下图所示。 + + **图 3** 重启图标 + ![](./figures/restarticon.png) + + +### 安装引导界面 + +系统使用引导介质完成引导后会显示引导菜单。该引导菜单除启动安装程序外还提供一些选项。安装系统时,默认采用“Test this media & install openEuler 20.03-LTS-SP1”方式进行安装。如果要选择默认选项之外的选项,请使用键盘中的“↑”和“↓”方向键进行选择,并在选项为高亮状态时按“Enter”。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>- 如果60秒内未按任何键,系统将从默认选项“Test this media & install openEuler 20.03-LTS-SP1”自动进入安装界面。 +>- 安装物理机时,如果使用键盘上下键无法选择启动选项,按“Enter”键无响应,可以单击BMC界面上的鼠标控制图标“![](./figures/zh-cn_image_0229420473.png)”,设置“键鼠复位”。 + +**图 4** 安装引导界面 +![](./figures/Installation_wizard.png) + +安装引导选项说明如下: + +- Install openEuler 20.03-LTS-SP1 —— 在您的服务器上使用图形用户界面模式安装。 + +- Test this media & install openEuler 20.03-LTS-SP1 —— 默认选项,在您的服务器上使用图形用户界面模式安装,但在启动安装程序前会进行安装介质的完整性检查。 + +- Troubleshooting —— 问题定位模式,系统无法正常安装时使用。进入问题定位模式后,有如下两个选项。 + - Install openEuler 20.03-LTS-SP1 in basic graphics mode —— 简单图形安装模式,该模式下在系统启动并运行之前不启动视频驱动程序。 + - Rescue the openEuler system —— 救援模式,用于修复系统。该模式下输出定向到VNC或BMC(Baseboard Management Controller)端,串口不可用。 + +在安装引导界面,按“e”进入已选选项的参数编辑界面,按“c”进入命令行模式。 + +### 图形化模式安装 + +在“安装引导界面”中选择“Test this media & install openEuler 20.03-LTS-SP1”进入图形化模式安装。 + +可以通过键盘操作图形化安装程序。 + +- “Tab”、“shift Tab”:界面控件(按钮、区域框、复选框等)间的移动。 +- “↑”、“↓”方向键:列表里的移动。 +- “←”、“→”方向键:水平工具条和表条间移动。 +- “空格”、“Enter”:选择或删除高亮显示的选项、展开或折叠下拉菜单。 +- “Alt”+“快捷键”:选择快捷键所在的控件,其中快捷键可通过按住Alt高亮(加下划线)显示。 + +## 设置安装程序语言 + +启动安装后,在进入安装程序主界面之前,系统会提示用户设置安装过程中使用的语言。当前默认为英语,用户可根据实际情况进行调整,如[图5](#zh-cn_topic_0186390093_zh-cn_topic_0122145864_fig144630179151)所示,选择“中文”。 + +**图 5** 选择语言 +![](./figures/selectlanguage.png) + +完成设置后,单击“继续”,进入安装设置主界面。 + +如果您想退出安装,可以单击“退出”并在弹出的“您确定要退出安装程序吗?”对话框中单击“是”重新进入“安装引导界面”。 + +## 进入安装界面 + +系统安装程序正常启动后,会进入[图6](#zh-cn_topic_0186390094_zh-cn_topic_0122145883_fig5969171592212)所示的安装设置主界面。用户可以进行时间、语言、安装源、网络、安装位置等相关设置。 + +部分配置项会有告警符号,用户完成该选项配置后,告警符号消失。当界面上不存在告警符号时,用户才能单击“开始安装”进行系统安装。 + +如果您想退出安装,可以单击“退出”并在弹出的“您确定要退出安装程序吗?”对话框中单击“是”重新进入“安装引导界面”。 + +**图 6** 安装概览 +![](./figures/Installation_Overview.png) + +## 设置键盘 + +在“安装概览”页面中选择“键盘”,用户可以在系统中添加或者删除多个键盘布局。 + +- 要查看键盘布局,请在左侧选框中单击选中该键盘布局,然后单击下面的“键盘”按钮。 +- 要测试键盘布局,请在左侧选框中添加键盘布局,然后在右上角键盘图标处进行点击切换为目标键盘,单击右侧文本框内部,输入文本以确认所选键盘布局可正常工作。 + +**图 7** 键盘布局 +![](./figures/Keyboard_layout.png) + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 设置系统语言 + +在“安装概览”页面中选择“语言支持”,设置系统的语言。如[图8](#zh-cn_topic_0186390098_zh-cn_topic_0122145772_fig187301927172619)所示,用户也可根据实际情况进行调整,选择“中文”。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>若选择“中文”,系统安装完成后,使用VNC登录不支持中文显示,使用串口登录支持中文显示,使用SSH登录时是否支持中文显示与使用的SSH客户端有关。若选择“English”,则无影响。 + + +**图 8** 语言支持 +![](./figures/languagesupport.png) + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 设置时间和日期 + +在“安装概览”页面中选择“时间和日期”,设置系统的时区、日期、时间等。 + +设置时区时,用户可通过鼠标在地图上单击指定的城市,也可以通过页面顶部的“地区”和“城市”下拉菜单中进行选择,如[图9](#zh-cn_topic_0186390096_zh-cn_topic_0122145900_fig1260162652312)所示。 + +如果您所在城市没有出现在地图或下拉菜单中,请选择同一时区中离您最近的城市。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>- 手动设置时区时,请先关闭右上角“网络时间”同步开关。 +>- 如需使用网络时间,请保证网络能连通远程NTP服务器,设置网络具体请参见“[设置网络和主机名](#设置网络和主机名)”。 + +**图 9** 日期和时间 +![](./figures/dateandtime.png) + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 设置安装源 + +在“安装概览”页面中选择“安装源”,指定安装源的位置。 + +* 当使用完整光盘安装,安装程序会自动探测并显示安装源信息,用户直接使用默认配置即可,不需要进行设置,如[图10](#zh-cn_topic_0186390100_zh-cn_topic_0144427079_fig93633295132)所示。 + + **图 10** 安装源 + ![](./figures/Installation_source.png) + +* 当使用网络源进行安装的时候,需设置网络源的 URL。 + + - http 或 https 方式 + + http 或 https 方式的安装源如下图所示。 + + ![](./figures/installsource.png) + + 如果https服务器使用的是私有证书,则需要在安装引导界面按“e”进入已选选项的参数编辑界面,在参数中增加 inst.noverifyssl 参数。 + + 输入框内容以实际版本发布的安装源地址为准,如https://repo.openeuler.org/openEuler-20.03-LTS-SP1/OS/x86_64/ ,其中openEuler-20.03-LTS-SP1 为版本号,x86_64 为CPU 架构,可根据实际情况输入。 + + - ftp 方式 + + ftp 方式的安装源如下图所示,输入框内容根据的 ftp 地址输入。 + + ![](./figures/sourceftp.png) + + ftp服务器需要用户自己搭建,将openEuler-20.03-LTS-SP1-x86_64-dvd.iso镜像进行挂载,挂载出的文件拷贝到ftp的共享目录中。其中x86_64为CPU 架构,可根据实际情况使用镜像。 + + - nfs 方式 + + nfs 方式的安装源如下图所示,输入框内容根据的 nfs 地址输入。 + + ![](./figures/sourcenfs.png) + + nfs服务器需要用户自己搭建,将openEuler-20.03-LTS-SP1-x86_64-dvd.iso镜像进行挂载,挂载出的文件拷贝到nfs的共享目录中。其中x86_64为CPU 架构,可根据实际情况使用镜像。 + + +安装过程中,如果“设置安装源”有疑问,可参考“[选择安装源出现异常](./FAQ.html#选择安装源出现异常)”。 + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 选择安装软件 + +在“安装概览”页面中选择“软件选择”,指定需要安装的软件包。 + +用户需要根据实际的业务需求,在左侧选择一个“最小安装”,在右侧选择安装环境的附加选项,如[图12](#zh-cn_topic_0186390261_zh-cn_topic_0122145865_fig03031519101414)所示。 + +**图 12** 软件选择 +![](./figures/choosesoftware.png) + +>![](./public_sys-resources/icon-note.gif) **说明:** +>- 在最小安装的环境下,并非安装源中所有的包都会安装。如果用户需要使用的包未安装,可将安装源挂载到本地制作repo源,通过DNF工具单独安装。 +>- 选择“虚拟化主机”时会默认安装虚拟化组件qemu、libvirt、edk2,且可在附件选项处选择是否安装ovs等组件。 + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 设置安装目的地 + +在“安装概览”页面中选择“安装目的地”,设置操作系统的安装磁盘及分区。 + +在[图13](#fig1195417125015)所示的页面中您可以看到计算机中的本地可用存储设备。 + + +**图 13** 安装目标位置 +![](./figures/Target_installation_position.png) + +### 存储配置 + +在“安装目标位置”界面,您需要进行存储配置以便对系统分区。您可以手动配置分区,也可以选择让安装程序自动分区。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>- 在进行分区时,出于系统性能和安全的考虑,建议您划分如下单独分区:/boot、/var、/var/log 、/var/log/audit、/home、/tmp。 +>- 系统如果配置了swap分区,当系统的物理内存不够用时,会使用swap分区。虽然 swap分区可以增大物理内存大小的限制,但是如果由于内存不足使用到swap分区,会增加系统的响应时间,性能变差。因此在物理内存充足或者性能敏感的系统中,不建议配置swap分区。 +>- 如果需要拆分逻辑卷组则需要选择“自定义”进行手动分区,并在“手动分区”界面单击“卷组”区域中的“修改”按钮重新配置卷组。 + +**自动** + +如果是在未使用过的存储设备中执行全新安装,或者不需要保留该存储设备中任何数据,建议选择“自动”进行自动分区。设置完成后,请单击“完成”返回“安装概览”页面。 + +**自定义** + +若用户需进行手动分区,选择“自定义”按钮,并单击左上角“完成”,出现手动分区界面。 + +在“手动分区”界面可以通过如下两种方式进行分区,分区完成后如[图14](#fig1277151815248)所示。 + +- 自动创建:在界面单击“点击这里自动创建它们”,系统会根据可用的存储空间,自动分出4个挂载点:/boot 、/、/boot/efi、swap。 + +- 手动创建:单击“![](./figures/zh-cn_image_0229291243.png)”添加新挂载点,建议每个挂载点的期望容量不超过可用空间。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >若设置的挂载点期望容量超过了可用空间,系统将剩余的可用空间全部分配给该挂载点。 + +**图 14** 手动分区 +![](./figures/Manual_partitioning.png) + +设置完成后,请单击左上角”完成“按钮,弹出“更改摘要”对话框,提示更改产生的变更信息。 + +点击“接受更改”,返回“安装概览”页面。 + +## 设置网络和主机名 + +在“安装概览”页面中选择“网络和主机名”,设置系统的网络功能。 + +安装程序会自动探测可本地访问的接口。探测到的接口列在左侧方框中,右侧显示相应的接口详情,如[图15](#zh-cn_topic_0186390264_zh-cn_topic_0122145831_fig123700157297)所示。用户可以通过页面右上角的开关,来开启或者关闭网络接口。用户还可以单击“配置”以配置选中的接口。 + +用户可在页面下方“主机名”字段输入主机名。主机名可以是完全限定域名(FQDN),其格式为hostname.domainname;也可以是简要主机名,其格式为hostname。 + +**图 15** 网络和主机名 +![](./figures/NetworkandHostName.png) + +设置完成后,请单击左上角“完成”返回“安装概览”页面。 + +## 设置根密码 + +在“安装概览”页面中选择“根密码”,弹出设置“ROOT密码”界面,如[图16](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018)所示,根据[密码复杂度](#密码复杂度)输入密码并再次输入密码进行确认。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- root帐户是用来执行关键系统管理任务,不建议您在日常工作及系统访问时使用root帐户。 +> +>- 在“ROOT密码”界面若选择“锁定root帐户”则root帐户将禁用。 + +**图 16** root密码 +![](./figures/root_password.png) + +### 密码复杂度 + +用户设置的root用户密码或新创建用户的密码均需要满足密码复杂度要求,否则会导致密码设置或用户创建失败。设置密码的复杂度的要求如下: + +1. 口令长度至少8个字符。 +2. 口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种。 +3. 口令不能和账号一样。 +4. 口令不能使用字典词汇。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + >在已装好的openEuler环境中,可以通过`cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt`命令导出字典库文件dictionary.txt,用户可以查询密码是否在该字典中。 + +完成设置后,单击左上角的“完成”返回“安装概览”页面。 + +## 创建用户 + +在“安装概览”页面中选择“创建用户”,弹出“创建用户”的界面如[图17](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319)所示。输入用户名,并设置密码。另外您还可以通过“高级”选项设置用户主目录、用户组等,如[图18](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig128716531312)所示。 + +**图 17** 创建用户 +![](./figures/createuser.png) + +**图 18** 高级用户配置 +![](./figures/Advanced_User_Configuration.png) + +完成设置后,单击左上角的“完成”返回“安装概览”页面。 + + +## 开始安装 + +在安装界面上完成所有必填选项的配置后,界面上的警告会消失。此时,用户可以单击“开始安装”进行系统安装。 + +## 安装过程 + +开始安装后会出现进度页面,显示安装进度及所选软件包写入系统的进度,如[图19](./zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1590863119306)所示。 + +>![](./figures/zh-cn_image_0229291229.png) +>若系统安装过程中,单击“退出”,或复位、下电服务器,则安装过程被中断,系统将不可用,需要重新进行安装。 + +**图 19** 安装过程 +![](./figures/Installation_Procedure.png) + + +## 安装完成 + +安装过程执行完成后,openEuler完成安装,单击“重启”后,系统将重新启动。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +> - 如果当前使用物理光盘安装操作系统,且在重启过程中安装光盘没有自动弹出,请手动取出光盘,则可以直接进入openEuler命令行登录界面。 +> - 如果当前使用虚拟光驱安装操作系统,则需要修改服务器的启动项为“硬盘”,然后重启服务器,则可以直接进入openEuler命令行登录界面。 + diff --git "a/content/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215-1.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215-1.md" similarity index 71% rename from "content/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215-1.md" rename to "docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215-1.md" index 65fffe05b708b975c7396619ec86397ca8964f73..d50757eada6cd7b13264dc175576c0cea1ad7ff7 100644 --- "a/content/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215-1.md" +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215-1.md" @@ -1,9 +1,9 @@ # 安装方式介绍 ->![](public_sys-resources/icon-notice.gif) **须知:** +>![](./public_sys-resources/icon-notice.gif) **须知:** >- 硬件仅支持树莓派 3B/3B+/4B。 >- 采用刷写镜像到 SD 卡方式安装。本章节提供 Windows/Linux/Mac 上刷写镜像的操作方法。 ->- 本章节使用的镜像是参考“[安装准备](安装准备-1.html)”获取 openEuler 的树莓派版本镜像。 +>- 本章节使用的镜像是参考“[安装准备](./安装准备-1.html)”获取 openEuler 的树莓派版本镜像。 @@ -35,10 +35,7 @@ 若 SD 卡之前未安装过镜像,盘符只有一个。在 “Select card” 中选择需要格式化的 SD 卡对应盘符。 - 若 SD 卡之前安装过镜像,盘符会有一个或多个。如下图所示,该 SD 卡对应三个盘符:E、G、H。在 “Select card” 中选择需要格式化的 SD 卡对应 boot 分区盘符 E。 - - **图 1** 盘符 - ![](figures/盘符.png "盘符") + 若 SD 卡之前安装过镜像,盘符会有一个或多个。例如,SD 卡对应三个盘符:E、G、H。在 “Select card” 中选择需要格式化的 SD 卡对应 boot 分区盘符 E。 3. 在 “Formatting options” 中选择格式化方式。默认为 “Qick format”。 4. 单击“Format”开始格式化。界面通过进度条显示格式化进度。 @@ -46,10 +43,10 @@ ### 写入 SD 卡 ->![](public_sys-resources/icon-notice.gif) **须知:** ->如果获取的是压缩后的镜像文件“openEuler-20.09-RaspberryPi.aarch64.img.xz”,需要先将压缩文件解压得到 “openEuler-20.09-RaspberryPi.aarch64.img”镜像文件。 +>![](./public_sys-resources/icon-notice.gif) **须知:** +>如果获取的是压缩后的镜像文件“openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz”,需要先将压缩文件解压得到 “openEuler-20.03-LTS-SP1-raspi-aarch64.img”镜像文件。 -请按照以下步骤将“openEuler-20.09-RaspberryPi.aarch64.img”镜像文件写入 SD 卡: +请按照以下步骤将“openEuler-20.03-LTS-SP1-raspi-aarch64.img”镜像文件写入 SD 卡: 1. 下载并安装刷写镜像的工具,以下操作以 Win32 Disk Imager 工具为例。 2. 右键选择“以管理员身份运行”,打开 Win32 Disk Imager。 @@ -77,12 +74,12 @@ ### 写入 SD 卡 -1. 如果获取的是压缩后的镜像,需要先执行 `xz -d openEuler-20.09-RaspberryPi.aarch64.img.xz` 命令将压缩文件解压得到“openEuler-20.09-RaspberryPi.aarch64.img”镜像文件;否则,跳过该步骤。 -2. 将镜像 `openEuler-20.09-RaspberryPi.aarch64.img` 刷写入 SD 卡,在 root 权限下执行以下命令: +1. 如果获取的是压缩后的镜像,需要先执行 `xz -d openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz` 命令将压缩文件解压得到“openEuler-20.03-LTS-SP1-raspi-aarch64.img”镜像文件;否则,跳过该步骤。 +2. 将镜像 `openEuler-20.03-LTS-SP1-raspi-aarch64.img` 刷写入 SD 卡,在 root 权限下执行以下命令: - `dd bs=4M if=openEuler-20.09-RaspberryPi.aarch64.img of=/dev/sdb` + `dd bs=4M if=openEuler-20.03-LTS-SP1-raspi-aarch64.img of=/dev/sdb` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >一般情况下,将块大小设置为 4M。如果写入失败或者写入的镜像无法使用,可以尝试将块大小设置为 1M 重新写入,但是设置为 1M 比较耗时。 ## Mac 下刷写镜像 @@ -104,10 +101,10 @@ ### 写入 SD 卡 -1. 如果获取的是压缩后的镜像,需要先执行 `xz -d openEuler-20.09-RaspberryPi.aarch64.img.xz` 命令将压缩文件解压得到“openEuler-20.09-RaspberryPi.aarch64.img”镜像文件;否则,跳过该步骤。 -2. 将镜像 `openEuler-20.09-RaspberryPi.aarch64.img` 刷入 SD 卡,在 root 权限下执行以下命令: +1. 如果获取的是压缩后的镜像,需要先执行 `xz -d openEuler-20.03-LTS-SP1-raspi-aarch64.img.xz` 命令将压缩文件解压得到“openEuler-20.03-LTS-SP1-raspi-aarch64.img”镜像文件;否则,跳过该步骤。 +2. 将镜像 `openEuler-20.03-LTS-SP1-raspi-aarch64.img` 刷入 SD 卡,在 root 权限下执行以下命令: - `dd bs=4m if=openEuler-20.09-RaspberryPi.aarch64.img of=/dev/sdb` + `dd bs=4m if=openEuler-20.03-LTS-SP1-raspi-aarch64.img of=/dev/sdb` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >一般情况下,将块大小设置为 4m。如果写入失败或者写入的镜像无法使用,可以尝试将块大小设置为 1m 重新写入,但是设置为 1m 比较耗时。 diff --git "a/content/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" similarity index 85% rename from "content/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" rename to "docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" index d8d0dfc4ac471a4c83255ba38e7eacc1d417cbdc..dc5931eaa0e92bbd3a0300d98ae0674631aedb9d 100644 --- "a/content/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" +++ "b/docs/zh/docs/Installation/\345\256\211\350\243\205\346\226\271\345\274\217\344\273\213\347\273\215.md" @@ -1,209 +1,209 @@ -# 安装方式介绍 - ->![](public_sys-resources/icon-notice.gif) **须知:** ->- 硬件服务器仅支持Taishan 200服务器和FusionServer Pro 机架服务器,具体支持的服务器型号可参考“[硬件兼容支持](安装准备.html#硬件兼容支持)”;虚拟化平台仅支持openEuler自有的虚拟化组件(HostOS为openEuler,虚拟化组件为发布包中的qemu、KVM)创建的虚拟化平台和华为公有云的x86虚拟化平台。 ->- 安装方式当前仅支持光盘、USB盘安装、网络安装、qcow2镜像安装和私有镜像安装。其中仅华为公有云的x86虚拟化平台支持私有镜像安装。 - - -- [安装方式介绍](#安装方式介绍) - - [通过光盘安装](#通过光盘安装) - - [准备安装源](#准备安装源) - - [启动安装](#启动安装) - - [通过USB盘安装](#通过usb盘安装) - - [准备安装源](#准备安装源-1) - - [启动安装](#启动安装-1) - - [使用PXE通过网络安装](#使用pxe通过网络安装) - - [通过qcow2镜像安装](#通过qcow2镜像安装) - - [制作qcow2镜像](#制作qcow2镜像) - - [启动安装](#启动安装-2) - - [通过私有镜像安装](#通过私有镜像安装) - - [制作私有镜像](#制作私有镜像) - - [启动安装](#启动安装-3) - - - -## 通过光盘安装 - -本节介绍如何使用或者制作光盘安装源,并介绍相应的操作步骤,指导用户进行安装。 - -### 准备安装源 - -如果您获取的是系统安装光盘,那么可以直接使用光盘安装系统。如果您获取的是系统ISO镜像,可以通过刻录软件将系统的ISO镜像刻录到DVD中,使用刻录完成的DVD安装系统。 - -### 启动安装 - -根据以下步骤启动安装程序: - ->![](public_sys-resources/icon-note.gif) **说明:** ->您需要先设置您的系统优先从光盘进行启动引导。以BIOS为例,您需要将“Boot Type Order”中的“CD/DVD-ROM Drive”选项调整到首位。 - -1. 断开所有安装不需要的驱动器,比如USB。 -2. 启动您的计算机系统。 -3. 在计算机中插入安装光盘。 -4. 重启计算机系统。 - -在短暂的延迟后会出现图形化引导界面,该界面包含不同引导选项。如果您在一分钟内未进行任何操作,安装程序将自动以默认选项开始运行。 - -## 通过USB盘安装 - -本节介绍如何制作USB盘安装源,并介绍基本的操作步骤,指导用户进行安装。 - -### 准备安装源 - -您需要注意USB盘容量的大小,它必须有足够的的空间放下整个镜像,建议USB盘空间大于16G。 - -1. 将USB盘连接到该系统中,并执行 dmesg 命令查看相关的日志信息。在该日志的最后可以看到刚刚连接的USB盘所生成的一组信息,应类似如下: - - ``` - [ 170.171135] sd 5:0:0:0: [sdb] Attached SCSI removable disk - ``` - - >![](public_sys-resources/icon-note.gif) **说明:** - >连接的USB盘名称以sdb进行举例。 - -2. 切换为root用户。使用su命令,需要输入相应的密码。 - - ``` - $ su - root - ``` - -3. 确保USB盘没有被挂载。使用如下命令进行查询: - - ``` - # findmnt /dev/sdb - ``` - - - 如果执行此命令后无输出,表明未挂载,可以继续执行下一步。 - - - 如果输出以下信息,表明USB盘已经自动挂载。 - - ``` - # findmnt /dev/sdb - TARGET SOURCE FSTYPE OPTIONS - /mnt/iso /dev/sdb iso9660 ro,relatime - ``` - - 此时,您需要使用umount命令卸载该设备。 - - ``` - # umount /mnt/iso - ``` - -4. 使用dd命令将ISO安装镜像直接写入USB盘: - - ``` - # dd if=/path/to/image.iso of=/dev/device bs=blocksize - ``` - - 使用您下载的ISO镜像文件的完整路径替换 /path/to/image.iso,使用之前由 dmesg 命令给出的设备名称替换device,同时设置合理的块大小(例如:512k)替换 blocksize,这样可以加快写入进度。 - - 例如:如果该ISO镜像文件位于 /home/testuser/Downloads/openEuler-20.09-beta-aarch64-dvd.iso,同时探测到的设备名称为sdb,则该命令如下: - - ``` - # dd if=/home/testuser/Downloads/openEuler-20.09-beta-aarch64-dvd.iso of=/dev/sdb bs=512k - ``` - -5. 等待镜像写入完成,拔掉USB盘。 - - 镜像写入过程中不会有进度显示,当\#号再次出现时,表明写入完成。退出root账户,拔掉USB盘。此时,您可以使用该USB盘作为系统的安装源。 - - -### 启动安装 - -请根据以下步骤启动安装程序: - ->![](public_sys-resources/icon-note.gif) **说明:** ->您需要先设置您的系统优先从USB进行启动引导。以BIOS为例,您需要将“Boot Type Order”中的USB选项调整到首位。 - -1. 断开所有安装不需要的驱动器。 -2. 打开您的计算机系统。 -3. 在计算机中插入USB盘。 -4. 重启计算机系统。 - -在短暂的延迟后会出现图形化引导页面,该页面包含不同引导选项。如果您在一分钟内未进行任何操作,安装程序将自动开始安装。 - -## 使用PXE通过网络安装 - -要使用 PXE 引导,您需要正确配置服务器以及您的计算机需支持 PXE 的网络接口。 - -如果目标硬件安装有支持PXE的网络接口卡,我们可以配置它从其他网络系统的文件而不是本地介质(如光盘)来引导计算机并执行Anaconda安装程序。 - -对于PXE网络安装,客户机通过支持PXE的网卡,向网络发送请求DHCP信息的广播,请求IP地址等信息。DHCP服务器给客户机提供一个IP地址和其他网络信息如域名服务器、ftp服务器(它提供启动安装程序所必须的文件)的IP地址或主机名,以及服务器上文件的位置。 - ->![](public_sys-resources/icon-note.gif) **说明:** ->此处不详细讨论tftp、DHCP、http等服务器配置,相关详细配置请参考“[全自动化安装指导](使用kickstart自动化安装.html#全自动化安装指导)”。 - -## 通过qcow2镜像安装 - -本节介绍如何使用或者制作qcow2镜像,并介绍相应的操作步骤,指导用户进行安装。 - -### 制作qcow2镜像 - -1. 安装qemu-img软件包。 - - ``` - # dnf install -y qemu-img - ``` - -2. 使用qemu-img工具的create命令,创建镜像文件,命令格式为: - - ``` - $ qemu-img create -f -o - ``` - - 其中,各参数含义如下: - - - _imgFormat_ :镜像格式,取值为raw, qcow2等。 - - _fileOption_ :文件选项,用于设置镜像文件的特性,如指定后端镜像文件,压缩,加密等特性。 - - _fileName_ :文件名称。 - - _diskSize_ :磁盘大小,用于指定块磁盘设备的大小,支持的单位有K、M、G、T,分别代表KiB、MiB、GiB、TiB。 - - 例如,创建一个磁盘设备大小为32GB、格式为qcow2的镜像文件openEuler-imge.qcow2,命令和回显如下: - - ``` - $ qemu-img create -f qcow2 openEuler-image.qcow2 32G - Formatting 'openEuler-image.qcow2', fmt=qcow2 size=34359738368 cluster_size=65536 lazy_refcounts=off refcount_bits=16 - ``` - - -### 启动安装 - -根据以下步骤启动安装程序: - -1. 准备qcow2镜像文件。 -2. 准备虚拟机网络。 -3. 准备UEFI引导工具集EDK II。 -4. 准备虚拟机XML配置文件。 -5. 创建虚拟机。 -6. 启动虚拟机。 - -各步骤详细的操作请参考《[openEuler 20.09 beta 虚拟化用户指南](../Virtualization/virtualization.html)》。 - -## 通过私有镜像安装 - -本节介绍如何使用或者制作私有镜像,并介绍相应的操作步骤,指导用户进行安装。 - -### 制作私有镜像 - -制作私有镜像的方法请参见[《镜像服务用户指南》](https://support.huaweicloud.com/usermanual-ims/zh-cn_topic_0013901628.html)。 - -### 启动安装 - -华为公有云的x86虚拟化平台的启动请参见[ 弹性云服务器 ECS的用户指南](https://support.huaweicloud.com/wtsnew-ecs/index.html)。 - - - - - - - - - - - - - - - - - +# 安装方式介绍 + +>![](./public_sys-resources/icon-notice.gif) **须知:** +>- 硬件服务器仅支持Taishan 200服务器和FusionServer Pro 机架服务器,具体支持的服务器型号可参考“[硬件兼容支持](./安装准备.html#硬件兼容支持)”;虚拟化平台仅支持openEuler自有的虚拟化组件(HostOS为openEuler,虚拟化组件为发布包中的qemu、KVM)创建的虚拟化平台和华为公有云的x86虚拟化平台。 +>- 安装方式当前仅支持光盘、USB盘安装、网络安装、qcow2镜像安装和私有镜像安装。其中仅华为公有云的x86虚拟化平台支持私有镜像安装。 + + +- [安装方式介绍](#安装方式介绍) + - [通过光盘安装](#通过光盘安装) + - [准备安装源](#准备安装源) + - [启动安装](#启动安装) + - [通过USB盘安装](#通过usb盘安装) + - [准备安装源](#准备安装源-1) + - [启动安装](#启动安装-1) + - [使用PXE通过网络安装](#使用pxe通过网络安装) + - [通过qcow2镜像安装](#通过qcow2镜像安装) + - [制作qcow2镜像](#制作qcow2镜像) + - [启动安装](#启动安装-2) + - [通过私有镜像安装](#通过私有镜像安装) + - [制作私有镜像](#制作私有镜像) + - [启动安装](#启动安装-3) + + + +## 通过光盘安装 + +本节介绍如何使用或者制作光盘安装源,并介绍相应的操作步骤,指导用户进行安装。 + +### 准备安装源 + +如果您获取的是系统安装光盘,那么可以直接使用光盘安装系统。如果您获取的是系统ISO镜像,可以通过刻录软件将系统的ISO镜像刻录到DVD中,使用刻录完成的DVD安装系统。 + +### 启动安装 + +根据以下步骤启动安装程序: + +>![](./public_sys-resources/icon-note.gif) **说明:** +>您需要先设置您的系统优先从光盘进行启动引导。以BIOS为例,您需要将“Boot Type Order”中的“CD/DVD-ROM Drive”选项调整到首位。 + +1. 断开所有安装不需要的驱动器,比如USB。 +2. 启动您的计算机系统。 +3. 在计算机中插入安装光盘。 +4. 重启计算机系统。 + +在短暂的延迟后会出现图形化引导界面,该界面包含不同引导选项。如果您在一分钟内未进行任何操作,安装程序将自动以默认选项开始运行。 + +## 通过USB盘安装 + +本节介绍如何制作USB盘安装源,并介绍基本的操作步骤,指导用户进行安装。 + +### 准备安装源 + +您需要注意USB盘容量的大小,它必须有足够的的空间放下整个镜像,建议USB盘空间大于16G。 + +1. 将USB盘连接到该系统中,并执行 dmesg 命令查看相关的日志信息。在该日志的最后可以看到刚刚连接的USB盘所生成的一组信息,应类似如下: + + ``` + [ 170.171135] sd 5:0:0:0: [sdb] Attached SCSI removable disk + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >连接的USB盘名称以sdb进行举例。 + +2. 切换为root用户。使用su命令,需要输入相应的密码。 + + ``` + $ su - root + ``` + +3. 确保USB盘没有被挂载。使用如下命令进行查询: + + ``` + # findmnt /dev/sdb + ``` + + - 如果执行此命令后无输出,表明未挂载,可以继续执行下一步。 + + - 如果输出以下信息,表明USB盘已经自动挂载。 + + ``` + # findmnt /dev/sdb + TARGET SOURCE FSTYPE OPTIONS + /mnt/iso /dev/sdb iso9660 ro,relatime + ``` + + 此时,您需要使用umount命令卸载该设备。 + + ``` + # umount /mnt/iso + ``` + +4. 使用dd命令将ISO安装镜像直接写入USB盘: + + ``` + # dd if=/path/to/image.iso of=/dev/device bs=blocksize + ``` + + 使用您下载的ISO镜像文件的完整路径替换 /path/to/image.iso,使用之前由 dmesg 命令给出的设备名称替换device,同时设置合理的块大小(例如:512k)替换 blocksize,这样可以加快写入进度。 + + 例如:如果该ISO镜像文件位于 /home/testuser/Downloads/openEuler-20.03-LTS-SP1-aarch64-dvd.iso,同时探测到的设备名称为sdb,则该命令如下: + + ``` + # dd if=/home/testuser/Downloads/openEuler-20.03-LTS-SP1-aarch64-dvd.iso of=/dev/sdb bs=512k + ``` + +5. 等待镜像写入完成,拔掉USB盘。 + + 镜像写入过程中不会有进度显示,当\#号再次出现时,表明写入完成。退出root账户,拔掉USB盘。此时,您可以使用该USB盘作为系统的安装源。 + + +### 启动安装 + +请根据以下步骤启动安装程序: + +>![](./public_sys-resources/icon-note.gif) **说明:** +>您需要先设置您的系统优先从USB进行启动引导。以BIOS为例,您需要将“Boot Type Order”中的USB选项调整到首位。 + +1. 断开所有安装不需要的驱动器。 +2. 打开您的计算机系统。 +3. 在计算机中插入USB盘。 +4. 重启计算机系统。 + +在短暂的延迟后会出现图形化引导页面,该页面包含不同引导选项。如果您在一分钟内未进行任何操作,安装程序将自动开始安装。 + +## 使用PXE通过网络安装 + +要使用 PXE 引导,您需要正确配置服务器以及您的计算机需支持 PXE 的网络接口。 + +如果目标硬件安装有支持PXE的网络接口卡,我们可以配置它从其他网络系统的文件而不是本地介质(如光盘)来引导计算机并执行Anaconda安装程序。 + +对于PXE网络安装,客户机通过支持PXE的网卡,向网络发送请求DHCP信息的广播,请求IP地址等信息。DHCP服务器给客户机提供一个IP地址和其他网络信息如域名服务器、ftp服务器(它提供启动安装程序所必须的文件)的IP地址或主机名,以及服务器上文件的位置。 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>此处不详细讨论tftp、DHCP、http等服务器配置,相关详细配置请参考“[全自动化安装指导](./使用kickstart自动化安装.html#全自动化安装指导)”。 + +## 通过qcow2镜像安装 + +本节介绍如何使用或者制作qcow2镜像,并介绍相应的操作步骤,指导用户进行安装。 + +### 制作qcow2镜像 + +1. 安装qemu-img软件包。 + + ``` + # dnf install -y qemu-img + ``` + +2. 使用qemu-img工具的create命令,创建镜像文件,命令格式为: + + ``` + $ qemu-img create -f -o + ``` + + 其中,各参数含义如下: + + - _imgFormat_ :镜像格式,取值为raw, qcow2等。 + - _fileOption_ :文件选项,用于设置镜像文件的特性,如指定后端镜像文件,压缩,加密等特性。 + - _fileName_ :文件名称。 + - _diskSize_ :磁盘大小,用于指定块磁盘设备的大小,支持的单位有K、M、G、T,分别代表KiB、MiB、GiB、TiB。 + + 例如,创建一个磁盘设备大小为32GB、格式为qcow2的镜像文件openEuler-imge.qcow2,命令和回显如下: + + ``` + $ qemu-img create -f qcow2 openEuler-image.qcow2 32G + Formatting 'openEuler-image.qcow2', fmt=qcow2 size=34359738368 cluster_size=65536 lazy_refcounts=off refcount_bits=16 + ``` + + +### 启动安装 + +根据以下步骤启动安装程序: + +1. 准备qcow2镜像文件。 +2. 准备虚拟机网络。 +3. 准备UEFI引导工具集EDK II。 +4. 准备虚拟机XML配置文件。 +5. 创建虚拟机。 +6. 启动虚拟机。 + +各步骤详细的操作请参考《[openEuler 20.03 LTS SP1 虚拟化用户指南](./../Virtualization/virtualization.html)》。 + +## 通过私有镜像安装 + +本节介绍如何使用或者制作私有镜像,并介绍相应的操作步骤,指导用户进行安装。 + +### 制作私有镜像 + +制作私有镜像的方法请参见[《镜像服务用户指南》](https://support.huaweicloud.com/usermanual-ims/zh-cn_topic_0013901628.html)。 + +### 启动安装 + +华为公有云的x86虚拟化平台的启动请参见[ 弹性云服务器 ECS的用户指南](https://support.huaweicloud.com/wtsnew-ecs/index.html)。 + + + + + + + + + + + + + + + + + diff --git "a/content/zh/docs/Installation/\346\233\264\345\244\232\350\265\204\346\272\220.md" "b/docs/zh/docs/Installation/\346\233\264\345\244\232\350\265\204\346\272\220.md" similarity index 100% rename from "content/zh/docs/Installation/\346\233\264\345\244\232\350\265\204\346\272\220.md" rename to "docs/zh/docs/Installation/\346\233\264\345\244\232\350\265\204\346\272\220.md" diff --git a/themes/project/layouts/partials/docs/inject/menu-after.html b/docs/zh/docs/Quickstart/figures/.keep similarity index 100% rename from themes/project/layouts/partials/docs/inject/menu-after.html rename to docs/zh/docs/Quickstart/figures/.keep diff --git a/docs/zh/docs/Quickstart/figures/Advanced_User_Configuration.png b/docs/zh/docs/Quickstart/figures/Advanced_User_Configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..86a61bef60a456061aa90cbca533bcb174b15450 Binary files /dev/null and b/docs/zh/docs/Quickstart/figures/Advanced_User_Configuration.png differ diff --git "a/content/zh/docs/Quickstart/figures/\345\205\211\351\251\261\345\233\276\346\240\207.png" b/docs/zh/docs/Quickstart/figures/CD-ROM_drive_icon.png similarity index 100% rename from "content/zh/docs/Quickstart/figures/\345\205\211\351\251\261\345\233\276\346\240\207.png" rename to docs/zh/docs/Quickstart/figures/CD-ROM_drive_icon.png diff --git "a/content/zh/docs/Quickstart/figures/\351\225\234\345\203\217\345\257\271\350\257\235\346\241\206.png" b/docs/zh/docs/Quickstart/figures/Image_dialog_box.png similarity index 100% rename from "content/zh/docs/Quickstart/figures/\351\225\234\345\203\217\345\257\271\350\257\235\346\241\206.png" rename to docs/zh/docs/Quickstart/figures/Image_dialog_box.png diff --git a/docs/zh/docs/Quickstart/figures/Installation_Overview.png b/docs/zh/docs/Quickstart/figures/Installation_Overview.png new file mode 100644 index 0000000000000000000000000000000000000000..d6746719c2de8c1beff36e969219ea837a676270 Binary files /dev/null and b/docs/zh/docs/Quickstart/figures/Installation_Overview.png differ diff --git a/docs/zh/docs/Quickstart/figures/Installation_Procedure.png b/docs/zh/docs/Quickstart/figures/Installation_Procedure.png new file mode 100644 index 0000000000000000000000000000000000000000..594d9d878a58ba0ffb9d62f648c980f853429b6c Binary files /dev/null and b/docs/zh/docs/Quickstart/figures/Installation_Procedure.png differ diff --git a/docs/zh/docs/Quickstart/figures/Installation_wizard.png b/docs/zh/docs/Quickstart/figures/Installation_wizard.png new file mode 100644 index 0000000000000000000000000000000000000000..8e64b70503f21ac80034e8825f9cb0cd60965d32 Binary files /dev/null and b/docs/zh/docs/Quickstart/figures/Installation_wizard.png differ diff --git "a/content/zh/docs/Quickstart/figures/\350\256\276\347\275\256\347\263\273\347\273\237\345\220\257\345\212\250\351\241\271.png" b/docs/zh/docs/Quickstart/figures/Setting_the_System_Boot_Option.png similarity index 100% rename from "content/zh/docs/Quickstart/figures/\350\256\276\347\275\256\347\263\273\347\273\237\345\220\257\345\212\250\351\241\271.png" rename to docs/zh/docs/Quickstart/figures/Setting_the_System_Boot_Option.png diff --git a/docs/zh/docs/Quickstart/figures/Target_installation_position.png b/docs/zh/docs/Quickstart/figures/Target_installation_position.png new file mode 100644 index 0000000000000000000000000000000000000000..76e1585299fdc7335992f4552d09304ef9246177 Binary files /dev/null and b/docs/zh/docs/Quickstart/figures/Target_installation_position.png differ diff --git a/docs/zh/docs/Quickstart/figures/choosesoftware.png b/docs/zh/docs/Quickstart/figures/choosesoftware.png new file mode 100644 index 0000000000000000000000000000000000000000..9c410aa6292acabd2520b0d519ed8574c41b9c82 Binary files /dev/null and b/docs/zh/docs/Quickstart/figures/choosesoftware.png differ diff --git a/docs/zh/docs/Quickstart/figures/completeinstall.png b/docs/zh/docs/Quickstart/figures/completeinstall.png new file mode 100644 index 0000000000000000000000000000000000000000..91d38b80cf2310a7427788feb089da8d106b97b5 Binary files /dev/null and b/docs/zh/docs/Quickstart/figures/completeinstall.png differ diff --git a/docs/zh/docs/Quickstart/figures/createuser.png b/docs/zh/docs/Quickstart/figures/createuser.png new file mode 100644 index 0000000000000000000000000000000000000000..a5cfa3fe2897bf1047e5c0ad3bfd5f6afe9850da Binary files /dev/null and b/docs/zh/docs/Quickstart/figures/createuser.png differ diff --git "a/content/zh/docs/Quickstart/figures/\351\207\215\345\220\257\345\233\276\346\240\207.png" b/docs/zh/docs/Quickstart/figures/restarticon.png similarity index 100% rename from "content/zh/docs/Quickstart/figures/\351\207\215\345\220\257\345\233\276\346\240\207.png" rename to docs/zh/docs/Quickstart/figures/restarticon.png diff --git a/docs/zh/docs/Quickstart/figures/root_password.png b/docs/zh/docs/Quickstart/figures/root_password.png new file mode 100644 index 0000000000000000000000000000000000000000..ca40df8b04ac21f8ffcc8a99653832526b69340d Binary files /dev/null and b/docs/zh/docs/Quickstart/figures/root_password.png differ diff --git a/docs/zh/docs/Quickstart/figures/selectlanguage.png b/docs/zh/docs/Quickstart/figures/selectlanguage.png new file mode 100644 index 0000000000000000000000000000000000000000..0567fb4f90b6d3a751d0a17211b66d9afa7d71fd Binary files /dev/null and b/docs/zh/docs/Quickstart/figures/selectlanguage.png differ diff --git a/docs/zh/docs/Quickstart/figures/startinstall.png b/docs/zh/docs/Quickstart/figures/startinstall.png new file mode 100644 index 0000000000000000000000000000000000000000..227ec876dc1b0d6cbe6991c1bce1fc0837a344c0 Binary files /dev/null and b/docs/zh/docs/Quickstart/figures/startinstall.png differ diff --git a/content/zh/docs/Quickstart/figures/zh-cn_image_0229420473.png b/docs/zh/docs/Quickstart/figures/zh-cn_image_0229420473.png similarity index 100% rename from content/zh/docs/Quickstart/figures/zh-cn_image_0229420473.png rename to docs/zh/docs/Quickstart/figures/zh-cn_image_0229420473.png diff --git a/content/zh/docs/Releasenotes/public_sys-resources/icon-caution.gif b/docs/zh/docs/Quickstart/public_sys-resources/icon-caution.gif similarity index 100% rename from content/zh/docs/Releasenotes/public_sys-resources/icon-caution.gif rename to docs/zh/docs/Quickstart/public_sys-resources/icon-caution.gif diff --git a/content/zh/docs/Releasenotes/public_sys-resources/icon-danger.gif b/docs/zh/docs/Quickstart/public_sys-resources/icon-danger.gif similarity index 100% rename from content/zh/docs/Releasenotes/public_sys-resources/icon-danger.gif rename to docs/zh/docs/Quickstart/public_sys-resources/icon-danger.gif diff --git a/content/zh/docs/Releasenotes/public_sys-resources/icon-note.gif b/docs/zh/docs/Quickstart/public_sys-resources/icon-note.gif similarity index 100% rename from content/zh/docs/Releasenotes/public_sys-resources/icon-note.gif rename to docs/zh/docs/Quickstart/public_sys-resources/icon-note.gif diff --git a/content/zh/docs/Releasenotes/public_sys-resources/icon-notice.gif b/docs/zh/docs/Quickstart/public_sys-resources/icon-notice.gif similarity index 100% rename from content/zh/docs/Releasenotes/public_sys-resources/icon-notice.gif rename to docs/zh/docs/Quickstart/public_sys-resources/icon-notice.gif diff --git a/content/zh/docs/Releasenotes/public_sys-resources/icon-tip.gif b/docs/zh/docs/Quickstart/public_sys-resources/icon-tip.gif similarity index 100% rename from content/zh/docs/Releasenotes/public_sys-resources/icon-tip.gif rename to docs/zh/docs/Quickstart/public_sys-resources/icon-tip.gif diff --git a/content/zh/docs/Releasenotes/public_sys-resources/icon-warning.gif b/docs/zh/docs/Quickstart/public_sys-resources/icon-warning.gif similarity index 100% rename from content/zh/docs/Releasenotes/public_sys-resources/icon-warning.gif rename to docs/zh/docs/Quickstart/public_sys-resources/icon-warning.gif diff --git a/content/zh/docs/Quickstart/quick-start.md b/docs/zh/docs/Quickstart/quick-start.md similarity index 84% rename from content/zh/docs/Quickstart/quick-start.md rename to docs/zh/docs/Quickstart/quick-start.md index af4f8156b546009cd0357043d216f93d063d4a5b..5392c23c87b950f6a907d190ac6175d359a7000d 100644 --- a/content/zh/docs/Quickstart/quick-start.md +++ b/docs/zh/docs/Quickstart/quick-start.md @@ -1,6 +1,6 @@ # 快速入门 -本文档以TaiShan 200服务器上安装openEuler 20.09 beta为例,旨在指导用户快速地安装和使用openEuler操作系统,更详细的安装要求和安装方法请参考《[openEuler 20.09 beta 安装指南](../Installation/installation.html)》。 +本文档以TaiShan 200服务器上安装openEuler 20.03-LTS-SP1为例,旨在指导用户快速地安装和使用openEuler操作系统,更详细的安装要求和安装方法请参考《[openEuler 20.03-LTS-SP1 安装指南](./../Installation/installation.html)》。 - [快速入门](#快速入门) @@ -87,7 +87,7 @@

硬盘

-

为了获得更好的应用体验,建议不小于120GB)

+

为了获得更好的应用体验,建议不小于120GB

支持IDE、SATA、SAS等接口的硬盘。

@@ -100,13 +100,10 @@ 请按以下步骤获取openEuler的发布包和校验文件: -> ![](public_sys-resources/icon-note.gif) **说明:** -> AArch64架构的发布包支持UEFI模式,x86\_64架构的发布包支持UEFI模式和Legacy模式。 - 1. 登录[openEuler社区](https://openeuler.org)网站。 2. 单击“下载”。 3. 单击“获取ISO:”后面的“Link”,显示版本列表。 -4. 单击“openEuler-20.09-beta”,进入openEuler 20.09 beta版本下载列表。 +4. 单击“openEuler-20.03-LTS-SP1”,进入openEuler 20.03-LTS-SP1版本下载列表。 5. 单击“ISO”,进入ISO下载列表。 - aarch64:AArch64架构的ISO。 - x86\_64:x86\_64架构的ISO。 @@ -115,13 +112,13 @@ 6. 根据实际待安装环境的架构选择需要下载的openEuler的发布包和校验文件。 - 若为AArch64架构。 1. 单击“aarch64”。 - 2. 单击“openEuler-20.09-beta-aarch64-dvd.iso”,将openEuler发布包下载到本地。 - 3. 单击“openEuler-20.09-beta-aarch64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 + 2. 单击“openEuler-20.03-LTS-SP1-aarch64-dvd.iso”,将openEuler发布包下载到本地。 + 3. 单击“openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 - 若为x86\_64架构。 1. 单击“x86\_64”。 - 2. 单击“openEuler-20.09-beta-x86\_64-dvd.iso”,将openEuler发布包下载到本地。 - 3. 单击“openEuler-20.09-beta-x86\_64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 + 2. 单击“openEuler-20.03-LTS-SP1-x86\_64-dvd.iso”,将openEuler发布包下载到本地。 + 3. 单击“openEuler-20.03-LTS-SP1-x86\_64-dvd.iso.sha256sum”,将openEuler校验文件下载到本地。 @@ -132,13 +129,13 @@ 1. 获取校验文件中的校验值。执行命令如下: ``` - $ cat openEuler-20.09-beta-aarch64-dvd.iso.sha256sum + $ cat openEuler-20.03-LTS-SP1-aarch64-dvd.iso.sha256sum ``` 2. 计算文件的sha256校验值。执行命令如下: ``` - $ sha256sum openEuler-20.09-beta-aarch64-dvd.iso + $ sha256sum openEuler-20.03-LTS-SP1-aarch64-dvd.iso ``` 命令执行完成后,输出校验值。 @@ -156,7 +153,7 @@ 将“引导介质有效期”和“引导介质”分别设置为“单次有效”和“光驱”,并单击“保存”以保存配置。如[图1](#fig1011938131018)所示。 **图 1** 设置系统启动项 - ![](figures/设置系统启动项.png "设置系统启动项") + ![](./figures/Setting_the_System_Boot_Option.png) 3. 在上方标题栏中,选择“远程控制”,在左侧导航树中选择“远程控制”,显示“远程控制”界面。 @@ -165,30 +162,30 @@ 4. 在虚拟界面工具栏中,单击虚拟光驱工具如下图所示。 **图 2** 光驱图标 - ![](figures/光驱图标.png "光驱图标") + ![](./figures/CD-ROM_drive_icon.png) 弹出镜像对话框,如下图所示。 **图 3** 镜像对话框 - ![](figures/镜像对话框.png "镜像对话框") + ![](./figures/Image_dialog_box.png) 5. 在镜像对话框中,选择“镜像文件”, 并单击“浏览”。弹出“打开”对话框。 6. 选择镜像文件,单击“打开”。然后在镜像对话框中,单击“连接”。当“连接”显示为“断开”后,表示虚拟光驱已连接到服务器。 7. 在工具栏中,单击重启工具重启设备,如下图所示。 **图 4** 重启图标 - ![](figures/重启图标.png "重启图标") + ![](./figures/restarticon.png) 8. 设备重启后进入到openEuler操作系统安装引导界面,如[图5](#fig1648754873314)所示。 - >![](public_sys-resources/icon-note.gif) **说明:** - >- 如果60秒内未按任何键,系统将从默认选项“Test this media & install openEuler 20.09-beta”自动进入安装界面。 - >- 安装物理机时,如果使用键盘上下键无法选择启动选项,按“Enter”键无响应,可以单击BMC界面上的鼠标控制图标“![](figures/zh-cn_image_0229420473.png)”,设置“键鼠复位”。 + >![](./public_sys-resources/icon-note.gif) **说明:** + >- 如果60秒内未按任何键,系统将从默认选项“Test this media & install openEuler 20.03-LTS-SP1”自动进入安装界面。 + >- 安装物理机时,如果使用键盘上下键无法选择启动选项,按“Enter”键无响应,可以单击BMC界面上的鼠标控制图标“![](./figures/zh-cn_image_0229420473.png)”,设置“键鼠复位”。 **图 5** 安装引导界面 - + ![](./figures/Installation_wizard.png) -9. 在安装引导界面,按“Enter”,进入默认选项“Test this media & install openEuler 20.09-beta”的图形化安装界面。 +9. 在安装引导界面,按“Enter”,进入默认选项“Test this media & install openEuler 20.03-LTS-SP1”的图形化安装界面。 ## 安装 @@ -197,25 +194,25 @@ 1. 设置安装语言,默认为英语,用户可根据实际情况进行调整,如[图6](#fig874344811484)所示,选择“中文”。 **图 6** 选择语言 - + ![](./figures/selectlanguage.png) -2. 在安装概览界面,根据实际情况设置各配置项。 +2. 在安装概览界面,根据实际情况设置各配置项。 - 配置项有告警符号的,表示用户必须完成该选项配置后,告警符号消失,才能进行下一步操作。 - 配置项无告警符号的,表示该配置项已有默认配置。 - 所有配置项均无告警符号时用户才能单击“开始安装”进行系统安装。 **图 7** 安装概览 - + ![](./figures/Installation_Overview.png) 1. 选择“软件选择”,设置“软件选择”配置项。 用户需要根据实际的业务需求,在左侧选择一个“最小安装”,在右侧选择安装环境的附加选项,如[图8](#fig1133717611109)所示。 **图 8** 软件选择 - + ![](./figures/choosesoftware.png) - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >- 在最小安装的环境下,并非安装源中所有的包都会安装。如果用户需要使用的包未安装,可将安装源挂载到本地制作repo源,通过DNF工具单独安装。 >- 选择“虚拟化主机”时会默认安装虚拟化组件qemu、libvirt、edk2,且可在附件选项处选择是否安装ovs等组件。 @@ -225,28 +222,26 @@ 在安装位置页面中,您可以选择计算机中的本地可用存储设备。 - >![](public_sys-resources/icon-notice.gif) **须知:** + >![](./public_sys-resources/icon-notice.gif) **须知:** >在选择您需要安装的设备时,建议不要选择NVMe SSD存储介质作为操作系统的安装磁盘。 您还需要进行存储配置以便对系统分区。您可以手动配置分区,也可以选择让安装程序自动分区。如果是在未使用过的存储设备中执行全新安装,或者不需要保留该存储设备中任何数据,建议选择“自动”进行自动分区。如[图9](#fig153381468101)所示。 - - 若您需要对数据进行加密,若您选择“自动”进行自动分区时,则可以在“安装目标位置”界面选择“加密我的数据”;若您选择“自定义”进行手动分区时,则可以在“手动分区”界面中单击需要加密的挂载点并在“设备类型”区域中选择“加密”。然后单击左上角“完成”,设置磁盘加密口令。磁盘加密口令需要符合密码复杂度,具体请参考[密码复杂度](#密码复杂度)。 **图 9** 安装目标位置 - + ![](./figures/Target_installation_position.png) - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >- 在进行分区时,出于系统性能和安全的考虑,建议您划分如下单独分区:/boot、/var、/var/log 、/var/log/audit、/home、/tmp。 >- 系统如果配置了swap分区,当系统的物理内存不够用时,会使用swap分区。虽然 swap分区可以增大物理内存大小的限制,但是如果由于内存不足使用到swap分区,会增加系统的响应时间,性能变差。因此在物理内存充足或者性能敏感的系统中,不建议配置swap分区。 >- 如果需要拆分逻辑卷组则需要选择“自定义”进行手动分区,并在“手动分区”界面单击“卷组”区域中的“修改”按钮重新配置卷组。 设置完成后,请单击左上角“完成”返回“安装概览”页面。 - + 3. 选择“根密码”,设置“根密码”配置项。 在“ROOT密码”页面中,如[图10](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1323165793018)所示,根据[密码复杂度](#密码复杂度)输入密码并再次输入密码进行确认。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** > >- root帐户是用来执行关键系统管理任务,不建议您在日常工作及系统访问时使用root帐户。 > @@ -264,11 +259,11 @@ 4. 口令不能使用字典词汇。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** > 在已装好的openEuler环境中,可以通过`cracklib-unpacker /usr/share/cracklib/pw_dict > dictionary.txt`命令导出字典库文件dictionary.txt,用户可以查询密码是否在该字典中。 **图 10** root密码 - ![](figures/root密码.png "root密码") + ![](./figures/root_password.png) 设置完成后,单击左上角的“完成”返回“安装概览”页面。 @@ -277,10 +272,10 @@ 在创建用户的界面如[图11](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig1237715313319)所示。输入用户名,并设置密码,其中密码复杂度要求与root密码复杂度要求一致。另外您还可以通过“高级”选项设置用户主目录、用户组等,如[图12](#zh-cn_topic_0186390266_zh-cn_topic_0122145909_fig128716531312)所示。 **图 11** 创建用户 - + ![](./figures/createuser.png) **图 12** 高级用户配置 - ![](figures/高级用户配置.png "高级用户配置") + ![](./figures/Advanced_User_Configuration.png "高级用户配置") 完成设置后,单击左上角的“完成”返回“安装概览”页面。 @@ -289,19 +284,17 @@ 3. 单击“开始安装”进行系统安装,如[图13](#fig1717019357392)所示。 **图 13** 开始安装 - - -6. 安装完成后重启系统。 + ![](./figures/Installation_Procedure.png) +4. 安装完成后重启系统。 - openEuler完成安装,如[图14](#zh-cn_topic_0186390267_zh-cn_topic_0122145917_fig1429512116338)所示。单击“重启”后,系统将重新启动。 + openEuler完成安装后,单击“重启”按钮,系统将重新启动。 - **图 14** 完成安装 - + ## 查看系统信息 -系统安装完成并重启后直接进入系统命令行登录界面,输入安装过程中设置的用户和密码,进入openEuler操作系统,查看如下系统信息。若需要进行系统管理和配置操作,请参考《[openEuler 20.09 beta 管理员指南](../Administration/administration.html)》。 +系统安装完成并重启后直接进入系统命令行登录界面,输入安装过程中设置的用户和密码,进入openEuler操作系统,查看如下系统信息。若需要进行系统管理和配置操作,请参考《[openEuler 20.03-LTS-SP1 管理员指南](https://openeuler.org/zh/docs/20.03-LTS-SP1/docs/Administration/administration.html)》。 - 查看系统信息,命令如下: @@ -312,12 +305,12 @@ 例如,命令和输出如下: ``` - $ cat /etc/os-release + # cat /etc/os-release NAME="openEuler" - VERSION="20.09" + VERSION="20.03 (LTS-SP1)" ID="openEuler" - VERSION_ID="20.09" - PRETTY_NAME="openEuler 20.09" + VERSION_ID="20.03" + PRETTY_NAME="openEuler 20.03 (LTS-SP1)" ANSI_COLOR="0;31" ``` diff --git "a/content/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" "b/docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" similarity index 36% rename from "content/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" rename to "docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" index e7374faba3b76702998bd2f4e99c7679002c1887..c3940611f56669ea8f198336ce751a47bc4db6ab 100644 --- "a/content/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" +++ "b/docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" @@ -1,4 +1,4 @@ # CVE漏洞 -版本涉及的CVE可通过[CVE列表](https://cve.openeuler.org/#/CVE)查询。 +版本涉及的CVE可通过[CVE列表](https://openeuler.org/zh/security/cve/)查询。 diff --git a/content/zh/docs/Virtualization/public_sys-resources/icon-caution.gif b/docs/zh/docs/Releasenotes/public_sys-resources/icon-caution.gif similarity index 100% rename from content/zh/docs/Virtualization/public_sys-resources/icon-caution.gif rename to docs/zh/docs/Releasenotes/public_sys-resources/icon-caution.gif diff --git a/content/zh/docs/Virtualization/public_sys-resources/icon-danger.gif b/docs/zh/docs/Releasenotes/public_sys-resources/icon-danger.gif similarity index 100% rename from content/zh/docs/Virtualization/public_sys-resources/icon-danger.gif rename to docs/zh/docs/Releasenotes/public_sys-resources/icon-danger.gif diff --git a/content/zh/docs/Virtualization/public_sys-resources/icon-note.gif b/docs/zh/docs/Releasenotes/public_sys-resources/icon-note.gif similarity index 100% rename from content/zh/docs/Virtualization/public_sys-resources/icon-note.gif rename to docs/zh/docs/Releasenotes/public_sys-resources/icon-note.gif diff --git a/content/zh/docs/Virtualization/public_sys-resources/icon-notice.gif b/docs/zh/docs/Releasenotes/public_sys-resources/icon-notice.gif similarity index 100% rename from content/zh/docs/Virtualization/public_sys-resources/icon-notice.gif rename to docs/zh/docs/Releasenotes/public_sys-resources/icon-notice.gif diff --git a/content/zh/docs/Virtualization/public_sys-resources/icon-tip.gif b/docs/zh/docs/Releasenotes/public_sys-resources/icon-tip.gif similarity index 100% rename from content/zh/docs/Virtualization/public_sys-resources/icon-tip.gif rename to docs/zh/docs/Releasenotes/public_sys-resources/icon-tip.gif diff --git a/content/zh/docs/Virtualization/public_sys-resources/icon-warning.gif b/docs/zh/docs/Releasenotes/public_sys-resources/icon-warning.gif similarity index 100% rename from content/zh/docs/Virtualization/public_sys-resources/icon-warning.gif rename to docs/zh/docs/Releasenotes/public_sys-resources/icon-warning.gif diff --git a/docs/zh/docs/Releasenotes/release_notes.md b/docs/zh/docs/Releasenotes/release_notes.md new file mode 100644 index 0000000000000000000000000000000000000000..66c1f993f189ec2103447a1f3fcc8a379d45e030 --- /dev/null +++ b/docs/zh/docs/Releasenotes/release_notes.md @@ -0,0 +1 @@ +本文是 openEuler 20.03 LTS SP1版本的发行说明。 \ No newline at end of file diff --git a/docs/zh/docs/Releasenotes/zh-cn_bookmap_0225720059.md b/docs/zh/docs/Releasenotes/zh-cn_bookmap_0225720059.md new file mode 100644 index 0000000000000000000000000000000000000000..5d775e30182a7156ece2c9bb4a4e0f4afa6fe288 --- /dev/null +++ b/docs/zh/docs/Releasenotes/zh-cn_bookmap_0225720059.md @@ -0,0 +1,14 @@ +# 版本发行说明 + +- [法律声明](./法律声明.md) +- [用户须知](./用户须知.md) +- [简介](./简介.md) +- [系统安装](./系统安装.md) +- [关键特性](./关键特性.md) +- [已知问题](./已知问题.md) +- [已修复问题](./已修复问题.md) +- [CVE漏洞](./CVE漏洞.md) +- [源代码](./源代码.md) +- [参与贡献](./参与贡献.md) +- [致谢](./致谢.md) + diff --git "a/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" "b/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" new file mode 100644 index 0000000000000000000000000000000000000000..357859efa19f59c4ec9846ee92cbca9694676a3d --- /dev/null +++ "b/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" @@ -0,0 +1,30 @@ +# 关键特性 + +- iSula轻量级容器解决方案,统一IoT,边缘和云计算容器解决方案 + - 缩短三级调用链,百容器内存资源占用相比Docker引擎显著下降 + - 支持CRI/OCI标准开源接口,灵活对接runc、kata等多种OCI运行时 + - 通过Smart-loading智能镜像下载技术,显著提升镜像下载速度 + - 安全容器:虚拟化技术和容器技术的有机结合,安全容器具有更好的隔离性 + - 系统容器:支持本地文件系统启动,可实现快速部署。支持部署systemd,提升user namespace隔离性 + +- Kunpeng加速引擎(KAE),支持加解密加速 + - 摘要算法SM3,支持异步模型 + - 对称加密算法SM4,支持异步模型,支持CTR/XTS/CBC模式 + - 对称加密算法AES,支持异步模型,支持ECB/CTR/XTS/CBC模式 + - 非对称算法RSA,支持异步模型,支持Key Sizes 1024/2048/3072/4096 + - 密钥协商算法DH,支持异步模型,支持Key Sizes 768/1024/1536/2048/3072/4096 + + +- A-Tune智能系统性能优化引擎,推理出业务特征,配置最佳的系统参数合,使业务处于最优运行状态。 +- 增强glibc/zlib/gzip性能,充分利用AArch64的neon指令集,提升基础库性能。 +- 内核特性增强 + - 支持ARM64内核热补丁 + - Numa Aware Qspinlock:减少跨NUMA节点的Cache/总线冲突 + - 通过优化 IOVA 页表查找和页表释放算法,提升 I/O MMU 子系统性能 + - 根据 ARM64 指令以及流水线特点,优化 CRC32 及 checksum 实现,大幅提升数据校验性能 + - 支持 ARM v8.4 MPAM(Memory System Resource Partitioning and Monitoring) +- 虚拟化特性增强 + - 中断虚拟化优化:IRQfd路径注入中断优化,大幅提升高性能直通设备(网卡、SSD磁盘等)性能 + - 内存虚拟化优化:借助鲲鹏硬件特性,提升虚拟机启动内存加载速度 + - 存储虚拟化优化:iSCSI模块kworker的NUMA亲和性自绑定优化,提升IPSAN磁盘的IO性能 + diff --git "a/content/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" "b/docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" similarity index 62% rename from "content/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" rename to "docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" index e14ad24e2bf3f670106ed94079d8af84e65fb389..ba43d4adf9454a49ef1b39b5b01b98899c82a6ea 100644 --- "a/content/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" +++ "b/docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" @@ -1,16 +1,16 @@ # 参与贡献 -作为openEuler用户,你可以通过多种方式协助openEuler社区。参与社区贡献的方法请参见[社区贡献](https://openeuler.org/zh/developer.html),这里简单列出部分方式供参考。 +作为openEuler用户,你可以通过多种方式协助openEuler社区。参与社区贡献的方法请参见[贡献攻略](https://openeuler.org/zh/community/contribution/),这里简单列出部分方式供参考。 ## 特别兴趣小组 -openEuler将拥有共同兴趣的人们聚在一起,组成了不同的特别兴趣小组(SIG)。当前已有的SIG请参见[SIG列表](https://openeuler.org/zh/sig.html)。 +openEuler将拥有共同兴趣的人们聚在一起,组成了不同的特别兴趣小组(SIG)。当前已有的SIG请参见[SIG列表](https://openeuler.org/zh/sig/sig-list/)。 我们欢迎并鼓励你加入已有的SIG或创建新的SIG,创建方法请参见[SIG管理指南](https://gitee.com/openeuler/community/blob/master/zh/technical-committee/governance/README.md)。 ## 邮件列表和任务 -欢迎你积极地帮助用户解决在[邮件列表](https://openeuler.org/zh/community/mails.html)和issue任务(包括[代码仓任务](https://gitee.com/organizations/openeuler/issues)和[软件包仓任务](https://gitee.com/organizations/src-openeuler/issues)) 中提出的问题。另外,我们也欢迎你提出问题。这些都将帮助openEuler社区更好地发展。 +欢迎你积极地帮助用户解决在[邮件列表](https://openeuler.org/zh/community/mailing-list/)和issue任务(包括[代码仓任务](https://gitee.com/organizations/openeuler/issues)和[软件包仓任务](https://gitee.com/organizations/src-openeuler/issues)) 中提出的问题。另外,我们也欢迎你提出问题。这些都将帮助openEuler社区更好地发展。 ## 文档 @@ -18,5 +18,5 @@ openEuler将拥有共同兴趣的人们聚在一起,组成了不同的特别 ## IRC -openEuler也在IRC开辟了频道,作为提供社区支持和交互的额外渠道。详情请参见[openEuler IRC](https://openeuler.org/zh/community/irc.html)。 +openEuler也在IRC开辟了频道,作为提供社区支持和交互的额外渠道。详情请参见[openEuler IRC](https://gitee.com/openeuler/community/blob/master/zh/communication/IRCs.md)。 diff --git "a/docs/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" "b/docs/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" new file mode 100644 index 0000000000000000000000000000000000000000..232e82e48e0de01f209a56ca122a7d891395c65e --- /dev/null +++ "b/docs/zh/docs/Releasenotes/\345\267\262\344\277\256\345\244\215\351\227\256\351\242\230.md" @@ -0,0 +1,28 @@ +# 已修复问题 + +完整问题清单请参见[完整问题清单](https://gitee.com/organizations/src-openeuler/issues)。 + +完整的内核提交记录请参见[提交记录](https://gitee.com/openeuler/kernel/commits/openEuler-1.0-LTS)。 + +已修复问题请参见[表1](#table249714911433)。 + +**表 1** 修复问题列表 + +| ISSUE |问题描述 | +|:--- |:---- | +| [I1BJTF](https://gitee.com/openeuler/kernel/issues/I1BJTF?from=project-issue) | 【kernel bug】arm机器上lscpu命令无法显示cpu主频,cpu cache错误 | +| [I1BWPD](https://gitee.com/openeuler/iSulad-img/issues/I1BWPD?from=project-issue) | 使用isula/crictl pull镜像失败| +| [I1BV56](https://gitee.com/src-openeuler/shadow/issues/I1BV56?from=project-issue) | delete redundant gpg sig file for shadow-4.6| +| [I1BV38](https://gitee.com/src-openeuler/expect/issues/I1BV38?from=project-issue) | unbuffer命令不可用 | +| [I1BA9B](https://gitee.com/src-openeuler/iputils/issues/I1BA9B?from=project-issue) | arping -w参数失效| +| [I1AV3S](https://gitee.com/openeuler/kernel/issues/I1AV3S?from=project-issue) | 跑最新LTP中的pty03用例,必现oops | +| [I1AZ1I](https://gitee.com/src-openeuler/cronie/issues/I1AZ1I?from=project-issue) | 启动500个定时任务,4~5分钟后,任务处理不过来,系统会卡死 | +| [I1AH2C](https://gitee.com/openeuler/iSulad/issues/I1AH2C?from=project-issue) | 启动kata容器失败抓到warning信息不足定位,需要打印更多报错 | +| [I1AGXO](https://gitee.com/openeuler/iSulad/issues/I1AGXO?from=project-issue) | kata-runtime远程模式下isula rm -f没有执行kill导致残留 | +| [I1AF39](https://gitee.com/openeuler/kernel/issues/I1AF39?from=project-issue) | ext4文件系统上触发open时发现softlockup | +| [I1ADUD](https://gitee.com/openeuler/iSulad/issues/I1ADUD?from=project-issue) | kubectl创建pod导致isulad崩溃 | + + + + + diff --git "a/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" "b/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" new file mode 100644 index 0000000000000000000000000000000000000000..ec3f15ab7c20dc0ab3b95a40ea3831af9a65dd7f --- /dev/null +++ "b/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" @@ -0,0 +1,21 @@ +# 已知问题 + +- 内核FIPS启动模式还未经过完整认证,FIPS启动可能存在问题。[I17Z18](https://gitee.com/src-openeuler/crypto-policies/issues/I17Z18?from=project-issue) +- 使用libvirt启动glusterfs虚拟机,每次会有300字节的内存泄漏。讨论详情请参见[社区讨论](https://github.com/gluster/glusterfs/issues/818)。[I185CH](https://gitee.com/src-openeuler/glusterfs/issues/I185CH?from=project-issue) +- 使用libvirt接口连续执行磁盘热插拔操作,概率性出现热拔接口返回成功,但磁盘未真正拔除,也不能再次热插和热拔该磁盘。关闭虚拟机后再启动可恢复正常。[I1C72L](https://gitee.com/src-openeuler/qemu/issues/I1C72L?from=project-issue) +- 使用x86\_64虚拟机安装时,极小概率可能出现未知安装异常,请再次安装恢复。[I1C8HS](https://gitee.com/src-openeuler/anaconda/issues/I1C8HS?from=project-issue) +- CVE-2012-0039在本地应用程序通过调用g\_str\_hash函数,调用该接口的应用会持续消耗CPU,导致拒绝服务攻击,社区已经明确不解决。 +- CVE-2015-9541通过构造异常的SVG文档进行指数级XML实体扩展攻击,当Qt尝试解析SVG时,可能会发生内存不足的情况。讨论详情请参见[社区讨论](https://codereview.qt-project.org/c/qt/qtbase/+/293909)。 +- 部分开源包编译前需要提前安装gdb,gcc,make等基础软件,否则会由于缺少依赖而编译失败。 +- AArch64和x86\_64在char类型上定义不一致,导致coreutils,augeas,diffutils自检报错,请增加--fsigned-char编译选项解决。 +- 针对20.03 LTS SP1版本,如果用户从mysql-8.0.17-3.oe1版本升级到较新版本,使用rpm -Uvh xxx(其中XXX指具体的版本,例如mysql-8.0.21-1.oe1.aarch64.rpm)命令,升级后功能不可用,可以通过以下两种方式进行版本升级(以mysql-8.0.17-3.oe1升级到mysql-8.0.21-1.oe1举例): + - 方法1,执行如下升级命令实现: + ``` + # rpm -Uvh mysql-8.0.21-1.oe1.aarch64.rpm --noscripts + ``` + - 方法2,先卸载旧版本的mysql,再安装新版本的mysql,命令如下: + ``` + # rpm -e mysql-8.0.17-3.oe1 + # rpm -ivh mysql-8.0.21-1.oe1.aarch64.rpm + ``` + diff --git "a/content/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" "b/docs/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" similarity index 64% rename from "content/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" rename to "docs/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" index 9769a3f5cfcd23d6e98b030f9b933935330b23b4..333a56434fd39d9fe8ea65edf8781340dd607470 100644 --- "a/content/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" +++ "b/docs/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" @@ -1,14 +1,14 @@ # 法律声明 -**版权所有 © 2020 openEuler社区。** +**版权所有 © 2020 华为技术有限公司。** 您对“本文档”的复制、使用、修改及分发受知识共享\(Creative Commons\)署名—相同方式共享4.0国际公共许可协议\(以下简称“CC BY-SA 4.0”\)的约束。为了方便用户理解,您可以通过访问[https://creativecommons.org/licenses/by-sa/4.0/](https://creativecommons.org/licenses/by-sa/4.0/) 了解CC BY-SA 4.0的概要 \(但不是替代\)。CC BY-SA 4.0的完整协议内容您可以访问如下网址获取:[https://creativecommons.org/licenses/by-sa/4.0/legalcode](https://creativecommons.org/licenses/by-sa/4.0/legalcode)。 **商标声明** -openEuler为openEuler社区的商标。本文档提及的其他所有商标或注册商标,由各自的所有人拥有。 +openEuler为华为技术有限公司的商标。本文档提及的其他所有商标或注册商标,由各自的所有人拥有。 **免责声明** -本文档仅作为使用指导,除非适用法强制规定或者双方有明确书面约定, openEuler社区对本文档中的所有陈述、信息和建议不做任何明示或默示的声明或保证,包括但不限于不侵权,时效性或满足特定目的的担保。 +本文档仅作为使用指导,除非适用法强制规定或者双方有明确书面约定, 华为技术有限公司对本文档中的所有陈述、信息和建议不做任何明示或默示的声明或保证,包括但不限于不侵权,时效性或满足特定目的的担保。 diff --git "a/content/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md" "b/docs/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md" similarity index 100% rename from "content/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md" rename to "docs/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md" diff --git "a/content/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" "b/docs/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" similarity index 40% rename from "content/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" rename to "docs/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" index f612df3f64d1e43279f0a7cbbb27b04128bcff22..17f6a16e0e4a45c7b963a46807931c69fba213d1 100644 --- "a/content/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" +++ "b/docs/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" @@ -1,6 +1,5 @@ # 用户须知 -- openEuler版本号计数规则由openEuler x.x变更为以年月为版本号,以便用户了解版本发布时间,例如openEuler 20.09表示发布时间为2020年9月。 -- [Python核心团队](https://www.python.org/dev/peps/pep-0373/#update)已经于2020年1月停止对Python 2的维护。2020年,openEuler 20.09 LTS仅修复Python 2的致命CVE,并将于2020年12月31日全面停止维护。请您尽快切换到Python 3。 +- openEuler版本号计数规则由openEuler x.x变更为以年月为版本号,以便用户了解版本发布时间,例如openEuler 20.03表示发布时间为2020年3月。 +- [Python核心团队](https://www.python.org/dev/peps/pep-0373/#update)已经于2020年1月停止对Python 2的维护。2020年,openEuler 20.03 LTS SP1仅修复Python 2的致命CVE,并将于2020年12月31日全面停止维护。请您尽快切换到Python 3。 -* [Python核心团队](https://www.python.org/dev/peps/pep-0373/#update)已经于2020年1月停止对Python 2的维护。2020年,openEuler 20.03 LTS仅修复Python 2的致命CVE,并将于2020年12月31日全面停止维护。请您尽快切换到Python 3。 \ No newline at end of file diff --git "a/content/zh/docs/Releasenotes/\347\256\200\344\273\213.md" "b/docs/zh/docs/Releasenotes/\347\256\200\344\273\213.md" similarity index 99% rename from "content/zh/docs/Releasenotes/\347\256\200\344\273\213.md" rename to "docs/zh/docs/Releasenotes/\347\256\200\344\273\213.md" index a93e39988321b9f901e74f729323f23828cb2196..5d32c5e38bc6012d6d1f0afb1c1e7f1fbda8fc0c 100644 --- "a/content/zh/docs/Releasenotes/\347\256\200\344\273\213.md" +++ "b/docs/zh/docs/Releasenotes/\347\256\200\344\273\213.md" @@ -1,4 +1,4 @@ -# 简介 - -openEuler是一款开源操作系统。当前openEuler内核源于Linux,支持鲲鹏及其它多种处理器,能够充分释放计算芯片的潜能,是由全球开源贡献者构建的高效、稳定、安全的开源操作系统,适用于数据库、大数据、云计算、人工智能等应用场景。同时,openEuler是一个面向全球的操作系统开源社区,通过社区合作,打造创新平台,构建支持多处理器架构、统一和开放的操作系统,推动软硬件应用生态繁荣发展。 - +# 简介 + +openEuler是一款开源操作系统。当前openEuler内核源于Linux,支持鲲鹏及其它多种处理器,能够充分释放计算芯片的潜能,是由全球开源贡献者构建的高效、稳定、安全的开源操作系统,适用于数据库、大数据、云计算、人工智能等应用场景。同时,openEuler是一个面向全球的操作系统开源社区,通过社区合作,打造创新平台,构建支持多处理器架构、统一和开放的操作系统,推动软硬件应用生态繁荣发展。 + diff --git "a/docs/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" "b/docs/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" new file mode 100644 index 0000000000000000000000000000000000000000..f384b0ff56126d336152cd2a999a291437f7a2a8 --- /dev/null +++ "b/docs/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" @@ -0,0 +1,172 @@ +# 系统安装 + +## 发布件 + +[openEuler发布件](http://repo.openeuler.org/openEuler-20.03-LTS-SP1/)如下表所示,包括ISO发布包、容器镜像、虚拟机镜像和方便在线使用的repo源。 + + +**表 1** openEuler发布件 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
目录类别描述
ISOISO发布包目录下区分AArch64架构、x86架构和source的ISO发布包。其中: +
    +
  • openEuler-20.03-LTS-SP1-aarch64-dvd.isoopenEuler-20.03-LTS-SP1-x86_64-dvd.iso:分别为AArch64架构、x86架构的openEuler基础安装软件包ISO,包含openEuler操作系统运行的基础组件,满足开发者基础的开发要求。
    • +
  • openEuler-20.03-LTS-SP1-everything-aarch64-dvd.isoopenEuler-20.03-LTS-SP1-everything-x86_64-dvd.iso:分别为AArch64架构、x86架构的openEuler全量软件包ISO,除openEuler基础安装软件包的所有软件外,还包含了openEuler社区中已验证的软件包。满足开发者更高级的开发要求。
    • +
  • openEuler-20.03-LTS-SP1-debuginfo-aarch64-dvd.isoopenEuler-20.03-LTS-SP1-debuginfo-x86_64-dvd.iso:分别为AArch64架构、x86架构的openEuler调试软件包ISO,包含了调试所需的符号表信息,用于软件功能和性能调试。
    • +
  • openEuler-20.03-LTS-SP1-source-dvd.iso:openEuler社区所有源码软件包ISO,方便开发者离线使用。
    • +
+
说明: +

每个ISO发布包均有对应的校验文件,用于ISO发布包的完整性校验。

+
+
docker_img容器镜像openEuler容器镜像,仅提供基本的bash环境,作为基础容器镜像使用。目录下区分AArch64架构和x86架构。 +
说明: +

容器镜像有对应的校验文件,用于容器镜像的完整性校验。

+
+
virtual_machine_img虚拟机镜像

openEuler虚拟机镜像,仅提供基本的运行环境,缩短虚拟机部署时间。目录下区分AArch64架构和x86架构。

+
说明: +
+
    +
  • 虚拟机镜像root用户默认密码为:openEuler12#$,首次登录后请及时修改。
    • +
  • 虚拟机镜像有对应的校验文件,用于虚拟机镜像的完整性校验。
    • +
+
+
+
EPOLrepo源openEuler第三方软件包的repo源,主要来源于第三方和社区贡献,由提供方负责维护。目录下区分AArch64架构和x86架构。
OSopenEuler基础安装软件包的repo源,提供在线下和版本升级功能,软件包内容和ISO发布包中的基础安装软件包ISO相同。目录下区分AArch64架构和x86架构。
debuginfoopenEuler调试软件包的repo源,提供在线下载功能,软件包内容和ISO发布包中的调试软件包ISO相同。目录下区分AArch64架构和x86架构。
everythingopenEuler全量软件包的repo源,提供在线下载和版本升级功能,软件包内容和ISO发布包中的全量软件包ISO相同。目录下区分AArch64架构和x86架构。
extrasopenEuler扩展软件包的repo源,用于因新增特性而引入的新的软件包发布。目录下区分AArch64架构和x86架构。
sourceopenEuler社区所有源码软件包的repo源,方便开发者在线使用。
updateopenEuler升级软件包的repo源,用于已发布版本的bug、CVE的修复和部分软件因特性增强后的更新发布。提供在线下载和版本内软件升级功能。目录下区分AArch64架构和x86架构。
+ + +## 最小硬件要求 + +安装 openEuler 20.03 LTS SP1所需的最小硬件要求如下表所示。 + +| 部件名称 |最小硬件要求 | +|:--- |:---- | +| CPU | 鲲鹏 920(架构为AArch64)
x86-64(Skylake以上) | +| 内存 | 不小于8GB | +| 硬盘 | 不小于120GB | + + +## 硬件兼容性 + +openEuler已验证支持的服务器和各部件典型配置请参见[表6](#zh-cn_topic_0227922427_table39822012)。openEuler后续将逐步增加对其他服务器的支持,也欢迎广大合作伙伴/开发者参与贡献和验证。 + +**表 6** 支持的服务器及典型配置 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

厂商

+

服务器名称

+

服务器具体型号

+

部件名称

+

典型配置

+

华为

+

TaiShan 200

+

2280均衡型

+

CPU

+

HiSilicon Kunpeng 920

+

内存

+

32G\*4 2933MHz

+

RAID卡

+

LSI SAS3508

+

网络

+

TM210

+

华为

+

FusionServer Pro

+

2288H V5(机架服务器)

+

CPU

+

Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz

+

内存

+

32*4 2400MHz

+

RAID卡

+

LSI SAS3508

+

网络

+

X722

+
+ diff --git "a/content/zh/docs/Releasenotes/\350\207\264\350\260\242.md" "b/docs/zh/docs/Releasenotes/\350\207\264\350\260\242.md" similarity index 100% rename from "content/zh/docs/Releasenotes/\350\207\264\350\260\242.md" rename to "docs/zh/docs/Releasenotes/\350\207\264\350\260\242.md" diff --git "a/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" "b/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" new file mode 100644 index 0000000000000000000000000000000000000000..c7e96f4492c838ffecd5206776dddb0f3f05d318 --- /dev/null +++ "b/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" @@ -0,0 +1,66 @@ +# SELinux配置 + +## 概述 + +自主访问控制DAC(Discretionary Access Control)基于用户、组和其他权限,决定一个资源是否能被访问的因素是某个资源是否拥有对应用户的权限,它不能使系统管理员创建全面和细粒度的安全策略。SELinux(Security-Enhanced Linux)是Linux内核的一个模块,也是Linux的一个安全子系统。SELinux的实现了强制访问控制MAC(Mandatory Access Control ),每个进程和系统资源都有一个特殊的安全标签,资源能否被访问除了DAC规定的原则外,还需要判断每一类进程是否拥有对某一类资源的访问权限。 + +openEuler默认使用SELinux提升系统安全性。SELinux分为三种模式: + +- permissive:SELinux仅打印告警而不强制执行。 +- enforcing:SELinux安全策略被强制执行。 +- disabled:不加载SELinux安全策略。 + +## 配置说明 +openEuler默认开启SELinux,且默认模式为enforcing,用户可以通过修改/etc/selinux/config中配置项SELINUX的值变更SELinux模式。 + +- 关闭SELinux策略的配置如下: + + ``` + SELINUX=disabled + ``` + +- 使用permissive策略的配置如下: + + ``` + SELINUX=permissive + ``` + + +>![](public_sys-resources/icon-note.gif) **说明:** +>disabled与另两种模式切换时需重启系统生效。 +>``` +># reboot +>``` + +## SELinux相关命令 + +- 查询SELinux模式。例如下述查询的SELinux模式为Permissive: + + ``` + # getenforce + Permissive + ``` + +- 设置SELinux模式,0表示permissive模式,1表示enforcing模式,例如设置为enforcing模式的命令如下。该命令不能设置disabled模式,且系统重启后,恢复到/etc/selinux/config中设置的模式。 + + ``` + # setenforce 1 + ``` + +- 查询运行SELinux的系统状态。SELinux status表示SELinux的状态,enabled表示启用SELinux,disabled表示关闭SELinux。Current mode表示SELinux当前的安全策略。 + + ``` + # sestatus + SELinux status: enabled + SELinuxfs mount: /sys/fs/selinux + SELinux root directory: /etc/selinux + Loaded policy name: targeted + Current mode: enforcing + Mode from config file: enforcing + Policy MLS status: enabled + Policy deny_unknown status: allowed + Memory protection checking: actual (secure) + Max kernel policy version: 31 + ``` + + diff --git a/content/zh/docs/Virtualization/figures/zh-cn_image_0218587435.png b/docs/zh/docs/SecHarden/figures/zh-cn_image_0221925211.png similarity index 100% rename from content/zh/docs/Virtualization/figures/zh-cn_image_0218587435.png rename to docs/zh/docs/SecHarden/figures/zh-cn_image_0221925211.png diff --git a/content/zh/docs/Virtualization/figures/zh-cn_image_0218587436.png b/docs/zh/docs/SecHarden/figures/zh-cn_image_0221925212.png similarity index 100% rename from content/zh/docs/Virtualization/figures/zh-cn_image_0218587436.png rename to docs/zh/docs/SecHarden/figures/zh-cn_image_0221925212.png diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-caution.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/SecHarden/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-danger.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/SecHarden/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-note.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/SecHarden/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-notice.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/docs/SecHarden/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-tip.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/docs/SecHarden/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/docs/SecHarden/public_sys-resources/icon-warning.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/SecHarden/public_sys-resources/icon-warning.gif differ diff --git a/docs/zh/docs/SecHarden/secHarden.md b/docs/zh/docs/SecHarden/secHarden.md new file mode 100644 index 0000000000000000000000000000000000000000..c600efce0c96f2ab49969d3a0ee47160acdf02c9 --- /dev/null +++ b/docs/zh/docs/SecHarden/secHarden.md @@ -0,0 +1,5 @@ +# 安全加固指南 + +本文档给出openEuler的加固介绍和加固方法,指导用户进行安全加固。 + +本文档主要适用于需要对openEuler进行安全加固的管理员。管理员需要熟悉操作系统安全架构和安全技术。 \ No newline at end of file diff --git "a/docs/zh/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md" "b/docs/zh/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md" new file mode 100644 index 0000000000000000000000000000000000000000..c5627ac31c1e94616c3564508a54df4d9fa3b8a7 --- /dev/null +++ "b/docs/zh/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md" @@ -0,0 +1,230 @@ +# 内核参数 + +- [内核参数](#内核参数) + - [加固内核参数](#加固内核参数) + + + +## 加固内核参数 + +### 说明 + +内核参数决定配置和应用特权的状态。内核提供用户可配置的系统控制,这一系统控制可微调或配置,该功能特性可通过控制各种可配置的内核参数,来提高操作系统的安全特性。比如:通过微调或配置网络选项,可有效提高系统的安全性。 + +### 实现 + +1. 将[表3](#zh-cn_topic_0152100187_t69b5423c26644b26abe94d88d38878eb)中的加固项写入/etc/sysctl.conf文件中。 + + >![](public_sys-resources/icon-note.gif) **说明:** + >写入方式如下: + >``` + >net.ipv4.icmp_echo_ignore_broadcasts = 1 + >net.ipv4.conf.all.rp_filter = 1 + >net.ipv4.conf.default.rp_filter = 1 + >``` + + **表 3** 内核参数加固策略说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

加固项

+

加固项说明

+

加固建议

+

openEuler默认是否已加固为建议值

+

net.ipv4.icmp_echo_ignore_broadcasts

+

是否接受ICMP广播报文。加固策略为不接受。

+

1

+

+

net.ipv4.conf.all.rp_filter

+

验证数据包使用的实际源地址是否与路由表相关,以及使用该特定源IP地址的数据包是否通过接口获取其响应。加固策略为启用该项。

+

1

+

+

net.ipv4.conf.default.rp_filter

+

1

+

+

net.ipv4.ip_forward

+

IP Forwarding可阻止未授权的IP数据包渗透至网络。加固策略为禁用该特性。

+

0

+

+

net.ipv4.conf.all.accept_source_route

+

accept_source_route指允许数据包的发送者指定数据包的发送路径,以及返回给发送者的数据包所走的路径。加固策略为禁用该特性。

+

0

+

+

net.ipv4.conf.default.accept_source_route

+

0

+

+

net.ipv4.conf.all.accept_redirects

+

是否发送ICMP重定向报文。加固策略为禁止发送。

+

0

+

+

net.ipv4.conf.default.accept_redirects

+

0

+

+

net.ipv6.conf.all.accept_redirects

+

0

+

+

net.ipv6.conf.default.accept_redirects

+

0

+

+

net.ipv4.conf.all.send_redirects

+

是否将ICMP重定向报文发送至其他主机。只有当主机作为路由时,应启用该策略。加固策略为禁用该项。

+

0

+

+

net.ipv4.conf.default.send_redirects

+

0

+

+

net.ipv4.icmp_ignore_bogus_error_responses

+

忽略伪造的ICMP数据包,不会将其记录到日志,将节省大量的硬盘空间。加固策略为启用该项。

+

1

+

+

net.ipv4.tcp_syncookies

+

SYN Attack是一种通过占用系统资源迫使系统重启的DoS攻击。加固策略为开启TCP-SYN cookie保护。

+

1

+

+

kernel.dmesg_restrict

+

加固dmesg信息,仅允许管理员查看。

+

1

+

+

kernel.sched_autogroup_enabled

+

该选项决定内核是否对线程进行自动分组调度。开启后调度组之间互相竞争时间片,调度组内的线程再竞争调度组分配到的时间片。加固策略为不启用该项。

+

0

+

+

kernel.sysrq

+

禁用魔术键。

+
说明:

建议禁用魔术键,避免由于直接发送命令到内核对系统造成影响,增强内核安全性。

+
+

0

+

+

net.ipv4.conf.all.secure_redirects

+

设置系统是接收来自任何主机的ICMP重定向消息还是从默认网关列表中的网关处接收ICMP重定向消息。加固策略为采用前者。

+

0

+

+

net.ipv4.conf.default.secure_redirects

+

0

+

+
+ +2. 加载sysctl.conf文件中设置的内核参数。 + + ``` + sysctl -p /etc/sysctl.conf + ``` + + +### 其它安全建议 + +- net.ipv4.icmp\_echo\_ignore\_all:忽略ICMP请求。 + + 出于安全考虑,建议开启此项(当前默认值为0,开启将值设为1)。 + + 但开启后会忽略所有接收到的icmp echo请求的包\(会导致机器无法ping通\),建议用户根据实际组网场景决定是否开启此项。 + +- net.ipv4.conf.all.log\_martians/net.ipv4.conf.default.log\_martians:对于仿冒/源路由/重定向数据包开启日志记录。 + + 出于安全考虑,建议开启此项(当前默认值为0,开启将值设为1)。 + + 但是开启后会记录带有不允许的地址的数据到内核日志中,存在冲日志风险,建议用户根据实际使用场景决定是否开启此项。 + +- net.ipv4.tcp\_timestamps:关闭tcp\_timestamps。 + + 出于安全考虑,建议关闭tcp\_timestamps(当前默认值为1,关闭将值设为0)。 + + 但是关闭此项会影响TCP超时重发的性能,建议用户根据实际使用场景决定是否关闭此项。 + +- net.ipv4.tcp\_max\_syn\_backlog:决定了SYN\_RECV状态队列的数量。 + + 该参数决定了SYN\_RECV状态队列的数量,超过这个数量,系统将不再接受新的TCP连接请求,一定程度上可以防止系统资源耗尽。建议由用户根据实际使用场景配置合适的值。 \ No newline at end of file diff --git "a/docs/zh/docs/SecHarden/\345\212\240\345\233\272\346\214\207\345\257\274.md" "b/docs/zh/docs/SecHarden/\345\212\240\345\233\272\346\214\207\345\257\274.md" new file mode 100644 index 0000000000000000000000000000000000000000..b2a8312d288f8bba8cd72b1239b61126b0875887 --- /dev/null +++ "b/docs/zh/docs/SecHarden/\345\212\240\345\233\272\346\214\207\345\257\274.md" @@ -0,0 +1,5 @@ +# 加固指导 + +用户可以通过修改加固策略配置文件或加固脚本进行系统加固。本节介绍各加固项的含义以及openEuler是否已默认加固,并给出加固方法,指导用户进行安全加固。 + + diff --git "a/docs/zh/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md" "b/docs/zh/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md" new file mode 100644 index 0000000000000000000000000000000000000000..6668e941e94a5aa901447a475a99cd7635b85765 --- /dev/null +++ "b/docs/zh/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md" @@ -0,0 +1,131 @@ +# 安全加固工具 + + +- [安全加固工具](#安全加固工具) + - [加固操作](#加固操作) + - [加固生效](#加固生效) + + +## 加固操作 + +### 概述 + +安全加固工具会根据usr-security.conf设置加固策略,使用加固工具设置加固策略需要用户修改usr-security.conf。本节介绍usr-security.conf的修改规则。用户可配置的加固项请参见[加固指导](https://openeuler.org/zh/docs/20.03_LTS/docs/SecHarden/%E5%8A%A0%E5%9B%BA%E6%8C%87%E5%AF%BC.html)对应内容。 + +### 注意事项 + +- 修改配置后,需要重启安全加固服务使配置生效。重启方法请参见[加固生效](#加固生效)对应内容。 +- 用户修改加固配置时,仅修改/etc/openEuler\_security/usr-security.conf文件,不建议修改/etc/openEuler\_security/security.conf。security.conf中为基本加固项,仅运行一次。 +- 当重启安全加固服务使配置生效后,在usr-security.conf中删除对应加固项并重启安全加固服务并不能清除之前的配置。 +- 安全加固操作记录在日志文件/var/log/openEuler-security.log中。 + +### 配置格式 + +usr-security.conf中的每一行代表一项配置,根据配置内容的不同有不同配置格式,这里给出各类配置的格式说明。 + +>![](public_sys-resources/icon-note.gif) **说明:** +>- 所有配置项以执行ID开头,执行ID仅为了方便用户识别配置内容,取值为正整数,由用户自行定义。 +>- 配置项的各内容之间使用@作为分隔符。 +>- 若实际配置内容中包含@,需要使用@@表示以和分隔符区分,例如实际内容为xxx@yyy,则配置为xxx@@yyy。目前不支持@位于配置内容的开头和结尾。 + +- d:注释 + + 格式:执行ID@d@对象文件@匹配项 + + 功能:将对象文件中以匹配项开头(行首可以有空格)的行注释(在行首添加\#)。 + + 示例:执行ID为401,注释/etc/sudoers文件中以%wheel开头的行。 + + ``` + 401@d@/etc/sudoers@%wheel + ``` + + +- m:替换 + + 格式:执行ID@m@对象文件@匹配项@替换目标值 + + 功能:将对象文件中以匹配项开头(行首可以有空格)的行替换为“匹配项加替换目标值 ”。若匹配行开头有空格,替换后将删除这些空格。 + + 示例:执行ID为101,将/etc/ssh/sshd\_config文件中以Protocol 开头的行替换为Protocol 2。匹配和替换时也会考虑Protocol后的空格。 + + ``` + 101@m@/etc/ssh/sshd_config@Protocol @2 + ``` + +- sm:精确修改 + + 格式:执行ID@sm@对象文件@匹配项@替换目标值 + + 功能:将对象文件中以匹配项开头(行首可以有空格)的行替换为“匹配项加替换目标值 ”。若匹配行开头有空格,替换后将保留这些空格,这是sm和m的区别。 + + 示例:执行ID为201,将/etc/audit/hzqtest文件中以size开头的行替换为size 2048。 + + ``` + 201@sm@/etc/audit/hzqtest@size@ 2048 + ``` + + +- M:修改子项 + + 格式:执行ID@M@对象文件@匹配项@匹配子项\[@匹配子项的值\] + + 功能:匹配对象文件中以匹配项开头(行首可以有空格)的行,并将该行中以匹配子项开始的内容替换为“匹配子项和匹配子项的值”,其中匹配子项的值可选。 + + 示例:执行ID为101,找到file文件中以key开头的行,并将这些行中以key2开始的内容替换为key2value2。 + + ``` + 101@M@file@key@key2@value2 + ``` + +- systemctl:管理服务 + + 格式:执行ID@systemctl@对象服务@具体操作 + + 功能:使用systemctl管理对象服务,具体操作可取值为start、stop、restart、disable等systemctl所有可用的命令。 + + 示例:执行ID为218,停止cups.service服务,等同于systemctl stop cups.service的配置行。 + + ``` + 218@systemctl@cups.service@stop + ``` + +- 其他命令 + + 格式:执行ID@命令@对象文件 + + 功能:执行对应命令,即执行命令行“命令 对象文件”。 + + 示例一:执行ID为402,使用rm -f命令删除文件/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem。 + + ``` + 402@rm -f @/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem + ``` + + 示例二:执行ID为215,使用touch命令创建文件/etc/cron.allow。 + + ``` + 215@touch @/etc/cron.allow + ``` + + 示例三:执行ID为214,使用chown命令将文件/etc/at.allow的属主改为root:root。 + + ``` + 214@chown root:root @/etc/at.allow + ``` + + 示例四:执行ID为214,使用chmod命令去除文件/etc/at.allow属主所在群组及其他非属主用户的rwx权限。 + + ``` + 214@chmod og-rwx @/etc/at.allow + ``` + + +## 加固生效 + +完成修改usr-security.conf文件后,请运行如下命令使新添加的配置生效。 + +``` +systemctl restart openEuler-security.service +``` + diff --git "a/docs/zh/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md" "b/docs/zh/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md" new file mode 100644 index 0000000000000000000000000000000000000000..5220419c23c2387e4975222aa85bbfd2f3c266c5 --- /dev/null +++ "b/docs/zh/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md" @@ -0,0 +1,155 @@ +# 授权认证 + +- [授权认证](#授权认证) + - [设置网络远程登录的警告信息](#设置网络远程登录的警告信息) + - [禁止通过Ctrl+Alt+Del重启系统](#禁止通过Ctrl+Alt+Del重启系统) + - [设置终端的自动退出时间](#设置终端的自动退出时间) + - [设置用户的默认umask值为077](#设置用户的默认umask值为077) + - [设置GRUB2加密口令](#设置GRUB2加密口令) + - [安全单用户模式](#安全单用户模式) + - [禁止交互式启动](#禁止交互式启动) + + +## 设置网络远程登录的警告信息 + +### 说明 + +设置网络远程登录的警告信息,用于在登录进入系统之前向用户提示警告信息,明示非法侵入系统可能受到的惩罚,吓阻潜在的攻击者。同时也可以隐藏系统架构及其他系统信息,避免招致对系统的目标性攻击。 + +### 实现 + +该设置可以通过修改/etc/issue.net文件的内容实现。将/etc/issue.net文件原有内容替换为如下信息(openEuler默认已设置): + +``` +Authorized users only. All activities may be monitored and reported. +``` + +## 禁止通过Ctrl+Alt+Del重启系统 + +### 说明 + +操作系统默认能够通过“Ctrl+Alt+Del”进行重启,禁止该项特性可以防止因为误操作而导致数据丢失。 + +### 实现 + +禁止通过“Ctrl+Alt+Del”重启系统的操作步骤如下: + +1. 删除两个ctrl-alt-del.target文件,参考命令如下: + + ``` + rm -f /etc/systemd/system/ctrl-alt-del.target + rm -f /usr/lib/systemd/system/ctrl-alt-del.target + ``` + +2. 修改/etc/systemd/system.conf文件,将\#CtrlAltDelBurstAction=reboot-force修改为CtrlAltDelBurstAction=none。 +3. 重启systemd,使修改生效,参考命令如下: + + ``` + systemctl daemon-reexec + ``` + +## 设置终端的自动退出时间 + +### 说明 + +无人看管的终端容易被侦听或被攻击,可能会危及系统安全。因此需要终端在停止运行一段时间后能够自动退出。 + +### 实现 + +自动退出时间由/etc/profile文件的TMOUT字段(单位为秒)控制,在/etc/profile的尾部添加如下配置: + +``` +export TMOUT=300 +``` + +## 设置用户的默认umask值为077 + +### 说明 + +umask值用于为用户新创建的文件和目录设置缺省权限。如果umask的值设置过小,会使群组用户或其他用户的权限过大,给系统带来安全威胁。因此设置所有用户默认的umask值为0077,即用户创建的目录默认权限为700,文件的默认权限为600。umask值代表的是权限的“补码”,umask值和权限的换算方法请参见[umask值含义](#umask值含义)。 + +>![](public_sys-resources/icon-note.gif) **说明:** +>openEuler默认已设置用户的默认umask值为022。 + +### 实现 + +1. 分别在/etc/bashrc文件和/etc/profile.d/目录下的所有文件中加入“umask 0077”。 + + ``` + echo "umask 0077" >> $FILE + ``` + + >![](public_sys-resources/icon-note.gif) **说明:** + >_$FILE_ 为具体的文件名,例如:echo "umask 0077" \>\> /etc/bashrc + +2. 设置/etc/bashrc文件和/etc/profile.d/目录下所有文件的属主为root,群组为root。 + + ``` + chown root.root $FILE + ``` + + >![](public_sys-resources/icon-note.gif) **说明:** + >_$FILE_ 为具体的文件名,例如:chown root.root /etc/bashrc + + +## 设置GRUB2加密口令 + +### 说明 + +GRUB是GRand UnifiedBootloader的缩写,它是一个操作系统启动管理器,用来引导不同系统(如Windows、Linux),GRUB2是GRUB的升级版。 + +系统启动时,可以通过GRUB2界面修改系统的启动参数。为了确保系统的启动参数不被任意修改,需要对GRUB2界面进行加密,仅在输入正确的GRUB2口令时才能修改启动参数。 + +>![](public_sys-resources/icon-note.gif) **说明:** +>GRUB2默认设置的口令为openEuler\#12,建议用户首次登录时修改默认密码并定期更新,避免密码泄露后,启动选项被篡改,导致系统启动异常。 + +### 实现 + +1. 使用grub2-mkpasswd-pbkdf2命令生成加密的口令 + + >![](public_sys-resources/icon-note.gif) **说明:** + >GRUB2加密算法使用sha512。 + + ``` + # grub2-mkpasswd-pbkdf2 + Enter password: + Reenter password: + PBKDF2 hash of your password is + grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 + ``` + + >![](public_sys-resources/icon-note.gif) **说明:** + >在Enter password和Reenter password输入相同的口令。 + >grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08为openEuler\#12经过grub2-mkpasswd-pbkdf2加密后的输出,每次输出的密文不同。 + +2. 使用vi工具打开/boot/efi/EFI/openEuler/grub.cfg的开始位置追加如下字段: + + ``` + set superusers="root" + password_pbkdf2 root grub.pbkdf2.sha512.10000.5A45748D892672FDA02DD3B6F7AE390AC6E6D532A600D4AC477D25C7D087644697D8A0894DFED9D86DC2A27F4E01D925C46417A225FC099C12DBD3D7D49A7425.2BD2F5BF4907DCC389CC5D165DB85CC3E2C94C8F9A30B01DACAA9CD552B731BA1DD3B7CC2C765704D55B8CD962D2AEF19A753CBE9B8464E2B1EB39A3BB4EAB08 + ``` + + >![](public_sys-resources/icon-note.gif) **说明:** + >- superusers字段用于设置GRUB2的超级管理员的账户名。 + >- password\_pbkdf2字段后的参数,第1个参数为GRUB2的账户名,第2个为该账户的加密口令。 + + +## 安全单用户模式 + +### 说明 + +单用户模式是以root权限进入系统,如不设置密码,将存在较大安全隐患。 + +### 实现 + +该设置可以通过修改/etc/sysconfig/init文件内容实现。将SINGLE选项配置为SINGLE=/sbin/sulogin。 + +## 禁止交互式启动 + +### 说明 + +使用交互式引导,控制台用户可以禁用审计、防火墙或其他服务,削弱了系统安全性。用户可以禁止使用交互式引导,提升安全性。openEuler默认已禁止。 + +### 实现 + +该设置可以通过修改/etc/sysconfig/init文件内容实现。将PROMPT选项配置为PROMPT=no。 \ No newline at end of file diff --git "a/docs/zh/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md" "b/docs/zh/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md" new file mode 100644 index 0000000000000000000000000000000000000000..a107aefc61f960ff8fad2264186149bdf6a58d94 --- /dev/null +++ "b/docs/zh/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md" @@ -0,0 +1,137 @@ + +# 操作系统加固概述 + +介绍对openEuler系统进行加固的目的和加固方案。 + + +- [操作系统加固概述](#操作系统加固概述) + - [加固目的](#加固目的) + - [加固方案](#加固方案) + - [加固影响](#加固影响) + + + +## 须知 + +由于安全加固对系统至关重要,因此只有root用户允许修改并应用安全加固策略。 + +## 加固目的 + +操作系统作为信息系统的核心,承担着管理硬件资源和软件资源的重任,是整个信息系统安全的基础。操作系统之上的各种应用,要想获得信息的完整性、机密性、可用性和可控性,必须依赖于操作系统。脱离了对操作系统的安全保护,仅依靠其他层面的防护手段来阻止黑客和病毒等对网络信息系统的攻击,是无法满足安全需求的。 + +因此,需要对操作系统进行安全加固,构建动态、完整的安全体系,增强产品的安全性,提升产品的竞争力。 + +## 加固方案 + +本章描述openEuler的安全加固方案,包括加固方式和加固内容。 + +### 加固方式 + +用户可以通过手动修改加固配置或执行相关命令对系统进行加固,也可以通过加固工具批量修改加固项。openEuler的安全加固工具security tool以openEuler-security.service服务的形式运行。系统首次启动时会自动运行该服务去执行默认加固策略,且自动设置后续开机不启动该服务。 + +用户可以通过修改security.conf,使用安全加固工具实现个性化安全加固的效果。 + +### 加固内容 + +openEuler系统加固内容主要分为以下5个部分: + +- 系统服务 +- 文件权限 +- 内核参数 +- 授权认证 +- 账号口令 + +## 加固影响 + +对文件权限、账户口令等安全加固,可能造成用户使用习惯变更,从而影响系统的易用性。影响系统易用性的常见加固项请参见[表1](#zh-cn_topic_0152100325_ta4a48f54ff2849ada7845e2380209917)。 + +**表 1** 加固影响说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

加固项

+

建议加固

+

易用性影响

+

openEuler默认是否设置了该加固项

+

字符界面等待超时限制

+

当字符界面长时间处在空闲状态,字符界面会自动退出。

+
说明:

当用户通过SSH登录,超时时间由/etc/profile文件的TMOUT字段和/etc/ssh/sshd_config文件的ClientAliveInterval字段两个值中较小的值决定。建议加固为300秒。

+
+

用户长时间不操作字符界面,字符界面会自动退出。

+

+

口令复杂度限制

+

口令长度最小为8位,口令至少包含大写字母、小写字母、数字和特殊字符中的3种。

+

系统中所有用户不能设置简单的口令,口令必须符合复杂度要求。

+

+

限定登录失败时的尝试次数

+

当用户登录系统时,口令连续输错3次,账户将被锁定60秒,锁定期间不能登录系统。

+

用户不能随意登录系统,账户被锁定后必须等待60秒。

+

+

用户默认umask值限制

+

设置所有用户的默认umask值为077,使用户创建文件的默认权限为600、目录权限为700。

+

用户需要按照需求修改指定文件或目录的权限。

+

+

口令有效期

+

口令有效期的设置通过修改/etc/login.defs文件实现,加固默认值为口令最大有效期90天,两次修改口令的最小间隔时间为0,口令过期前开始提示天数为7。

+

口令过期后用户重新登录时,提示口令过期并强制要求修改,不修改则无法进入系统。

+

+

su权限限制

+

su命令用于在不同账户之间切换。为了增强系统安全性,有必要对su命令的使用权进行控制,只允许root和wheel群组的账户使用su命令,限制其他账户使用。

+

普通账户执行su命令失败,必须加入wheel群组才可以su成功。

+

+

禁止root账户直接SSH登录系统

+

设置/etc/ssh/sshd_config文件的PermitRootLogin字段的值为no,用户无法使用root账户直接SSH登录系统。

+

用户需要先使用普通账户SSH登录后,再切换至root账户。

+

+

SSH强加密算法

+

SSH服务的MACs和Ciphers配置,禁止对CBC、MD5、SHA1算法的支持,修改为CTR、SHA2算法。

+

当前windows下使用的部分低版本的Xshell、PuTTY不支持aes128-ctr、aes192-ctr、aes256-ctr、hmac-sha2-256、hmac-sha2-512算法,可能会出现无法通过SSH登录系统的情况,请使用最新的PuTTY(0.63版本以上)、Xshell(5.0版本及以上版本)登录。

+

+
+ diff --git "a/docs/zh/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md" "b/docs/zh/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md" new file mode 100644 index 0000000000000000000000000000000000000000..0b52e2e25f5c33897ceac2f2d734f3e2148cc558 --- /dev/null +++ "b/docs/zh/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md" @@ -0,0 +1,239 @@ +# 文件权限 + +- [文件权限](#文件权限) + - [设置文件的权限和属主](#设置文件的权限和属主) + - [删除无主文件](#删除无主文件) + - [处理空链接文件](#处理空链接文件) + - [设置守护进程的umask值](#设置守护进程的umask值) + - [为全局可写目录添加粘滞位属性](#为全局可写目录添加粘滞位属性) + - [删除非授权文件的全局可写属性](#删除非授权文件的全局可写属性) + - [限制at命令的使用权限](#限制at命令的使用权限) + - [限制cron命令的使用权限](#限制cron命令的使用权限) + - [限制sudo命令的使用权限](#限制sudo命令的使用权限) + + + +## 设置文件的权限和属主 + +### 说明 + +Linux将所有对象都当作文件来处理,即使一个目录也被看作是包含有多个其他文件的大文件。因此,Linux中最重要的就是文件和目录的安全性。文件和目录的安全性主要通过权限和属主来保证。 + +openEuler默认对系统中的常用目录、可执行文件和配置文件设置了权限和属主。 + +### 实现 + +以/bin目录为例,修改文件权限和文件属主的操作如下: + +- 修改文件权限。例如将/bin目录权限设置为755。 + + ``` + chmod 755 /bin + ``` + +- 修改文件属主。例如将/bin目录的拥有者和群组设置为root:root。 + + ``` + chown root:root /bin + ``` + + +## 删除无主文件 + +### 说明 + +系统管理员在删除用户/群组时,存在着忘记删除该用户/该群组所拥有文件的问题。如果后续新创建的用户/群组与被删除的用户/群组同名,则新用户/新群组会拥有部分不属于其权限的文件,建议将此类文件删除。 + +### 实现 + +删除用户ID不存在的文件 + +1. 查找用户ID不存在的文件。 + + ``` + find / -nouser + ``` + +2. 删除查找到的文件。其中 filename 为用户ID不存在文件的文件名。 + + ``` + rm -f filename + ``` + + +删除群组ID不存在的文件 + +1. 查找群主ID不存在的文件。 + + ``` + find / -nogroup + ``` + +2. 删除查找到的文件。其中 filename 为用户ID不存在文件的文件名。 + + ``` + rm -f filename + ``` + + +## 处理空链接文件 + +### 说明 + +无指向的空链接文件,可能会被恶意用户利用,影响系统安全性。建议用户删除无效的空链接文件,提高系统安全性。 + +### 特殊场景 + +openEuler系统安装完成后,可能存在空链接文件,这些空链接文件可能有对应用途(有些空链接文件是预制的,会被其他组件依赖)。请用户根据实际环境进行处理,处理方式请参见[实现](#zh-cn_topic_0152100319_s1b24647cdd834a8eaca3032611baf072)。 + +例如,openEuler支持UEFI和legacy BIOS两种安装模式,两种引导场景支持的grub相关包默认都安装,当用户选择legacy BIOS模式安装时,形成空链接文件“/etc/grub2-efi.cfg”;当用户选择UEFI模式安装时,会形成空链接文件“/etc/grub2.cfg”,需要用户根据实际情况处理空链接。 + +### 实现 + +1. 通过如下命令查找系统中的空链接文件。 + + ``` + find dirname -type l -follow 2>/dev/null + ``` + + >![](public_sys-resources/icon-note.gif) **说明:** + > dirname为搜索目录的名称,通常需要关注系统关键目录:/bin、/boot、/usr、/lib64、/lib、/var等。 + +2. 如果此类文件无实际作用,可通过如下命令删除。 + + ``` + rm -f filename + ``` + + >![](public_sys-resources/icon-note.gif) **说明:** + >filename为[步骤1](#zh-cn_topic_0152100319_l4dc74664c4fb400aaf91fb314c4f9da6)找出的文件名。 + + +## 设置守护进程的umask值 + +### 说明 + +umask值用来为新创建的文件和目录设置缺省权限。如果没有设定umask值,则生成的文件具有全局可写权限,存在一定的风险。守护进程负责系统上某个服务,让系统可以接受来自用户或者是网络客户的要求。为了提高守护进程所创建文件和目录的安全性,建议设置其umask值为0027。umask值代表的是权限的“补码”,umask值和权限的换算方法请参见 "附录 > umask值含义" 。 + +>![](public_sys-resources/icon-note.gif) **说明:** +>openEuler默认已设置守护进程的umask值为0022。 + +### 实现 + +在配置文件/etc/sysconfig/init中新增一行:umask 0027。 + +## 为全局可写目录添加粘滞位属性 + +### 说明 + +任意用户可以删除、修改全局可写目录中的文件和目录,为了确保全局可写目录中的文件和目录不会被任意删除,需要为全局可写目录添加粘滞位属性。 + +### 实现 + +1. 搜索全局可写目录。 + + ``` + find / -type d -perm -0002 ! -perm -1000 -ls | grep -v proc + ``` + +2. 为全局可写目录添加粘滞位属性。dirname 为实际查找到的目录名。 + + ``` + chmod +t dirname + ``` + + +## 删除非授权文件的全局可写属性 + +### 说明 + +全局可写文件可被系统中的任意用户修改,影响系统完整性。 + +### 实现 + +1. 列举系统中所有的全局可写文件。 + + ``` + find / -type d \( -perm -o+w \) | grep -v procfind / -type f \( -perm -o+w \) | grep -v proc + ``` + +2. 查看步骤1列举的所有文件\(粘滞位位的文件和目录可以排除在外\),删除文件或去掉其全局可写权限。使用以下命令去掉权限,其中filename为对应文件名: + + ``` + chmod o-w filename + ``` + + >![](public_sys-resources/icon-note.gif) **说明:** + >可通过如下命令确定对应文件或目录是否设置了粘滞位,若回显中包含T标记,则为粘滞位文件或目录。命令中的filename为需要查询文件或目录的名称。 + >``` + >ls -l filename + >``` + + +## 限制at命令的使用权限 + +### 说明 + +at命令用于创建在指定时间自动执行的任务。为避免任意用户通过at命令安排工作,造成系统易受攻击,需要指定可使用该命令的用户。 + +### 实现 + +1. 删除/etc/at.deny文件。 + + ``` + rm -f /etc/at.deny + ``` + +2. 将/etc/at.allow的文件属主改为root:root。 + + ``` + chown root:root /etc/at.allow + ``` + +3. 控制/etc/at.allow的文件权限,仅root可操作。 + + ``` + chmod og-rwx /etc/at.allow + ``` + + +## 限制cron命令的使用权限 + +### 说明 + +cron命令用于创建例行性任务。为避免任意用户通过cron命令安排工作,造成系统易受攻击,需要指定可使用该命令的用户。 + +### 实现 + +1. 删除/etc/cron.deny文件。 + + ``` + rm -f /etc/cron.deny + ``` + +2. 将/etc/cron.allow的文件属主改为root:root。 + + ``` + chown root:root /etc/cron.allow + ``` + +3. 控制/etc/cron.allow的文件权限,仅root可操作。 + + ``` + chmod og-rwx /etc/cron.allow + ``` + + +## 限制sudo命令的使用权限 + +### 说明 + +sudo命令用于普通用户以root权限执行命令。为了增强系统安全性,有必要对sudo命令的使用权进行控制,只允许roo使用sudo命令,限制其他帐户使用。 + +### 实现 + +sudo命令的使用控制通过修改/etc/sudoers文件实现,需要注释掉如下配置行: + +``` +#%wheel ALL=(ALL) ALL +``` diff --git "a/docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md" "b/docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md" new file mode 100644 index 0000000000000000000000000000000000000000..59b126a5eca48472b30b0eab093ed6d0c5911200 --- /dev/null +++ "b/docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md" @@ -0,0 +1,467 @@ +# 系统服务 + +- [系统服务](#系统服务) + - [加固SSH服务](#加固SSH服务) + + +## 加固SSH服务 + +### 说明 + +SSH(Secure Shell)是目前较可靠,专为远程登录会话和其他网络服务提供安全性保障的协议。利用SSH协议可以有效防止远程管理过程中的信息泄露问题。透过SSH可以对所有传输的数据进行加密,并防止DNS欺骗和IP欺骗。OpenSSH是SSH协议的免费开源实现。 + +加固SSH服务,是指修改SSH服务中的配置来设置系统使用OpenSSH协议时的算法、认证等参数,从而提高系统的安全性。[表1](#zh-cn_topic_0152100390_ta2fdb8e4931b4c1a8f502b3c7d887b95)中详细说明了各加固项含义、建议加固值及其默认策略。 + +### 实现 + +服务端加固操作如下: + +1. 打开服务端SSH服务的配置文件/etc/ssh/sshd\_config,在该文件中修改或添加对应加固项及其加固值。 +2. 保存/etc/ssh/sshd\_config文件。 +3. 重启SSH服务,命令如下: + + ``` + systemctl restart sshd + ``` + + +客户端加固操作如下: + +1. 打开客户端SSH服务的配置文件/etc/ssh/ssh\_config,在该文件中修改或添加对应加固项及其加固值。 +2. 保存/etc/ssh/ssh\_config文件。 +3. 重启SSH服务,命令如下: + + ``` + systemctl restart sshd + ``` + + +### 加固项说明 + +- 服务端加固策略 + + SSH服务的所有加固项均保存在配置文件/etc/ssh/sshd\_config中,服务端各加固项的含义、加固建议以及openEuler默认是否已经加固为建议加固值请参见[表1](#zh-cn_topic_0152100390_ta2fdb8e4931b4c1a8f502b3c7d887b95)。 + + **表 1** SSH服务端加固项说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

加固项

+

加固项说明

+

加固建议

+

openEuler默认是否已加固为建议值

+

Protocol

+

设置使用SSH协议的版本

+

2

+

+

SyslogFacility

+

设置SSH服务的日志类型。加固策略将其设置为“AUTH”,即认证类日志

+

AUTH

+

+

LogLevel

+

设置记录sshd日志消息的层次

+

VERBOSE

+

+

X11Forwarding

+

设置使用SSH登录后,能否使用图形化界面

+

no

+

+

MaxAuthTries

+

最大认证尝试次数

+

3

+

+

PubkeyAuthentication

+

设置是否允许公钥认证。

+

yes

+

+

RSAAuthentication

+

设置是否允许只有RSA安全验证

+

yes

+

+

IgnoreRhosts

+

设置是否使用rhosts文件和shosts文件进行验证。rhosts文件和shosts文件用于记录可以访问远程计算机的计算机名及关联的登录名

+

yes

+

+

RhostsRSAAuthentication

+

设置是否使用基于rhosts的RSA算法安全验证。rhosts文件记录可以访问远程计算机的计算机名及关联的登录名

+

no

+

+

HostbasedAuthentication

+

设置是否使用基于主机的验证。基于主机的验证是指已信任客户机上的任何用户都可以使用SSH连接

+

no

+

+

PermitRootLogin

+

+

是否允许root账户直接使用SSH登录系统

+
说明:

若需要直接使用root账户通过SSH登录系统,请修改/etc/ssh/sshd_config文件的PermitRootLogin字段的值为yes。

+
+

no

+

+

PermitEmptyPasswords

+

设置是否允许用口令为空的账号登录

+

no

+

+

PermitUserEnvironment

+

设置是否解析 ~/.ssh/environment和~/.ssh/authorized_keys中设定的环境变量

+

no

+

+

Ciphers

+

设置SSH数据传输的加密算法

+

aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com

+

+

ClientAliveCountMax

+

设置超时次数。服务器发出请求后,客户端没有响应的次数达到一定值,连接自动断开

+

0

+

+

Banner

+

指定登录SSH前后显示的提示信息的文件

+

/etc/issue.net

+

+

MACs

+

设置SSH数据校验的哈希算法

+

hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com

+

+

StrictModes

+

设置SSH在接收登录请求之前是否检查用户HOME目录和rhosts文件的权限和所有权

+

yes

+

+

UsePAM

+

使用PAM登录认证

+

yes

+

+

AllowTcpForwarding

+

设置是否允许TCP转发

+

no

+

+

Subsystem sftp /usr/libexec/openssh/sftp-server

+

sftp日志记录级别,记录INFO级别以及认证日志。

+

-l INFO -f AUTH

+

+

AllowAgentForwarding

+

设置是否允许SSH Agent转发

+

no

+

+

GatewayPorts

+

设置是否允许连接到转发客户端端口

+

no

+

+

PermitTunnel

+

Tunnel设备是否允许使用

+

no

+

+

KexAlgorithms

+

设置SSH密钥交换算法

+

curve25519-sha256,curve25519-sha256@@libssh.org,diffie-hellman-group-exchange-sha256

+ 		  

LoginGraceTime

+

限制用户必须在指定的时限内认证成功,0 表示无限制。默认值是 60 秒。

+

60

+

+
+ + >![](public_sys-resources/icon-note.gif) **说明:** + >默认情况下,登录SSH前后显示的提示信息保存在/etc/issue.net文件中,/etc/issue.net默认信息为“Authorized users only. All activities may be monitored and reported.”。 + + +- 客户端加固策略 + + SSH服务的所有加固项均保存在配置文件/etc/ssh/ssh\_config中,客户端各加固项的含义、加固建议以及openEuler默认是否已经加固为建议加固值请参见[表2](#zh-cn_topic_0152100390_tb289c5a6f1c7420ab4339187f9018ea4)。 + + **表 2** SSH客户端加固项说明 + + + + + + + + + + + + + + + + + + + +

加固项

+

加固项说明

+

加固建议

+

openEuler默认是否已加固为建议值

+

KexAlgorithms

+

设置SSH密钥交换算法

+

ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256

+

+

VerifyHostKeyDNS

+

是否使用DNS或者SSHFP资源记录验证HostKey

+

ask

+

+
+ + >![](public_sys-resources/icon-note.gif) **说明:** + >对于使用dh算法进行密钥交换的第三方客户端和服务端工具,要求允许建立连接的最低长度为2048bits。 + + +### 其他安全建议 + +- SSH服务仅侦听指定IP地址 + + 出于安全考虑,建议用户在使用SSH服务时,仅在必需的IP上进行绑定侦听,而不是侦听0.0.0.0,可修改/etc/ssh/sshd\_config文件中的ListenAddress配置项。 + + 1. 打开并修改/etc/ssh/sshd\_config文件 + + ``` + vi /etc/ssh/sshd_config + ``` + + 修改内容如下,表示绑定侦听IP为 _192.168.1.100_,用户可根据实际情况修改需要侦听的IP + + ``` + ... + ListenAddress 192.168.1.100 + ... + ``` + + 2. 重启SSH服务 + + ``` + systemctl restart sshd.service + ``` + + + +- 限制SFTP用户向上跨目录访问 + + SFTP是FTP over SSH的安全FTP协议,对于访问SFTP的用户建议使用专用账号,只能上传或下载文件,不能用于SSH登录,同时对SFTP可以访问的目录进行限定,防止目录遍历攻击,具体配置如下: + + >![](public_sys-resources/icon-note.gif) **说明:** + >sftpgroup为示例用户组,sftpuser为示例用户名。 + + 1. 创建SFTP用户组 + + ``` + groupadd sftpgroup + ``` + + 2. 创建SFTP根目录 + + ``` + mkdir /sftp + ``` + + 3. 修改SFTP根目录属主和权限 + + ``` + chown root:root /sftp + chmod 755 /sftp + ``` + + 4. 创建SFTP用户 + + ``` + useradd -g sftpgroup -s /sbin/nologin sftpuser + ``` + + 5. 设置SFTP用户的口令 + + ``` + passwd sftpuser + ``` + + 6. 创建SFTP用户上传目录 + + ``` + mkdir /sftp/sftpuser + ``` + + 7. 修改SFTP用户上传目录属主和权限 + + ``` + chown root:root /sftp/sftpuser + chmod 777 /sftp/sftpuser + ``` + + 8. 修改/etc/ssh/sshd\_config文件 + + ``` + vi /etc/ssh/sshd_config + ``` + + 修改内容如下: + + ``` + #Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTH + Subsystem sftp internal-sftp -l INFO -f AUTH + ... + + Match Group sftpgroup + ChrootDirectory /sftp/%u + ForceCommand internal-sftp + ``` + + >![](public_sys-resources/icon-note.gif) **说明:** + >- %u代表当前sftp用户的用户名,这是一个通配符,用户原样输入即可。 + >- 以下内容必须加在/etc/ssh/sshd\_config文件的末尾。 + > ``` + > Match Group sftpgroup + > ChrootDirectory /sftp/%u + > ForceCommand internal-sftp + > ``` + + 9. 重启SSH服务 + + ``` + systemctl restart sshd.service + ``` + + + +- SSH远程执行命令 + + OpenSSH通用机制,在远程执行命令时,默认不开启tty,如果执行需要密码的命令,密码会明文回显。出于安全考虑,建议用户增加-t选项,确保密码输入安全。如下: + + ``` + ssh -t testuser@192.168.1.100 su + ``` + + >![](public_sys-resources/icon-note.gif) **说明:** + >192.168.1.100为示例IP,testuser为示例用户。 + diff --git "a/docs/zh/docs/SecHarden/\350\264\246\346\210\267\345\217\243\344\273\244.md" "b/docs/zh/docs/SecHarden/\350\264\246\346\210\267\345\217\243\344\273\244.md" new file mode 100644 index 0000000000000000000000000000000000000000..b87327bd91dc49d349020e5211a66a37e91c31bd --- /dev/null +++ "b/docs/zh/docs/SecHarden/\350\264\246\346\210\267\345\217\243\344\273\244.md" @@ -0,0 +1,330 @@ +# 账户口令 + +- [账户口令](#账户口令) + - [屏蔽系统帐户](#屏蔽系统帐户) + - [限制使用su命令的帐户](#限制使用su命令的帐户) + - [设置口令复杂度](#设置口令复杂度) + - [设置口令有效期](#设置口令有效期) + - [设置口令的加密算法](#设置口令的加密算法) + - [登录失败超过三次后锁定](#登录失败超过三次后锁定) + - [加固su命令](#加固su命令) + + +## 屏蔽系统帐户 + +### 说明 + +除了用户帐户外,其他账号称为系统账户。系统账户仅系统内部使用,禁止用于登录系统或其他操作,因此屏蔽系统账户。 + +### 实现 + +将系统帐户的Shell修改为/sbin/nologin。 + +``` +usermod -L -s /sbin/nologin $systemaccount +``` + +>![](public_sys-resources/icon-note.gif) **说明:** +> $systemaccount 指系统帐户。 + +## 限制使用su命令的帐户 + +### 说明 + +su命令用于在不同帐户之间切换。为了增强系统安全性,有必要对su命令的使用权进行控制,只允许root和wheel群组的帐户使用su命令,限制其他帐户使用。 + +### 实现 + +su命令的使用控制通过修改/etc/pam.d/su文件实现,配置如下: + +``` +auth required pam_wheel.so use_uid +``` + +**表 1** pam\_wheel.so配置项说明 + + + + + + + + + + +

配置项

+

说明

+

use_uid

+

基于当前帐户的uid。

+
+ +## 设置口令复杂度 + +### 说明 + +用户可以通过修改对应配置文件设置口令的复杂度要求,建议用户根据实际情况设置口令复杂度。 + +### 实现 + +口令复杂度通过/etc/pam.d/password-auth和/etc/pam.d/system-auth文件中的pam\_pwquality.so和pam\_pwhistory.so模块实现。用户可以通过修改这两个模块中的配置项修改口令复杂度要求。 + +### 设置举例 + +这里给出一个配置口令复杂度的例子,供用户参考。 + +**密码复杂度要求** + +1. 口令长度至少8个字符。 +2. 口令必须包含如下至少3种字符的组合: + + -至少一个小写字母 + + -至少一个大写字母 + + -至少一个数字 + + -至少一个特殊字符:\`\~!@\#$%^&\*\(\)-\_=+\\|\[\{\}\];:'",<.\>/?和空格 + +3. 口令不能和帐号或者帐号的倒写一样。 +4. 不能修改为过去5次使用过的旧口令。 + +**配置实现** + +在/etc/pam.d/password-auth和/etc/pam.d/system-auth文件中添加如下配置内容: + +``` +password requisite pam_pwquality.so minlen=8 minclass=3 enforce_for_root try_first_pass local_users_only retry=3 dcredit=0 ucredit=0 lcredit=0 ocredit=0 +password required pam_pwhistory.so use_authtok remember=5 enforce_for_root +``` + +**配置项说明** + +pam\_pwquality.so和pam\_pwhistory.so的配置项请分别参见[表5](#table201221044172117)和[表6](#table1212544452120)。 + +**表 2** pam\_pwquality.so配置项说明 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

配置项

+

说明

+

minlen=8

+

口令长度至少包含8个字符

+

minclass=3

+

口令至少包含大写字母、小写字母、数字和特殊字符中的任意3种

+

ucredit=0

+

口令包含任意个大写字母

+

lcredit=0

+

口令包含任意个小写字母

+

dcredit=0

+

口令包含任意个数字

+

ocredit=0

+

口令包含任意个特殊字符

+

retry=3

+

每次修改最多可以尝试3次

+

enforce_for_root

+

本设置对root帐户同样有效

+
+ +**表 3** pam\_pwhistory.so配置项说明 + + + + + + + + + + + + + +

配置项

+

说明

+

remember=5

+

口令不能修改为过去5次使用过的旧口令

+

enforce_for_root

+

本设置对root帐户同样有效

+
+ +## 设置口令有效期 + +### 说明 + +出于系统安全性考虑,建议设置口令有效期限,且口令到期前通知用户更改口令。 + +### 实现 + +口令有效期的设置通过修改/etc/login.defs文件实现,加固项如[表7](#zh-cn_topic_0152100281_t77b5d0753721450c81911c18b74e82eb)所示。表中所有的加固项都在文件/etc/login.defs中。表中字段直接通过修改配置文件完成。 + +**表 4** login.defs配置项说明所示 + + + + + + + + + + + + + + + + + + + + + + + + +

加固项

+

加固项说明

+

建议加固

+

openEuler默认是否已加固为建议值

+

PASS_MAX_DAYS

+

口令最大有效期

+

90

+

+

PASS_MIN_DAYS

+

两次修改口令的最小间隔时间

+

0

+

+

PASS_WARN_AGE

+

口令过期前开始提示天数

+

7

+

+
+ +>![](public_sys-resources/icon-note.gif) **说明:** +>login.defs是设置用户帐号限制的文件,可配置口令的最大过期天数、最大长度约束等。该文件里的配置对root用户无效。如果/etc/shadow文件里有相同的选项,则以/etc/shadow配置为准,即/etc/shadow的配置优先级高于/etc/login.defs。口令过期后用户重新登录时,提示口令过期并强制要求修改,不修改则无法进入系统。 + +## 设置口令的加密算法 + +### 说明 + +出于系统安全考虑,口令不允许明文存储在系统中,应该加密保护。在不需要还原口令的场景,必须使用不可逆算法加密。设置口令的加密算法为sha512,openEuler默认已设置。通过上述设置可以有效防范口令泄露,保证口令安全。 + +### 实现 + +口令的加密算法设置通过修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件实现,添加如下配置: + +``` +password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok +``` + +**表 5** pam\_unix.so配置项说明 + + + + + + + + + + +

配置项

+

说明

+

sha512

+

使用sha512算法对口令加密。

+
+ +## 登录失败超过三次后锁定 + +### 说明 + +为了保障用户系统的安全,建议用户设置口令出错次数的阈值(建议3次),以及由于口令尝试被锁定用户的自动解锁时间(建议300秒)。 + +用户锁定期间,任何输入被判定为无效,锁定时间不因用户的再次输入而重新计时;解锁后,用户的错误输入记录被清空。通过上述设置可以有效防范口令被暴力破解,增强系统的安全性。 + +>![](public_sys-resources/icon-note.gif) **说明:** +>openEuler默认口令出错次数的阈值为3次,系统被锁定后自动解锁时间为60秒。 + +### 实现 + +口令复杂度的设置通过修改/etc/pam.d/password-auth和/etc/pam.d/system-auth文件实现,设置口令最大的出错次数3次,系统锁定后的解锁时间为300秒的配置如下: + +``` +auth required pam_faillock.so preauth audit deny=3 even_deny_root unlock_time=300 +auth [default=die] pam_faillock.so authfail audit deny=3 even_deny_root unlock_time=300 +auth sufficient pam_faillock.so authsucc audit deny=3 even_deny_root unlock_time=300 +``` + +**表 6** pam\_faillock.so配置项说明 + + + + + + + + + + + + + + + + + + + +

配置项

+

说明

+

authfail

+

捕获用户登录失败的事件。

+

deny=3

+

用户连续登录失败次数超过3次即被锁定。

+

unlock_time=300

+

普通用户自动解锁时间为300秒(即5分钟)。

+

even_deny_root

+

同样限制root帐户。

+
+ +## 加固su命令 + +### 说明 + +为了增强系统安全性,防止使用“su”切换用户时将当前用户环境变量带入其他环境,openEuler默认已做配置。总是在使用su切换用户时初始化PATH。 + +### 实现 + +通过修改/etc/login.defs实现,配置如下: + +``` +ALWAYS_SET_PATH=yes +``` diff --git "a/docs/zh/docs/SecHarden/\351\231\204\345\275\225.md" "b/docs/zh/docs/SecHarden/\351\231\204\345\275\225.md" new file mode 100644 index 0000000000000000000000000000000000000000..e5711922813d45488e7fc299c724c80259caad80 --- /dev/null +++ "b/docs/zh/docs/SecHarden/\351\231\204\345\275\225.md" @@ -0,0 +1,38 @@ +# 附录 + +介绍文件权限的含义和umask值的含义。 + + + +- [附录](#附录) + - [文件和目录权限含义](#文件和目录权限含义) + - [umask值含义](#umask值含义) + + + + + +## 文件和目录权限含义 + +Linux系统中文件和目录权限用于限定谁能通过何种方式对文件和目录进行访问和操作。文件和目录的访问权限分为只读,只写和可执行三种。 + +有三种不同类型的用户可对文件和目录进行访问: + +- 文件所有者:文件的创建者。 +- 同组用户:与文件所有者在同一个属组的用户。 +- 其他用户:与文件所有者不在同一个属组的用户。 + +文件和目录的权限含义通过以下例子说明: + +假设/usr/src的权限为755,将每位数字转化为二进制后为:111101101,含义如下: + +- 左侧三个bit位111表示文件所有者的权限依次为:可读、可写、可执行。 +- 中间三个bit位101表示同组用户的权限依次为:可读、不可写、可执行。 +- 右侧三个bit位101表示其他用户的权限依次为:可读、不可写、可执行。 + +## umask值含义 + +当用户新创建文件或目录时,该文件或目录具有一个缺省权限。该缺省权限由umask值来指定。 + +umask值代表的是权限的“补码”,即用缺省最大权限值减去umask值得到实际权限值。文件的缺省最大权限为可读可写,目录的缺省最大权限为可读可写可执行。即一个文件的实际缺省权限为666减去umask值。目录的实际缺省权限为777减去umask值。 + diff --git a/docs/zh/docs/Virtualization/LibcarePlus.md b/docs/zh/docs/Virtualization/LibcarePlus.md new file mode 100644 index 0000000000000000000000000000000000000000..089b0c0bab0d219ce1a62e752125d92a8ec24f09 --- /dev/null +++ b/docs/zh/docs/Virtualization/LibcarePlus.md @@ -0,0 +1,367 @@ +# LibcarePlus + +[[toc]] + +## 概述 + +LibcarePlus 是一个用户态进程热补丁框架,可以在不重启进程的情况下对 Linux 系统上运行的目标进程进行热补丁操作。热补丁可以应用于 CVE 漏洞修复,也可以应用于不中断应用服务的紧急 bug 修复。 + +## 软硬件要求 + +在 openEuler 上使用 LibcarePlus,需要满足一定的软硬件要求: + +- 当前仅支持 x86 体系架构。 + +- LibcarePlus 可以在任何支持安装 **libunwind**、 **elfutils** 以及 **binutils** 的 Linux 发行版系统上运行。但目前仅在 openEuler 20.03 LTS SP1 版本进行了验证。 + + +## 注意事项和约束 + +使用 LibcarePlus,需遵循以下热补丁规范和约束: + +- 仅支持对 C 语言编写的代码,不支持汇编语言等。 +- 仅支持用户态程序,不支持动态库打补丁。 +- 代码文件名必须符合 C 语言标识符命名规范:由字母(A-Z,a-z)、数字 (0-9)、下划线“_”组成;并且首字符不能是数字,但可以是字母或者下划线;不能包含“-”、“$”等特殊符号。 +- 不支持增量补丁,即必须卸载原有补丁才能加载第二个补丁。 +- 不支持补丁自动加载。 +- 不支持补丁查询。 +- 被打热补丁的目标函数的出参和入参不能增加和删除。 +- 静态函数补丁受限于系统中能找到该函数的符号表。 +- 动态库热补丁只能对调用这个动态库的进程打补丁。 +- 以下场景不支持热补丁: + - 死循环函数、不退出函数、inline 函数、初始化函数、NMI 中断处理函数 + - 替换全局变量 + - 修改头文件 + - 数据结构成员变化(新增、删除、修改) + - 动态库、静态函数、静态变量 + - 修改全局变量、TLS 变量、RCU 变量 + - 修改包含 __LINE__ , __FILE__ 等gcc编译宏的 C 文件 + - 修改 intel 矢量汇编指令 + + + +## 安装 LibcarePlus + +### 安装软件依赖 + +LibcarePlus 运行依赖于 **libunwind**、 **elfutils** 和 **binutils**,在配置了 yum 源的 openEuler 系统上,可以参考如下命令安装 LibcarePlus 的依赖软件。 + +``` shell +$ sudo yum install -y binutils elfutils elfutils-libelf-devel libunwind-devel +``` + +#### 安装 LibcarePlus + +```shell +$ yum install LibcarePlus -y +``` + +查看安装是否成功: + +``` shell +$ libcare-ctl -help +usage: libcare-ctl [options] [args] + +Options: + -v - verbose mode + -h - this message + +Commands: + patch - apply patch to a user-space process + unpatch- unapply patch from a user-space process + info - show info on applied patches + server - listen on a unix socket for commands +``` + +## 制作 LibcarePlus 热补丁 + +### 概述 + +LibcarePlus 支持如下方式制作热补丁: + +- 手动制作 +- 通过脚本制作 + +手动制作热补丁的过程繁琐,对于代码量较大的工程,例如QEMU,手动制作热补丁极其困难。建议使用 LibcarePlus 自带脚本一键式地生成热补丁文件。 + +#### 手动制作 + +本节以原文件 foo.c 和补丁文件 bar.c 为例,给出手动制作热补丁的指导。 + +1. 准备 C 语言编写的原文件和补丁文件。例如原文件 foo.c 和补丁文件 bar.c 。 + +
+ 点击展开 foo.c +

+ + ``` c + // foo.c + #include + #include + + void print_hello(void) + { + printf("Hello world!\n"); + } + + int main(void) + { + while (1) { + print_hello(); + sleep(1); + } + } + ``` + +

+
+ +
+ 点击展开 bar.c +

+ + ``` c + // bar.c + #include + #include + + void print_hello(void) + { + printf("Hello world %s!\n", "being patched"); + } + + int main(void) + { + while (1) { + print_hello(); + sleep(1); + } + } + ``` + +

+
+ +2. 编译得到原文件和补丁文件的汇编文件 **foo.s** 和 **bar.s**,参考命令如下: + + ``` shell + $ gcc -S foo.c + $ gcc -S bar.c + $ ls + bar.c bar.s foo.c foo.s + ``` + + +3. 使用 **kpatch_gensrc** 对比 foo.s 和 bar.s 差异,生成包含原文件的汇编内容和差异内容的 foobar.s,参考命令如下: + + ``` shell + $ sed -i 's/bar.c/foo.c/' bar.s + $ kpatch_gensrc --os=rhel6 -i foo.s -i bar.s -o foobar.s --force-global + ``` + + 由于 **kpatch_gensrc** 默认对同一 C 语言原文件进行对比,所以对比前需要使用 sed 命令将补丁汇编文件 bar.s 中的 bar.c 改为原文件名称 foo.c。随后调用 **kpatch_gensrc**,指定输入文件为 foo.s 与 bar.s,输出文件为 foobar.s。 + +4. 编译原文件的汇编文件 foo.s 和生成的汇编文件 foobar.s,得到可执行文件 foo 和 foobar,参考命令如下: + + ``` shell + $ gcc -o foo foo.s + $ gcc -o foobar foobar.s -Wl,-q + ``` + + + +5. 利用 **kpatch_strip** 去除可执行程序 foo 和 foobar 的相同内容,保留制作热补丁所需要的内容。 + + ``` shell + $ kpatch_strip --strip foobar foobar.stripped + $ kpatch_strip --rel-fixup foo foobar.stripped + $ strip --strip-unneeded foobar.stripped + $ kpatch_strip --undo-link foo foobar.stripped + ``` + + 上述命令中的各参数含义为: + + - **--strip** 用于去除 foobar 中对于补丁制作无用的 section; + - **--rel-fixup** 用于修复补丁内所访问的变量以及函数的地址; + - **strip --strip-unneeded** 用于去除对于热补丁重定位操作无用的符号信息; + - **--undo-link** 用于将补丁内符号的地址从绝对地址更改为相对地址。 + +6. 制作热补丁文件。 + + 通过以上操作,已经得到了热补丁制作所需的主要内容。接下来需要使用 **kpatch_make** 将原可执行文件的 **Build ID** 以及 **kpatch_strip ** 的输出文件 **foobar.stripped** 作为参数传递给 **kpatch_make**,最终生成热补丁文件,参考命令如下: + + ``` shell + $ str=$(readelf -n foo | grep 'Build ID') + $ substr=${str##* } + $ kpatch_make -b $substr foobar.stripped -o foo.kpatch + $ ls + bar.c bar.s foo foobar foobar.s foobar.stripped foo.c foo.kpatch foo.s + ``` + + 至此,就得到了最终的热补丁文件 foo.kpatch。 + +#### 通过脚本制作 + +本节介绍如何利用 LibcarePlus 自带的 **libcare-patch-make** 脚本制作热补丁文件,仍以原文件 foo.c 和补丁文件 bar.c 为例。 + +1. 利用 diff 命令生成 foo.c 和 bar.c 的对比文件,命令如下所示: + + ``` shell + $ diff -up foo.c bar.c > foo.patch + ``` + + foo.patch 文件内容如下所示: + +
+ 点击展开 foo.patch +

+ + + ``` diff + --- foo.c 2020-12-09 15:39:51.159632075 +0800 + +++ bar.c 2020-12-09 15:40:03.818632220 +0800 + @@ -1,10 +1,10 @@ + -// foo.c + +// bar.c + #include + #include + + void i_m_being_patched(void) + { + - printf("i'm unpatched!\n"); + + printf("you patched my %s\n", "tralala"); + } + + int main(void) + ``` + +

+
+ + +2. 编写编译 foo.c 的 MakeFile 文件,具体如下所示: + +
+ 点击展开 MakeFile +

+ + ``` makefile + all: foo + + foo: foo.c + $(CC) -o $@ $< + + clean: + rm -f foo + + install: foo + mkdir $$DESTDIR || : + cp foo $$DESTDIR + ``` + +

+
+ + +3. 编写好 MakeFile 之后,直接调用 **libcare-patch-make** 即可。若 **libcare-patch-make** 询问选择哪个文件进行打补丁操作,输入原文件名即可,具体如下所示: + + ``` shell + $ libcare-patch-make --clean foo.patch + rm -f foo + BUILDING ORIGINAL CODE + /usr/local/bin/libcare-cc -o foo foo.c + INSTALLING ORIGINAL OBJECTS INTO /libcareplus/test/lpmake + mkdir $DESTDIR || : + cp foo $DESTDIR + applying foo.patch... + can't find file to patch at input line 3 + Perhaps you used the wrong -p or --strip option? + The text leading up to this was: + -------------------------- + |--- foo.c 2020-12-10 09:43:04.445375845 +0800 + |+++ bar.c 2020-12-10 09:48:36.778379648 +0800 + -------------------------- + File to patch: foo.c + patching file foo.c + BUILDING PATCHED CODE + /usr/local/bin/libcare-cc -o foo foo.c + INSTALLING PATCHED OBJECTS INTO /libcareplus/test/.lpmaketmp/patched + mkdir $DESTDIR || : + cp foo $DESTDIR + MAKING PATCHES + Fixing up relocation printf@@GLIBC_2.2.5+fffffffffffffffc + Fixing up relocation print_hello+0 + patch for /libcareplus/test/lpmake/foo is in /libcareplus/test/patchroot/700297b7bc56a11e1d5a6fb564c2a5bc5b282082.kpatch + ``` + + 执行成功之后,输出显示:热补丁文件位于当前目录的 **patchroot** 目录下,可执行文件则在 **lpmake** 目录下。脚本生成的热补丁文件默认是采用 Build ID 作为热补丁文件的文件名。 + + + +## 应用 LibcarePlus 热补丁 + +本节以原文件 **foo.c** 和补丁文件 **bar.c** 为例,介绍 LibcarePlus 热补丁的应用指导。 + +### 前期准备 + +应用 LibcarePlus 热补丁之前,需要提前准备好原可执行程序 foo、以及热补丁文件 foo.kpatch。 + +### 加载热补丁 + +本节介绍应用 LibcarePlus 热补丁的具体流程。 + +1. 首先在第一个 shell 窗口运行需要打补丁的可执行程序,如下所示: + + ``` shell + $ ./lpmake/foo + Hello world! + Hello world! + Hello world! + ``` + +2. 随后在第二个 shell 窗口运行 **libcare-ctl** 应用热补丁,命令如下所示: + + ``` shell + $ libcare-ctl -v patch -p $(pidof foo) ./foo.kpatch + ``` + + 若此时热补丁应用成功,第二个 shell 窗口会有如下输出: + + ``` shell + 1 patch hunk(s) have been successfully applied to PID '10999' + ``` + + 而第一个 shell 窗口内运行的目标进程则会出现如下输出: + + ``` shell + Hello world! + Hello world! + Hello world being patched! + Hello world being patched! + ``` + + +### 卸载热补丁 + +本节介绍卸载 LibcarePlus 热补丁的具体流程。 + +1. 在第二个 shell 窗口执行如下命令: + + ``` shell + $ libcare-ctl unpatch -p $(pidof foo) + ``` + + 此时若热补丁卸载成功,第二个 shell 窗口会有如下输出: + + ``` shell + 1 patch hunk(s) were successfully cancelled from PID '10999' + ``` + +2. 第一个 shell 窗口内运行的目标进程则会出现如下输出: + + ``` shell + Hello world being patched! + Hello world being patched! + Hello world! + Hello world! + ``` diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP1.png b/docs/zh/docs/Virtualization/figures/CertEnrollP1.png new file mode 100644 index 0000000000000000000000000000000000000000..536e0618a3ab5b70937292205242a08237e34712 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP1.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP2.png b/docs/zh/docs/Virtualization/figures/CertEnrollP2.png new file mode 100644 index 0000000000000000000000000000000000000000..0557c8782960188dbe9d84a1d0e66c9b45d2b303 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP2.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP3.png b/docs/zh/docs/Virtualization/figures/CertEnrollP3.png new file mode 100644 index 0000000000000000000000000000000000000000..326fcf1e8d5e3c795ebcde286d8e0fef14bec7d1 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP3.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP4.png b/docs/zh/docs/Virtualization/figures/CertEnrollP4.png new file mode 100644 index 0000000000000000000000000000000000000000..bc77c038e1e3a5ec30d7ba4f805ca937792e9327 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP4.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP5.png b/docs/zh/docs/Virtualization/figures/CertEnrollP5.png new file mode 100644 index 0000000000000000000000000000000000000000..0f22b3cbd84f7c93f74898a926bc3e32f231667f Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP5.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP6.png b/docs/zh/docs/Virtualization/figures/CertEnrollP6.png new file mode 100644 index 0000000000000000000000000000000000000000..08235013ca71f1ec51e9af2f143629d1a6132fe9 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP6.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP7.png b/docs/zh/docs/Virtualization/figures/CertEnrollP7.png new file mode 100644 index 0000000000000000000000000000000000000000..f934521d59dd4a75449fcb2ca8abc54045b9102b Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP7.png differ diff --git a/docs/zh/docs/Virtualization/figures/CertEnrollP8.png b/docs/zh/docs/Virtualization/figures/CertEnrollP8.png new file mode 100644 index 0000000000000000000000000000000000000000..9a8158e3378bf25dee05b892cc60f424542455d7 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/CertEnrollP8.png differ diff --git a/docs/zh/docs/Virtualization/figures/OSBootFlow.png b/docs/zh/docs/Virtualization/figures/OSBootFlow.png new file mode 100644 index 0000000000000000000000000000000000000000..f9c03c86df145636015efaeab4dc076f62754cd9 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/OSBootFlow.png differ diff --git a/docs/zh/docs/Virtualization/figures/SecureBootFlow.png b/docs/zh/docs/Virtualization/figures/SecureBootFlow.png new file mode 100644 index 0000000000000000000000000000000000000000..e76a800931ed6da2af3515d3d9d44388e3d11c01 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/SecureBootFlow.png differ diff --git "a/content/zh/docs/Virtualization/figures/KVM\346\236\266\346\236\204\345\233\276.png" b/docs/zh/docs/Virtualization/figures/kvm-architecture.png similarity index 100% rename from "content/zh/docs/Virtualization/figures/KVM\346\236\266\346\236\204\345\233\276.png" rename to docs/zh/docs/Virtualization/figures/kvm-architecture.png diff --git "a/content/zh/docs/Virtualization/figures/\347\212\266\346\200\201\350\275\254\346\215\242\345\233\276.png" b/docs/zh/docs/Virtualization/figures/status-transition-diagram.png similarity index 100% rename from "content/zh/docs/Virtualization/figures/\347\212\266\346\200\201\350\275\254\346\215\242\345\233\276.png" rename to docs/zh/docs/Virtualization/figures/status-transition-diagram.png diff --git "a/content/zh/docs/Virtualization/figures/\350\231\232\346\213\237\347\275\221\347\273\234\347\273\223\346\236\204\345\233\276.png" b/docs/zh/docs/Virtualization/figures/virtual-network-structure.png similarity index 100% rename from "content/zh/docs/Virtualization/figures/\350\231\232\346\213\237\347\275\221\347\273\234\347\273\223\346\236\204\345\233\276.png" rename to docs/zh/docs/Virtualization/figures/virtual-network-structure.png diff --git "a/content/zh/docs/Virtualization/figures/\350\231\232\346\213\237\345\214\226\346\236\266\346\236\204.png" b/docs/zh/docs/Virtualization/figures/virtualized-architecture.png similarity index 100% rename from "content/zh/docs/Virtualization/figures/\350\231\232\346\213\237\345\214\226\346\236\266\346\236\204.png" rename to docs/zh/docs/Virtualization/figures/virtualized-architecture.png diff --git a/docs/zh/docs/Virtualization/figures/zh-cn_image_0218587435.png b/docs/zh/docs/Virtualization/figures/zh-cn_image_0218587435.png new file mode 100644 index 0000000000000000000000000000000000000000..d245d48dc07e2b01734e21ec1952e89fa9269bdb Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/zh-cn_image_0218587435.png differ diff --git a/docs/zh/docs/Virtualization/figures/zh-cn_image_0218587436.png b/docs/zh/docs/Virtualization/figures/zh-cn_image_0218587436.png new file mode 100644 index 0000000000000000000000000000000000000000..a32856aa08e459ed0f51f8fcf4c2f51511c12095 Binary files /dev/null and b/docs/zh/docs/Virtualization/figures/zh-cn_image_0218587436.png differ diff --git a/docs/zh/docs/Virtualization/public_sys-resources/icon-caution.gif b/docs/zh/docs/Virtualization/public_sys-resources/icon-caution.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/Virtualization/public_sys-resources/icon-caution.gif differ diff --git a/docs/zh/docs/Virtualization/public_sys-resources/icon-danger.gif b/docs/zh/docs/Virtualization/public_sys-resources/icon-danger.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/Virtualization/public_sys-resources/icon-danger.gif differ diff --git a/docs/zh/docs/Virtualization/public_sys-resources/icon-note.gif b/docs/zh/docs/Virtualization/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/Virtualization/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/docs/Virtualization/public_sys-resources/icon-notice.gif b/docs/zh/docs/Virtualization/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/docs/Virtualization/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/docs/Virtualization/public_sys-resources/icon-tip.gif b/docs/zh/docs/Virtualization/public_sys-resources/icon-tip.gif new file mode 100644 index 0000000000000000000000000000000000000000..93aa72053b510e456b149f36a0972703ea9999b7 Binary files /dev/null and b/docs/zh/docs/Virtualization/public_sys-resources/icon-tip.gif differ diff --git a/docs/zh/docs/Virtualization/public_sys-resources/icon-warning.gif b/docs/zh/docs/Virtualization/public_sys-resources/icon-warning.gif new file mode 100644 index 0000000000000000000000000000000000000000..6e90d7cfc2193e39e10bb58c38d01a23f045d571 Binary files /dev/null and b/docs/zh/docs/Virtualization/public_sys-resources/icon-warning.gif differ diff --git a/content/zh/docs/Virtualization/virtualization.md b/docs/zh/docs/Virtualization/virtualization.md similarity index 100% rename from content/zh/docs/Virtualization/virtualization.md rename to docs/zh/docs/Virtualization/virtualization.md diff --git a/docs/zh/docs/Virtualization/vmtop.md b/docs/zh/docs/Virtualization/vmtop.md new file mode 100644 index 0000000000000000000000000000000000000000..026b9c4dc8706105ced805ce7257294f42b775de --- /dev/null +++ b/docs/zh/docs/Virtualization/vmtop.md @@ -0,0 +1,138 @@ +# vmtop使用指南 + +[[toc]] + +## 概述 +vmtop 是运行在宿主机host上的用户态工具。使用vmtop可以实时动态地查看虚拟机资源的使用情况,例如CPU占用率、内存占用率、vCPU陷入陷出次数等。因此,可以使用vmtop作为虚拟化问题定位和性能调优的工具。 + +vmtop监控项如下(采样差:指定时间间隔内获取的两次数据的差值): +- VM/task-name: 虚拟机/进程名称 +- DID: 虚拟机id +- PID: 虚拟机qemu进程的pid +- %CPU: 进程的CPU占用率 +- EXThvc: hvc-exit次数(采样差) +- EXTwfe: wfe-exit次数(采样差) +- EXTwfi: wfi-exit次数(采样差) +- EXTmmioU: mmioU-exit次数(采样差) +- EXTmmioK: mmioK-exit次数(采样差) +- EXTfp: fp-exit次数(采样差) +- EXTirq: irq-exit次数(采样差) +- EXTsys64: sys64 exit次数(采样差) +- EXTmabt: mem abort exit次数(采样差) +- EXTsum: kvm exit总次数(采样差) +- S: 进程状态 +- P: 进程所占用的物理CPU +- %ST: 被抢占时间与cpu运行时间的比,kvm数据 +- %GUE: 虚拟机内部占用时间与CPU运行时间的比,kvm数据 +- %HYP: 虚拟化开销占比,kvm数据 + +## 使用方法 +vmtop是一款命令行工具,直接以命令行的方式运行 vmtop 即可。 +另外,vmtop还提供了不同可选选项,用于查询不同信息。 + +### 语法格式 +```sh +vmtop [选项] +``` + +### 选项说明 +- -d: 设置显示刷新的时间间隔,单位:秒 +- -H: 显示虚拟机的线程信息 +- -n: 设置显示刷新的次数,刷新完成后退出 +- -b: Batch模式显示,可以用于重定向到文件 +- -h: 显示帮助信息 +- -v: 显示版本 + +### 快捷键 +在vmtop运行状态下使用的快捷键 +- H: 显示或关闭虚拟机线程信息,默认显示该信息 +- up/down: 向上/向下移动显示的虚拟机列表 +- left/right: 向左/向右移动显示的信息,从而显示因屏幕宽度被隐藏的列 +- f: 进入监控项编辑模式,选择要开启的监控项 +- q: 退出vmtop进程 + +## 示例 +在host上直接以命令行的方式运行vmtop +```sh +vmtop +``` +输出如下: +```sh +vmtop - 2020-09-14 09:54:48 - 1.0 +Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P %ST %GUE %HYP + 2 example 4054916 13.0 0 0 1206 10 0 144 62 174 0 1452 S 106 0.0 99.7 16.0 +``` +可以看到,host上只有一台名称为“example”的虚拟机,ID为2,CPU占用率是13.0%,在1秒内的陷入陷出总次数是1452,虚拟机进程占用的物理CPU为106号CPU,虚拟机内部占用时间与CPU运行时间的比是99.7%。 + +1.显示虚拟机线程信息 +按下‘H’后可以显示线程信息: +```sh +vmtop - 2020-09-14 10:11:27 - 1.0 +Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P %ST %GUE %HYP + 2 example 4054916 13.0 0 0 1191 17 4 120 76 147 0 1435 S 119 0.0 123.7 4.0 + |_ qemu-kvm 4054916 0.0 0 0 0 0 0 0 0 0 0 0 S 119 0.0 0.0 0.0 + |_ qemu-kvm 4054928 0.0 0 0 0 0 0 0 0 0 0 0 S 119 0.0 0.0 0.0 + |_ signalfd_com 4054929 0.0 0 0 0 0 0 0 0 0 0 0 S 120 0.0 0.0 0.0 + |_ IO mon_iothr 4054932 0.0 0 0 0 0 0 0 0 0 0 0 S 117 0.0 0.0 0.0 + |_ CPU 0/KVM 4054933 3.0 0 0 280 6 4 28 19 41 0 350 S 105 0.0 27.9 0.0 + |_ CPU 1/KVM 4054934 3.0 0 0 260 0 0 16 12 36 0 308 S 31 0.0 20.0 0.0 + |_ CPU 2/KVM 4054935 3.0 0 0 341 0 0 44 20 26 0 387 R 108 0.0 27.9 4.0 + |_ CPU 3/KVM 4054936 5.0 0 0 310 11 0 32 25 44 0 390 S 103 0.0 47.9 0.0 + |_ memory_lock 4054940 0.0 0 0 0 0 0 0 0 0 0 0 S 126 0.0 0.0 0.0 + |_ vnc_worker 4054944 0.0 0 0 0 0 0 0 0 0 0 0 S 118 0.0 0.0 0.0 + |_ worker 4143738 0.0 0 0 0 0 0 0 0 0 0 0 S 120 0.0 0.0 0.0 +``` +example虚拟机有11个线程,其中包括vCPU线程、vnc_worker、IO mon_iotreads等等,每个线程同样会显示详细CPU占用、陷入陷出等信息。 + +2.选择监控项 +输入‘f’进入监控项编辑模式: +```sh +field filter - select which field to be showed +Use up/down to navigate, use space to set whether chosen filed to be showed +'q' to quit to normal display + + * DID + * VM/task-name + * PID + * %CPU + * EXThvc + * EXTwfe + * EXTwfi + * EXTmmioU + * EXTmmioK + * EXTfp + * EXTirq + * EXTsys64 + * EXTmabt + * EXTsum + * S + * P + * %ST + * %GUE + * %HYP +``` +当前所有监控项都默认显示,通过up/down键选择,用space键来设置,按‘q’键退出。 +将%ST、%GUE、%HYP设置为隐藏后,输出如下: +```sh +vmtop - 2020-09-14 10:23:25 - 1.0 +Domains: 1 running + + DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P + 2 example 4054916 12.0 0 0 1213 14 1 144 68 168 0 1464 S 125 + |_ qemu-kvm 4054916 0.0 0 0 0 0 0 0 0 0 0 0 S 125 + |_ qemu-kvm 4054928 0.0 0 0 0 0 0 0 0 0 0 0 S 119 + |_ signalfd_com 4054929 0.0 0 0 0 0 0 0 0 0 0 0 S 120 + |_ IO mon_iothr 4054932 0.0 0 0 0 0 0 0 0 0 0 0 S 117 + |_ CPU 0/KVM 4054933 2.0 0 0 303 6 0 29 10 35 0 354 S 98 + |_ CPU 1/KVM 4054934 4.0 0 0 279 0 0 39 17 49 0 345 S 1 + |_ CPU 2/KVM 4054935 3.0 0 0 283 0 0 33 20 40 0 343 S 122 + |_ CPU 3/KVM 4054936 3.0 0 0 348 8 1 43 21 44 0 422 S 110 + |_ memory_lock 4054940 0.0 0 0 0 0 0 0 0 0 0 0 S 126 + |_ vnc_worker 4054944 0.0 0 0 0 0 0 0 0 0 0 0 S 118 + |_ worker 1794 0.0 0 0 0 0 0 0 0 0 0 0 S 126 +``` +%ST、%GUE、%HYP将不会出现在显示界面上。 diff --git "a/content/zh/docs/Virtualization/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" "b/docs/zh/docs/Virtualization/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" similarity index 98% rename from "content/zh/docs/Virtualization/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" rename to "docs/zh/docs/Virtualization/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" index a8f6b5340b4e8409187aabab0a618890f04f89f3..2d65647994d3c8720fe4721e4fc2af564642ecf2 100644 --- "a/content/zh/docs/Virtualization/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" +++ "b/docs/zh/docs/Virtualization/\345\207\206\345\244\207\344\275\277\347\224\250\347\216\257\345\242\203.md" @@ -58,7 +58,7 @@ 例如,查询openEuler-image.qcow2镜像磁盘空间大小的命令和回显如下,说明该镜像磁盘空间大小为4GiB。 ``` - $ qemu-img info openEuler-image.qcow2 + $ qemu-img info openEuler-image.qcow2 image: openEuler-image.qcow2 file format: qcow2 virtual size: 4.0G (4294967296 bytes) @@ -93,7 +93,7 @@ 例如,上述openEuler-image.qcow2镜像磁盘空间已扩展到24GiB,命令和回显如下: ``` - $ qemu-img info openEuler-image.qcow2 + $ qemu-img info openEuler-image.qcow2 image: openEuler-image.qcow2 file format: qcow2 virtual size: 24G (25769803776 bytes) @@ -116,7 +116,7 @@ 本节给出搭建Linux网桥和Open vSwitch网桥的方法,使虚拟机连接到网络,用户可以根据情况选择搭建网桥的类型。 **图 1** 虚拟网络结构图 -![](figures/虚拟网络结构图.png "虚拟网络结构图") +![](./figures/virtual-network-structure.png) ### 搭建Linux网桥 @@ -392,10 +392,7 @@ openEuler虚拟化使用virsh管理虚拟机。如果希望在非root用户使 ``` export LIBVIRT_DEFAULT_URI="qemu:///system" ``` - 执行如下命令,使配置生效。 - ``` - $ source ~/.bashrc - ``` + 5. 在虚拟机XML配置文件中的domain根元素中添加如下内容,使qemu-kvm进程可以访问磁盘镜像文件。 ``` diff --git "a/content/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226.md" "b/docs/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226.md" similarity index 98% rename from "content/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226.md" rename to "docs/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226.md" index c8ab1946b98e428ef417ec4283560a9556783606..a5fa839014d0350c8db502803a811d97be212b4a 100644 --- "a/content/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226.md" +++ "b/docs/zh/docs/Virtualization/\345\256\211\350\243\205\350\231\232\346\213\237\345\214\226.md" @@ -53,7 +53,7 @@ ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >KVM模块已经集成在openEuler内核中,因此不需要单独安装。 ### 验证安装是否成功 diff --git "a/docs/zh/docs/Virtualization/\345\267\245\345\205\267\344\275\277\347\224\250\346\214\207\345\215\227.md" "b/docs/zh/docs/Virtualization/\345\267\245\345\205\267\344\275\277\347\224\250\346\214\207\345\215\227.md" new file mode 100644 index 0000000000000000000000000000000000000000..29aeea3dd189c30a37cc5cbb82c2eba96c7357a0 --- /dev/null +++ "b/docs/zh/docs/Virtualization/\345\267\245\345\205\267\344\275\277\347\224\250\346\214\207\345\215\227.md" @@ -0,0 +1 @@ +为了方便用户更好地使用虚拟化,openEuler 提供了一系列工具,包括 vmtop、LibcarePlus 等。本章介绍这些工具的安装和使用指导。 diff --git "a/content/zh/docs/Virtualization/\346\234\200\344\275\263\345\256\236\350\267\265.md" "b/docs/zh/docs/Virtualization/\346\234\200\344\275\263\345\256\236\350\267\265.md" similarity index 98% rename from "content/zh/docs/Virtualization/\346\234\200\344\275\263\345\256\236\350\267\265.md" rename to "docs/zh/docs/Virtualization/\346\234\200\344\275\263\345\256\236\350\267\265.md" index 9626b4e460a7c35d0cdffa0164f84529251dc2e6..655ebd4b7ffcd2286b909ead42db82f9499ff706 100644 --- "a/content/zh/docs/Virtualization/\346\234\200\344\275\263\345\256\236\350\267\265.md" +++ "b/docs/zh/docs/Virtualization/\346\234\200\344\275\263\345\256\236\350\267\265.md" @@ -24,7 +24,7 @@ 在计算资源充足的情况下,为使虚拟机获得接近物理机的性能,可以使用halt-polling特性。没有使用halt-polling特性时,当vCPU空闲退出后,主机会把CPU资源分配给其他进程使用。当主机开启halt-polling特性时,虚拟机vCPU处于空闲时会polling一段时间,polling的时间由具体配置决定。若该vCPU在polling期间被唤醒,可以不从主机侧调度而继续运行,减少了调度流程的开销,从而在一定程度上提高了虚拟机系统的性能。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >halt-polling的机制保证虚拟机的vCPU线程的及时响应,但在虚拟机空载的时候,主机侧也会polling,导致主机看到vCPU所在CPU占用率比较高,而实际虚拟机内部CPU占用率并不高。 #### 操作指导 @@ -317,7 +317,7 @@ qemu-ga(Qemu Guest Agent)它是运行在虚拟机内部的守护进程,它 在一些对安全要求较高的使用场景,为了防止虚拟机内部信息泄露,qemu-ga提供了黑名单功能,用户可以通过黑名单选择性屏蔽qemu-ga提供的部分功能。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >qemu-ga对应的安装包是qemu-guest-agent-xx.rpm,openEuler默认不安装。xx为实际版本号。 #### 操作方法 @@ -368,7 +368,7 @@ qemu-ga(Qemu Guest Agent)它是运行在虚拟机内部的守护进程,它 root 727 1 0 08:17 ? 00:00:00 /usr/bin/qemu-ga --method=virtio-serial --path=/dev/virtio-ports/org.qemu.guest_agent.0 --blacklist=guest-file-open guest-file-close guest-file-read guest-file-write guest-file-seek guest-file-flush -F/etc/qemu-ga/fsfreeze-hook ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >更多关于qemu-ga的资料可以参见[https://wiki.qemu.org/Features/GuestAgent](https://wiki.qemu.org/Features/GuestAgent)。 diff --git "a/content/zh/docs/Virtualization/\347\203\255\350\277\201\347\247\273\350\231\232\346\213\237\346\234\272.md" "b/docs/zh/docs/Virtualization/\347\203\255\350\277\201\347\247\273\350\231\232\346\213\237\346\234\272.md" similarity index 100% rename from "content/zh/docs/Virtualization/\347\203\255\350\277\201\347\247\273\350\231\232\346\213\237\346\234\272.md" rename to "docs/zh/docs/Virtualization/\347\203\255\350\277\201\347\247\273\350\231\232\346\213\237\346\234\272.md" diff --git "a/content/zh/docs/Virtualization/\347\256\241\347\220\206\347\263\273\347\273\237\350\265\204\346\272\220.md" "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\347\263\273\347\273\237\350\265\204\346\272\220.md" similarity index 70% rename from "content/zh/docs/Virtualization/\347\256\241\347\220\206\347\263\273\347\273\237\350\265\204\346\272\220.md" rename to "docs/zh/docs/Virtualization/\347\256\241\347\220\206\347\263\273\347\273\237\350\265\204\346\272\220.md" index fdbab66cedfa539d53f0869f2d509daf2bfb8610..5663c73a3bd69cf6632395121538d99cf06da1ca 100644 --- "a/content/zh/docs/Virtualization/\347\256\241\347\220\206\347\263\273\347\273\237\350\265\204\346\272\220.md" +++ "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\347\263\273\347\273\237\350\265\204\346\272\220.md" @@ -1,28 +1,16 @@ # 管理系统资源 -使用libvirt命令来管理虚拟机的系统资源,如vCPU、虚拟内存资源等。 +[[toc]] + +## 总体说明 + +openEuler 虚拟化使用libvirt命令来管理虚拟机的系统资源,如vCPU、虚拟内存资源等。 在开始前: - 确保主机上运行了libvirtd守护进程。 - 用virsh list --all命令确认虚拟机已经被定义。 - -- [管理系统资源](#管理系统资源) - - [管理虚拟CPU](#管理虚拟CPU) - - [CPU份额](#CPU份额) - - [绑定QEMU进程至物理CPU](#绑定QEMU进程至物理CPU) - - [调整虚拟CPU绑定关系](#调整虚拟CPU绑定关系) - - [CPU热插](#CPU热插) - - [管理虚拟内存](#管理虚拟内存) - - [NUMA简介](#NUMA简介) - - [配置Host NUMA](#配置Host-NUMA) - - [配置Guest NUMA](#配置Guest-NUMA) - - [内存热插](#内存热插) - - - - ## 管理虚拟CPU @@ -213,57 +201,87 @@ QEMU主进程绑定特性是将QEMU主进程绑定到特定的物理CPU范围内 #### 概述 -在线调整(热插)虚拟机CPU是指在虚拟机处于运行状态下,为虚拟机热插CPU而不影响虚拟机正常运行的方案。当虚拟机内部业务压力不断增大,会出现所有CPU均处于较高负载的情形。为了不影响虚拟机内的正常业务运行,可以使用CPU在线调整(热插)特性,在不关闭虚拟机情况下增加虚拟机的CPU数目,提升虚拟机的计算能力。 +在线增加(热插)虚拟机CPU是指在虚拟机处于运行状态下,为虚拟机热插CPU而不影响虚拟机正常运行的方案。当虚拟机内部业务压力不断增大,会出现所有CPU均处于较高负载的情形。为了不影响虚拟机内的正常业务运行,可以使用CPU热插功能(在不关闭虚拟机情况下增加虚拟机的CPU数目),提升虚拟机的计算能力。 #### 约束限制 -- 创建虚拟机的时候,指定的主板类型(machine)需为virt-4.1版本及以上。 -- 在配置Guest NUMA的场景中,必须把属于同一个socket的vcpu配置在同一vNode中,否则在热插CPU后可能导致虚拟机softlockup,进而可能导致panic。 -- 迁移、休眠唤醒、快照过程中均不支持虚拟机CPU热插。 +- 如果处理器为AArch64架构,创建虚拟机时指定的虚拟机芯片组类型\(machine\)需为virt-4.1或virt更高版本。如果处理器为x86\_64架构,创建虚拟机时指定的虚拟机芯片组类型\(machine\)需为pc-i440fx-1.5或pc更高版本。 +- 在配置Guest NUMA的场景中,必须把属于同一个socket的vcpu配置在同一vNode中,否则热插CPU后可能导致虚拟机softlockup,进而可能导致虚拟机panic。 +- 虚拟机在迁移、休眠唤醒、快照过程中均不支持CPU热插。 +- 虚拟机CPU热插是否自动上线取决于虚拟机操作系统自身逻辑,虚拟化层不保证热插CPU自动上线。 - CPU热插同时受限于Hypervisor和GuestOS支持的最大CPU数目。 - 虚拟机启动、关闭、重启过程中可能出现热插CPU失效的情况,但再次重启会生效。 -- 热插虚拟机CPU的时候,如果新增CPU数目不是虚拟机CPU拓扑配置项中Cores的整数倍,可能会导致虚拟机内部看到的CPU拓扑是混乱的,强烈建议每次新增的CPU数目为Cores的整数倍。 +- 热插虚拟机CPU的时候,如果新增CPU数目不是虚拟机CPU拓扑配置项中Cores的整数倍,可能会导致虚拟机内部看到的CPU拓扑是混乱的,建议每次新增的CPU数目为Cores的整数倍。 - 若需要热插CPU在线生效且在虚拟机重启后仍有效,virsh setvcpus接口中需要同时传入--config和--live选项, 将热插CPU动作持久化。 #### 操作步骤 -- 创建虚拟机时配置指定的模板 +**一、配置虚拟机XML** - 配置指定虚拟机当前的CPU数目和所支持热插的最大CPU数目上限,同时指定machine类型为virt-4.1及以上 (目前virt machine类型最高为4.1)。 +1. 使用CPU热插功能,需要在创建虚拟机时配置虚拟机当前的CPU数目、虚拟机所支持的最大CPU数目,以及虚拟机芯片组类型(对于AArch64架构,需为virt-4.1及以上版本。对于x86\_64架构,需为pc-i440fx-1.5及以上版本)。这里以AArch64架构虚拟机为例,配置模板如下: ``` - n - - hvm - + + ... + n + + hvm + + ... + ``` - 其中,m为虚拟机当前CPU数目,n为虚拟机支持热插到的最大CPU数目,且满足n大于或等于m。例如,配一个虚拟机当前CPU数目为4,最大支持的热插CPU上限为64的XML配置为: + + >![](./public_sys-resources/icon-note.gif) **说明:** + >- placement的值必须是static。 + >- m为虚拟机当前CPU数目,即虚拟机启动后默认的CPU数目。n为虚拟机支持热插到的最大CPU数目,该值不能超过Hypervisor支持的虚拟机最大CPU规格及GuestOS支持的最大CPU规格。n大于或等于m。 + + 例如,配一个虚拟机当前CPU数目为4,最大支持的热插CPU上限为64的XML配置为: ``` - 64 - - hvm - + + …… + 64 + + hvm + + …… ``` - >![](public_sys-resources/icon-note.gif) **说明:** - > placement的值必须是static;当前CPU数目是虚拟机启动后默认的CPU数目;热插CPU数目上限是虚拟机CPU热插能到达的上限值,该值不能超过Hypervisor支持的虚拟机最大CPU规格及GuestOS支持的最大CPU规格。 -- 使用virsh命令执行虚拟机CPU热插操作 - virsh进行虚拟机CPU热插操作的命令为virsh setvcpus,具体格式如下: +**二、热插并上线CPU** + +1. 如果热插CPU后需要自动上线热插的CPU,可以使用root权限在虚拟机内部创建udev rules文件/etc/udev/rules.d/99-hotplug-cpu.rules,并在其中定义udev规则,内容参考如下: ``` - virsh setvcpus [--config] [--live] + # automatically online hot-plugged cpu + ACTION=="add", SUBSYSTEM=="cpu", ATTR{online}="1" + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >如果没有使用udev rules自动上线热插CPU,可以在热插CPU后,使用root权限,参考如下命令手动上线: + >``` + >for i in `grep -l 0 /sys/devices/system/cpu/cpu*/online` + >do + > echo 1 > $i + >done + >``` - domain: 参数,必填。指定虚拟机名称。 - count: 参数,必填。指定目标CPU数量。 - --config: 选项,选填。下次启动时仍有效。 - --live: 选项,选填。在线生效。 +2. 利用virsh工具进行虚拟机CPU热插操作。例如给虚拟机openEulerVM热插CPU到6,且在线生效的参考命令如下: + + ``` + virsh setvcpus openEulerVM 6 --live ``` - >![](public_sys-resources/icon-note.gif) **说明:** - > CPU上线依赖虚拟机内部操作,故CPU热插后需要Guest内部实现CPU自动上线或手动上线。 + >![](./public_sys-resources/icon-note.gif) **说明:** + >virsh setvcpus 进行虚拟机CPU热插操作的格式如下: + >``` + >virsh setvcpus [--config] [--live] + >``` + >- domain: 参数,必填。指定虚拟机名称。 + >- count: 参数,必填。指定目标CPU数目,即热插后虚拟机CPU数目。 + >- --config: 选项,选填。虚拟机下次启动时仍有效。 + >- --live: 选项,选填。在线生效。 ## 管理虚拟内存 @@ -315,7 +333,7 @@ NUMA(Non Uniform Memory Access Architecture) 模式是一种分布式存储 假设虚拟机的vCPU也绑定在NODE0的物理CPU上,就可以避免由于vCPU访问远端内存带来的性能下降。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >- 分配给虚拟机的内存不要超过该NUMA节点剩余的可用内存,否则可能导致虚拟机启动失败。 >- 建议虚拟机内存和vCPU都绑定在同一NUMA节点,避免vCPU访问远端内存造成性能下降。例如将上例中vCPU也绑定在NUMA node 0上。 @@ -350,7 +368,7 @@ NUMA(Non Uniform Memory Access Architecture) 模式是一种分布式存储 ``` ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 项提供虚拟机内部呈现NUMA拓扑功能,“cell id”表示vNode编号,“cpus”表示vCPU编号,“memory”表示对应vNode上的内存大小。 >- 如果希望通过Guest NUMA提供更好的性能,则需要配置,使vCPU和对应的内存分布在同一个物理NUMA NODE上: > - 中的“cellid”和中的“cell id”是对应的;“mode”可以配置为“strict”(严格从指定node上申请内存,内存不够则失败)、“preferred”(优先从某一node上申请内存,如果不够则从其他node上申请)、“interleave”(从指定的node上交叉申请内存);“nodeset”表示指定物理NUMA NODE。 @@ -365,13 +383,13 @@ NUMA(Non Uniform Memory Access Architecture) 模式是一种分布式存储 #### 约束限制 -- 创建虚拟机的时候,指定的主板类型(machine)需为virt-4.1版本及以上。 +- 创建虚拟机的时候,AArch64平台上指定的主板类型(machine)需为virt-4.1或更高virt以上,x86平台上指定的主板类型需要为pc-i440fx-1.5以上版本。 - 内存热插特性依赖于Guest NUMA,虚拟机必须配置Guest NUMA,否则无法完成内存热插流程。 - 热插内存时候必须指定新增内存所属的Gust NUMA node编号,否则内存热插失败。 - 虚拟机内核必须支持内存热插能力,否则虚拟机无法识别新增内存或者无法上线内存。 - 配置使用大页的虚拟机,热插内存的容量必须是系统hugepagesz的整数倍,否则会导致热插失败。 - 热插内存的大小必须为Guest物理内存块大小block_size_bytes的整数倍,否则无法正常上线。在Guest内部执行lsmem可以获取block_size_bytes大小。 -- 配置n个virtio-net网卡后,最大可热插次数取值为min{max_slot, 64 - n},原因是要给网卡预留slot。 +- 配置n个virtio-net网卡后,最大可热插次数取值为min{max_slot, 64 - n},因为要给网卡预留slot。 - vhost-user设备和内存热插特性互斥。配置了vhost-user设备的虚拟机不支持内存热插;内存热插后,不支持虚拟机热插vhost-user设备。 - 如果虚拟机操作系统为Linux系列,请确保初始内存大于等于4GB。 - 如果虚拟机操作系统为Windows类型,第一次热插内存必须指定到Guest NUMA node0上,否则热插内存无法被虚拟机识别。 @@ -381,53 +399,67 @@ NUMA(Non Uniform Memory Access Architecture) 模式是一种分布式存储 #### 操作步骤 -在虚拟机创建时候配可热插内存最大范围,预留槽位号,并配置Guest NUMA拓扑结构。 +**一、配置虚拟机XML** + +1. 使用内存热插功能,需要在创建虚拟机时配置可热插内存的最大范围、预留槽位号,并配置Guest NUMA拓扑结构。 + + 例如,为虚拟机配置32GiB初始内存,预留256个槽位号,最大支持1TiB内存上限,2个NUMA node的配置为: -- 创建虚拟机,预留内存热插槽位 ``` - 32 - 1024 - - - - - + + 32 + 1024 + + + + + - + + .... ``` - 上述xml表示为虚拟机配置32G初始内存,预留256个槽位号,最大支持1TB内存上限,2个NUMA node的配置为: - >![](public_sys-resources/icon-note.gif) **说明:** - >其中: - >- maxMemory字段中slots号表示预留的内存插槽,最大为256; - >- maxMemory表示虚拟机支持的最大物理内存上限; - >- Guest NUMA配置请参考配置Guest NUMA相关章节。 -- 准备内存描述xml文件 +>![](./public_sys-resources/icon-note.gif) **说明:** +>其中: +>maxMemory字段中slots号表示预留的内存插槽,最大取值为256。 +>maxMemory表示虚拟机支持的最大物理内存上限。 +>Guest NUMA配置请参见“配置Guest NUMA”相关章节。 + +**二、热插并上线内存** + +1. 如果热插内存后需要自动上线热插的内存,可以使用root权限在虚拟机内部创建udev rules文件/etc/udev/rules.d/99-hotplug-memory.rules,并在其中定义udev规则,内容参考如下: + + ``` + # automatically online hot-plugged memory + ACTION=="add", SUBSYSTEM=="memory", ATTR{state}="online" + ``` + +2. 根据需要热插的内存大小和虚拟机Guest NUMA Node创建内存描述xml文件。 + + 例如,热插1GiB内存到NUMA node0上: + ``` - + 1024 0 - - ``` - -- 使用virsh attach-device接口为虚拟机热插内存 - ``` - # virsh attach-device openEulerVM memory.xml --live - ``` - 上述命令行中memory.xml是热插内存的描述文件,可选参数--live表示在线生效,也可以加--config表示将热插内存持久化到虚拟机xml文件中。 - -- 热插内存上线 - - 使用shell脚本来完成内存上线的方法为: - ``` - for i in `grep -l offline /sys/devices/system/memory/memory*/state` - do - echo online > $i - done - ``` - 也可以使用udev rules自动完成内存上线。编辑udev rules创建文件/etc/udev/rules.d/99-hotplug-memory.rules - ``` - # automatically online hot-plugged memoryACTION=="add", SUBSYSTEM=="memory", ATTR{state}="online" - ``` + + + ``` + +3. 使用virsh attach-device命令为虚拟机热插内存。其中openEulerVM为虚拟机名称,memory.xml为热插内存的描述文件,--live表示热插内存在线生效,也可以使用--config 将热插内存持久化到虚拟机xml文件中。 + + ``` + # virsh attach-device openEulerVM memory.xml --live + ``` + + >![](./public_sys-resources/icon-note.gif) **说明:** + >如果没有使用udev rules自动上线热插内存,也可以使用root权限,参考如下命令手动上线: + >``` + >for i in `grep -l offline /sys/devices/system/memory/memory*/state` + >do + > echo online > $i + >done + >``` + diff --git "a/content/zh/docs/Virtualization/\347\256\241\347\220\206\350\231\232\346\213\237\346\234\272.md" "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\231\232\346\213\237\346\234\272.md" similarity index 78% rename from "content/zh/docs/Virtualization/\347\256\241\347\220\206\350\231\232\346\213\237\346\234\272.md" rename to "docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\231\232\346\213\237\346\234\272.md" index 0cc5312a72d3b9d1ca0f2aa9034454eaf726e821..ed694f4d50ae9150e2887d341f11dd67a957d920 100644 --- "a/content/zh/docs/Virtualization/\347\256\241\347\220\206\350\231\232\346\213\237\346\234\272.md" +++ "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\231\232\346\213\237\346\234\272.md" @@ -10,6 +10,9 @@ - [登录虚拟机](#登录虚拟机) - [使用VNC密码登录](#使用VNC密码登录) - [配置VNC TLS登录](#配置VNC-TLS登录) + - [虚拟机安全启动](#虚拟机安全启动) + - [总体介绍](#总体介绍) + - [安全启动实践](#安全启动实践) ## 虚拟机生命周期 @@ -36,7 +39,7 @@ 虚拟机不同状态之间可以相关转换,但必须满足一定规则。虚拟机不同状态之间的转换常用规则如[图1](#fig671014583483)所示。 **图 1** 状态转换图 -![](figures/状态转换图.png "状态转换图") +![](./figures/status-transition-diagram.png) #### 虚拟机标识 @@ -71,7 +74,7 @@ ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >可通过virsh命令查询虚拟机Id和UUID,操作方法请参见[查询虚拟机信息](#查询虚拟机信息)章节内容。 ### 管理命令 @@ -223,7 +226,7 @@ virsh # virsh undefine ``` - 其中为销毁虚拟机的策略,可取值: + 其中\为销毁虚拟机的策略,可取值: nvram:销毁虚拟机的同时删除其对应的nvram文件。 @@ -499,7 +502,7 @@ Libvirt组件提供了一组查询虚拟机状态信息的命令,包括虚拟 - 虚拟机的VNC侦听端口,该端口一般在客户机启动时自动分配,一般为5900 + x(x为正整数,按照虚拟机启动的顺序递增,且5900对用户不可见)。 - 如果VNC设置了密码,还需要获取虚拟机的VNC密码。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >为虚拟机VNC配置密码,需要编辑虚拟机XML配置文件,即为graphics元素新增一个passwd属性,属性的值为要配置的密码。例如,将虚拟机的VNC密码配置为n8VfjbFK的XML配置参考如下: >``` > @@ -517,7 +520,7 @@ Libvirt组件提供了一组查询虚拟机状态信息的命令,包括虚拟 :3 ``` - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >登录 VNC 需要配置防火墙规则,允许 VNC 端口的连接。参考命令如下,其中X为数值“5900 + 端口号” ,例如本例中为5903。 >``` >firewall-cmd --zone=public --add-port=X/tcp @@ -532,7 +535,7 @@ Libvirt组件提供了一组查询虚拟机状态信息的命令,包括虚拟 VNC服务端和客户端默认采用明文方式进行数据传输,因此通信内容可能被第三方截获。为了提升安全性,openEuler支持VNC服务端配置TLS模式进行加密认证。TLS(Tansport Layer Security)即传输层安全,可以实现VNC服务端和客户端之间加密通信,从而防止通信内容被第三方截获。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- 使用TLS加密认证模式需要VNC客户端支持TLS模式(例如TigerVNC),否则无法连接到VNC客户端。 >- TLS加密认证模式配置粒度为主机服务器级别,开启该特性后,主机上正在运行的所有虚拟机对应的VNC客户端都将开启TLS加密认证模式。 @@ -551,7 +554,7 @@ VNC开启TLS加密认证模式的操作步骤如下: 2. 为VNC创建证书和私钥文件。此处以GNU TLS为例进行说明。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >使用GNU TLS,请提前安装好gnu-utils软件包。 1. 制作证书颁发机构CA(Certificate Authority)的证书文件。 @@ -643,8 +646,157 @@ VNC开启TLS加密认证模式的操作步骤如下: 5. 将生成的客户端证书ca-cert.pem,client-cert.pem和client-key.pem拷贝到VNC客户端。配置VNC客户端的TLS证书后即可使用VNC TLS登录。 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >- VNC客户端证书的配置请参见各客户端对应的使用说明,由用户自行配置。 >- 登录虚拟机的方式请参见“使用VNC密码登录”。 +## 虚拟机安全启动 + +### 总体介绍 + +#### 概述 + +安全启动(Secure Boot)就是利用公私钥对启动部件进行签名和验证。启动过程中,前一个部件验证后一个部件的数字签名,验证通过后,运行后一个部件,验证不通过则启动失败。安全启动的作用是检测设备启动阶段固件(Fireware)以及软件是否被篡改,防止恶意软件侵入和修改。通过安全启动可以保证系统启动过程中各个部件的完整性,防止没有经过认证的部件被加载运行,从而防止对系统及用户数据产生安全威胁。安全启动是在UEFI启动方式上实现的,Legacy启动方式不支持安全启动。根据UEFI规定,主板出厂的时候可以内置一些可靠的公钥。任何想要在这块主板上加载的操作系统或者硬件驱动程序,都必须通过这些公钥的认证。物理机上的安全启动由物理BIOS完成,虚拟机的安全启动通过软件模拟。虚拟机安全启动流程与host安全启动流程一致,都遵循开源UEFI规范。虚拟化平台上的UEFI由edk组件提供,虚拟机启动时qemu将UEFI镜像映射到内存中,为虚拟机模拟固件启动流程,安全启动正是虚拟机启动过程中edk提供的一个安全保护能力,用来保护虚拟机OS内核不被篡改。安全启动验签顺序:UEFI BIOS->shim->grub->vmlinuz(依次验签通过并加载)。 + +| 中文 | 英文 | 缩略语 | 中文定义/描述 | +| :-----| :----- | :----- | :----- | +| 安全启动 | Secure boot | Secure boot | 安全启动就是启动过程中,前一个部件验证后一个部件的数字签名,验证通过后,运行后一个部件,验证不通过就停下来。通过安全启动可以保证系统启动过程中各个部件的完整性。 | +| 平台密钥 | Platform key | PK | OEM厂商所有,必须为 RSA 2048 或更强,PK为平台拥有者和平台固件之间建立可信关系。平台拥有者将PK的公钥部分PKpub注册到平台固件中,平台拥有者可以使用PK的私有部分PKpriv来改变平台的拥有权或者注册KEK密钥。 | +| 密钥交换密钥 | Key exchange key | KEK | KEK为平台固件和OS之间创建可信关系。每一个操作系统和与平台固件通信的第三方应用在平台固件中注册KEK密钥的公共部分KEKpub。 | +| 签名数据库 | Database white list | DB | 存储验证shim、grub、vmlinuz等组件的密钥。 | +| 签名吊销数据库 | Database black list | DBx | 存储吊销的密钥。 | + +#### 功能说明 + +本次实现的虚拟机安全启动特性基于edk开源项目。非安全启动模式下,Linux基本流程如下: + +**图 1** 系统启动流程图 + +![](./figures/OSBootFlow.png) + +安全启动模式下UEFI BIOS启动后加载的首个组件是系统镜像中的shim,shim与UEFI BIOS进行交互获取存储在UEFI BIOS变量db里面的密钥对grub进行验证,加载grub后同样调用密钥和认证接口对kernel进行验证。Linux启动流程如下: + +**图 2** 安全启动流程图 + +![](./figures/SecureBootFlow.png) + +从整体处理流程上来看,安全启动特性包含多个关键场景,根据场景分析和系统分解,安全启动特性涉及以下几个子系统:UEFI BIOS校验shim,shim校验grub,grub校验kernel。UEFI BIOS对shim进行验证,验证通过则启动shim,不通过则提示错误,无法启动。Shim需要在镜像编译制作过程中使用私钥进行签名,公钥证书导入UEFI BIOS变量区DB中。Shim启动后验证启动grub,验证通过则启动grub,不通过则提示错误,无法启动。Grub需要在镜像编译制作过程中进行签名,使用和shim一样的公私钥对。Grub启动后检查调用shim注册在UEFI BIOS的认证接口和密钥对kernel进行验证,通过则启动内核,不通过则提示错误,grub需要在镜像编译制作过程中进行签名,使用和shim一样的公私钥对。 + +#### 约束限制 + +* 在不支持安全启动的UEFI BIOS上运行,对现有功能没有影响,业务无感知。 +* 安全启动特性依赖UEFI BIOS,必须在UEFI支持此功能的条件下才能发挥作用。 +* 在UEFI BIOS开启安全启动的情况下,如果相关部件没有签名或签名不正确,则无法正常启动系统。 +* 在UEFI BIOS关闭安全启动的情况下,启动过程的验证功能都会被关闭。 +* 安全启动验证链后半段,即shim->grub->kernel引导内核启动这部分的验证链由操作系统镜像实现,若操作系统不支持引导内核安全启动过程,则虚拟机安全启动失败。 +* 当前不提供x86架构使用nvram文件配置虚拟机安全启动 + +### 安全启动实践 + +虚拟机安全启动依赖于UEFI BIOS的实现,UEFI BIOS镜像通过edk rpm包安装,本节以AArch64为例对虚拟机安全启动进行配置。 + +#### 虚拟机配置 + +edk rpm包中的组件安装于/usr/share/edk2/aarch64目录下,包括`QEMU_EFI-pflash.raw`和`vars-template-pflash.raw`。虚拟机启动UEFI BIOS部分xml配置如下: + +``` + + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + /path/to/QEMU-VARS.fd + +``` + +其中/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw为UEFI BIOS镜像路径。/usr/share/edk2/aarch64/vars-template-pflash.raw为nvram镜像模板路径,/path/to/QEMU-VARS.fd为当前虚拟机nvram镜像文件路径,用于保存UEFI BIOS系统中的环境变量。 + +#### 证书导入 + +虚拟机安全启动时的证书从BIOS界面导入,在证书导入前需要将证书文件导入到虚拟机中。可以通过挂载磁盘的方式将证书文件所在目录挂载到虚拟机中,例如制作包含证书的镜像,并在虚拟机的配置文件xml中配置挂载该镜像: + +制作证书文件镜像 + +``` +dd of='/path/to/data.img' if='/dev/zero' bs=1M count=64 +mkfs.vfat -I /path/to/data.img +mkdir /path/to/mnt +mount path/to/data.img /path/to/mnt/ +cp -a /path/to/certificates/* /path/to/mnt/ +umount /path/to/mnt/ +``` +其中,/path/to/certificates/为证书文件所在路径,/path/to/data.img为证书文件镜像所在路径,/path/to/mnt/为镜像挂载路径。 + +在虚拟机xml文件中配置挂载该镜像 + +``` + + + + + + + + + +``` + +启动虚拟机,导入PK证书,流程如下(KEK证书,DB证书导入方式相同): + +虚拟机启动后,点击F2进入bios界面 + +**图 1** 进入bios界面 + +![](./figures/CertEnrollP1.png) + +**图 2** 进入Device Manager + +![](./figures/CertEnrollP2.png) + +**图 3** 进入Custom Secure Boot Options + +![](./figures/CertEnrollP3.png) + +**图 4** 进入PK Options + +![](./figures/CertEnrollP4.png) + +**图 5** Enroll PK + +![](./figures/CertEnrollP5.png) + +在File Explorer界面可以看到很多磁盘目录,其中包括我们通过磁盘挂载的证书文件目录 + +**图 6** File Explorer + +![](./figures/CertEnrollP6.png) + +在磁盘目录中选择要导入的PK证书 + +**图 7** 进入证书所在磁盘 + +![](./figures/CertEnrollP7.png) + +**图 8** 选择Commit Changes and Exit保存导入证书 + +![](./figures/CertEnrollP8.png) + +导入证书后,UEFI BIOS将证书信息以及安全启动属性写入nvram配置文件/path/to/QEMU-VARS.fd中,虚拟机下一次启动时会从/path/to/QEMU-VARS.fd文件中读取相关配置并初始化证书信息以及安全启动属性,自动导入证书并开启安全启动。同样,我们可以将/path/to/QEMU-VARS.fd作为其他相同配置虚拟机的UEFI BIOS启动配置模板文件,通过修改nvram template字段使其他虚拟机启动时自动导入证书并开启安全启动选项,虚拟机xml配置修改如下: + +``` + + hvm + /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw + + +``` + +#### 安全启动观测 + +正确配置虚拟机并导入PK、KEK、DB证书后,虚拟机将以安全启动的方式运行。可以通过在虚拟机配置文件xml中配置串口日志文件观测虚拟机是否为安全启动,串口日志文件的配置方式如: + +``` + + + +``` +虚拟机加载系统镜像成功后,当串口日志文件中出现"UEFI Secure Boot is enabled"信息时,表明虚拟机当前为安全启动。 diff --git "a/content/zh/docs/Virtualization/\347\256\241\347\220\206\350\256\276\345\244\207.md" "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\256\276\345\244\207.md" similarity index 97% rename from "content/zh/docs/Virtualization/\347\256\241\347\220\206\350\256\276\345\244\207.md" rename to "docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\256\276\345\244\207.md" index ead838eec1a2ac6427abc6f3d504109217f853f9..067c3eb5e65af2525e1522f766d261778d31d881 100644 --- "a/content/zh/docs/Virtualization/\347\256\241\347\220\206\350\256\276\345\244\207.md" +++ "b/docs/zh/docs/Virtualization/\347\256\241\347\220\206\350\256\276\345\244\207.md" @@ -274,7 +274,7 @@ PCI直通是指将host上的物理PCI设备直接呈现给一台虚拟机,供

PCI设备呈现的Guest内bdf号。

-

[0x03-0x1e](slot范围)

+

[0x03-0x1e](./slot范围)

说明:

  • domain为域信息,bus为总线号,slot为插槽号,function为功能
  • 除了slot插槽号,这里其余均默认为0。
  • 第一个slot插槽号0x00被系统占用,第二个slot号0x01被IDE控制器和USB控制器占用,第三个slot号0x02被video占用。
  • 最后一个slot号0x1f被pvchannel占用。
@@ -282,7 +282,7 @@ PCI直通是指将host上的物理PCI设备直接呈现给一台虚拟机,供 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >VFIO直通方式的最小直通单位是iommu\_group,host根据硬件上的ACS位,来划分iommu\_group。同一个iommu\_group中的设备只允许直通给同一台虚拟机(一个PCI设备上的若干个function,如果属于同一个iommu\_group,只允许直通给一个虚拟机使用)。 ### SR-IOV直通 @@ -291,7 +291,7 @@ PCI直通是指将host上的物理PCI设备直接呈现给一台虚拟机,供 SR-IOV(Single Root I/O Virtualizaiton)是一种基于硬件的虚拟化解决方案,通过SR-IOV技术可以将一个PF(Physical Function)虚拟成多个VF(Virtual Function),每个VF都可以单独被直通给一个虚拟机,极大地提升了硬件资源利用率和虚拟机的I/O性能。一种典型的应用场景就是网卡SR-IOV设备直通,利用SR-IOV技术可以将一个物理网卡(PF)虚拟成多个VF网卡,再把VF直通给虚拟机使用。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >- SR-IOV需要物理硬件支持,使用SR-IOV前请确保要直通的硬件设备支持该能力,并且Host侧的设备驱动程序工作在SR-IOV模式下。 >- 查询网卡具体型号的办法如下: >例如下述回显,第一列为网卡的PCI号,19e5:1822为网卡的厂商号设备号。 @@ -447,7 +447,7 @@ SR-IOV(Single Root I/O Virtualizaiton)是一种基于硬件的虚拟化解 - >![](public_sys-resources/icon-note.gif) **说明:** + >![](./public_sys-resources/icon-note.gif) **说明:** >关闭SR-IOV功能。 >在虚拟机使用完毕后(虚拟机关机,所有的VF均没有在使用中的时候),若要关闭SR-IOV功能。执行操作如下: >这里以Hi1822网卡(eth0对应PF的网口名称)为例: @@ -457,7 +457,7 @@ SR-IOV(Single Root I/O Virtualizaiton)是一种基于硬件的虚拟化解 #### HPRE加速器SR-IOV直通 -加速器引擎是TaiShan 200服务器基于Kunpeng 920处理器提供的硬件加速解决方案。HPRE加速器用于加速SSL/TLS应用,可以显著降低处理器消耗,提高处理器效率。 +加速器引擎是TaiShan 200服务器基于Kunpeng 920服务器提供的硬件加速解决方案。HPRE加速器用于加速SSL/TLS应用,可以显著降低处理器消耗,提高处理器效率。 在鲲鹏服务器上,需要把主机Host上的HPRE加速器的VF直通给虚拟机,供虚拟机内部业务使用。 **表 1** HPRE加速器说明 @@ -472,7 +472,7 @@ SR-IOV(Single Root I/O Virtualizaiton)是一种基于硬件的虚拟化解 | 最大VF数量 | 一个HPRE PF最多支持创建63个VF | ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >当虚拟机正在使用VF设备时,不允许卸载Host上的驱动,加速器不支持热插拔。 >VF操作(VFNUMS为0表示关闭VF,hpre_num用来标识具体的加速器设备): >``` @@ -555,8 +555,8 @@ USB设备的XML描述: ``` --
,其中,m表示该USB设备在主机上的bus地址,n表示device ID编号。 --
表示该USB设备要挂载到虚拟机指定的USB控制器。其中x表示控制器ID,与虚拟机所配置的USB控制器index编号相对应,y表示port地址。用户配置直通USB设备的时候需要配置这个字段,确保设备挂载的控制器与预期相符。 +- \
,其中,m表示该USB设备在主机上的bus地址,n表示device ID编号。 +- \
表示该USB设备要挂载到虚拟机指定的USB控制器。其中x表示控制器ID,与虚拟机所配置的USB控制器index编号相对应,y表示port地址。用户配置直通USB设备的时候需要配置这个字段,确保设备挂载的控制器与预期相符。 #### 配置方法 @@ -624,7 +624,7 @@ USB设备的XML描述: 虚拟机在使用过程中可能由于病毒对系统的破坏、系统文件被误删除或误格式化等原因造成虚拟机系统损坏导致系统无法启动。为了使损坏的系统快速恢复,openEuler提供了存储快照功能。openEuler可以在用户不感知的情况下制作虚拟机在某一时刻的快照(制作通常指需要几秒钟),该快照能帮助用户将磁盘快速恢复到某一时刻的状态,例如系统损坏后能快速恢复系统,从而提升系统可靠性。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >当前存储快照只支持raw、qcow2格式镜像,不支持block块设备。 ### 操作步骤 diff --git "a/content/zh/docs/Virtualization/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" "b/docs/zh/docs/Virtualization/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" similarity index 95% rename from "content/zh/docs/Virtualization/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" rename to "docs/zh/docs/Virtualization/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" index 9988f532a1c95fa71b2c3e5ada56d7eb41b81def..6a337a5d025674202a440f16b3c5b47bad8cff66 100644 --- "a/content/zh/docs/Virtualization/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" +++ "b/docs/zh/docs/Virtualization/\350\231\232\346\213\237\346\234\272\351\205\215\347\275\256.md" @@ -102,13 +102,35 @@ XML配置文件的基本格式如下,其中label代表具体标签名,attrib - cpu:虚拟处理器模式。 - 属性mode:表示虚拟CPU的模式,属性值host-passthrough表示虚拟CPU的架构和特性与主机保持一致。 + 属性mode:表示虚拟CPU的模式。 + + - host-passthrough:表示虚拟CPU的架构和特性与主机保持一致。 + + - custom:表示虚拟CPU的架构和特性由此cpu元素控制。 子元素topology:元素cpu的子元素,用于描述虚拟CPU模式的拓扑结构。 - 子元素topology的属性socket、cores、threads分别描述了虚拟机具有多少个cpu socket,每个cpu socket中包含多少个处理核心(core),每个处理器核心具有多少个超线程(thread),属性值为正整数且三者的乘积等于虚拟CPU的个数。 + 子元素model:元素cpu的子元素,当mode为custom时用于描述CPU的模型。 + + 子元素feature:元素cpu的子元素,当mode为custom时用于描述某一特性的使能情况。其中,属性name表示特性的名称,属性policy表示这一特性的使能控制策略: + + - force:表示强制使能该特性,无论主机CPU是否支持该特性。 + + - require:表示使能该特性,当主机CPU不支持该特性并且hypervisor不支持模拟该特性时,创建虚拟机失败。 + + - optional:表示该特性的使能情况与主机上该特性的使能情况保持一致。 + + - disable:禁用该特性。 + + - forbid:禁用该特性,当主机支持该特性时创建虚拟机失败。 + + >![](./public_sys-resources/icon-note.gif) **说明:** + > + >虚拟机内部用户态CPU特性的呈现(如通过lscpu中的Flags呈现的CPU特性)需虚拟机内核的支持,若虚拟机内核版本较旧,可能无法呈现出全部CPU特性。 + #### 配置示例 例如,虚拟CPU个数为4,处理模式为host-passthrough,虚拟内存为8GiB,4个CPU分布在两个CPU socket中,且不支持超线程的配置如下: @@ -125,6 +147,21 @@ XML配置文件的基本格式如下,其中label代表具体标签名,attrib ``` +虚拟内存为8GiB,虚拟CPU个数为4,处理模式为custom,model为Kunpeng-920,且禁用pmull特性的配置如下: + +``` + + ... + 4 + 8 + + Kunpeng-920 + + + ... + +``` + ## 配置虚拟设备 虚拟机XML配置文件使用devices元素配置虚拟设备,包括存储设备、网络设备、总线、鼠标等,本节介绍常用的虚拟设备如何配置。 @@ -375,7 +412,7 @@ XML配置文件中使用元素“interface”,其属性“type”表示虚拟 PCIe总线是一种典型的树结构,具有比较好的扩展性,总线之间通过控制器关联,这里以PCIe总线为例介绍如何为虚拟机配置总线拓扑。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >总线的配置相对比较繁琐,若不需要精确控制设备拓扑结构,可以使用libvirt自动生成的缺省总线配置。 #### 元素介绍 @@ -386,9 +423,9 @@ controller:控制器元素,表示一个总线。 - 属性type:控制器必选属性,表示总线类型。常用取值有“pci”、“usb”、“scsi”、“virtio-serial”、“fdc”、“ccid”。 - 属性index:控制器必选属性,表示控制器的总线“bus”编号(编号从0开始),可以在地址元素“address”元素中使用。 -- 属性model:控制器必选属性,表示控制器的具体型号,其可选择的值与控制器类型“type”的值相关,对应关系及含义请参见[表4](#table191911761111)。 +- 属性model:控制器必选属性,表示控制器的具体型号,其可选择的值与控制器类型“type”的值相关,对应关系及含义请参见[表1](#table191911761111)。 - 子元素address:为设备或控制器指定其在总线网络中的挂载位置。 - - 属性type:设备地址类型。常用取值有“pci”、“usb”、“drive”。address的type类型不同, 对应的属性也不同,常用type属性值及其该取值下address的属性请参见[表5](#table1200165711314)。 + - 属性type:设备地址类型。常用取值有“pci”、“usb”、“drive”。address的type类型不同, 对应的属性也不同,常用type属性值及其该取值下address的属性请参见[表2](#table1200165711314)。 - 子元素model:控制器具体型号的名称。 - 属性name:指定控制器具体型号的名称,和父元素controller中的属性model对应。 @@ -577,7 +614,7 @@ controller:控制器元素,表示一个总线。 例如,在下面的示例中,配置了虚拟机的模拟器路径,pty串口、virtio媒体设备、USB写字板、USB键盘以及VNC图形设备。 ->![](public_sys-resources/icon-note.gif) **说明:** +>![](./public_sys-resources/icon-note.gif) **说明:** >graphics的type配置为VNC时,建议配置属性passwd,即使用VNC登录时的密码。 ``` diff --git "a/content/zh/docs/Virtualization/\350\256\244\350\257\206\350\231\232\346\213\237\345\214\226.md" "b/docs/zh/docs/Virtualization/\350\256\244\350\257\206\350\231\232\346\213\237\345\214\226.md" similarity index 96% rename from "content/zh/docs/Virtualization/\350\256\244\350\257\206\350\231\232\346\213\237\345\214\226.md" rename to "docs/zh/docs/Virtualization/\350\256\244\350\257\206\350\231\232\346\213\237\345\214\226.md" index 0f66103873ba477981c238a88442a5a128e3fbb3..988bf7f8a38ee656cd9ef293ebad10130d55beb7 100644 --- "a/content/zh/docs/Virtualization/\350\256\244\350\257\206\350\231\232\346\213\237\345\214\226.md" +++ "b/docs/zh/docs/Virtualization/\350\256\244\350\257\206\350\231\232\346\213\237\345\214\226.md" @@ -1,90 +1,90 @@ -# 认识虚拟化 - -## 简介 - -在计算机技术中,虚拟化是一种资源管理技术,它将计算机的各种实体资源(处理器、内存、磁盘、网络适配器等)予以抽象,转换后呈现并可供分割、组合为一个或多个计算机配置环境。这种资源管理技术打破了实体结构不可分割的障碍,使这些资源在虚拟化后不受现有资源的架设方式、地域或物理配置限制,从而让用户可以更好地应用计算机硬件资源,提高资源利用率。 - -虚拟化使得一台物理服务器上可以运行多台虚拟机,虚拟机共享物理机的处理器、内存、I/O资源等,但逻辑上虚拟机之间是互相隔离的。在虚拟化技术中,通常将这个物理服务器称为宿主机,宿主机上运行的虚拟机也叫客户机,虚拟机内部运行的操作系统称为客户机操作系统。在宿主机和虚拟机之间存在一层叫虚拟化层的软件,用于实现虚拟硬件的模拟,通常这个虚拟化层被称为虚拟机监视器,如下图所示: - -**图 1** 虚拟化架构 -![](figures/虚拟化架构.png "虚拟化架构") - -## 虚拟化架构 - -当前的主流虚拟化技术按照VMM(Virtual Machine Monitor)实现结构不同分为两种: - -- Hypervisor模型 - - 在这种模型中,VMM被看做是一个完备的操作系统,同时还具备虚拟化功能,VMM直接管理所有的物理资源,包括处理器,内存和I/O设备等。 - -- 宿主模型 - - 这种模型中,物理资源是由宿主机操作系统管理,宿主机操作系统是传统的操作系统,如Linux,Windows等,宿主机操作系统不提供虚拟化能力,提供虚拟化能力的VMM作为系统的一个驱动或者软件运行在宿主操作系统上,VMM通过调用host OS的服务获得资源,实现处理器,内存和I/O设备的模拟,这种模型的虚拟化实现有KVM、Virtual Box等。 - - -KVM(Kernel-based Virtual Machine)即基于内核的虚拟机,是Linux的一个内核模块,该内核模块使Linux成为一个hypervisor。KVM架构如[图2](#fig310953013541)所示。KVM本身未模拟任何硬件设备,它用于使能硬件提供的虚拟化能力,比如Intel VT-x, AMD-V, ARM virtualization extensions等。主板、内存及I/O等设备的模拟由用户态的QEMU完成。用户态QEMU配合内核KVM模块共同完成虚拟机的硬件模拟,客户操作系统运行在QEMU和KVM模拟的硬件上。 - -**图 2** KVM架构图 -![](figures/KVM架构图.png "KVM架构图") - -## 虚拟化组件 - -openEuler软件包中提供的虚拟化相关组件: - -- KVM:提供核心的虚拟化基础设施,使Linux系统成为一个hypervisor,支持多个虚拟机同时在该主机上运行。 -- QEMU:模拟处理器并提供一组设备模型,配合KVM实现基于硬件的虚拟化模拟加速。 -- Libvirt:为管理虚拟机提供工具集,主要包含统一、稳定、开放的应用程序接口(API)、守护进程 (Libvirtd)和一个默认命令行管理工具(virsh)。 -- Open vSwitch:为虚拟机提供虚拟网络的工具集,支持编程扩展,以及标准的管理接口和协议(如NetFlow, sFlow,IPFIX, RSPAN, CLI, LACP, 802.1ag)。 - -## 虚拟化特点 - -业界普遍认可虚拟化有以下特点: - -- 分区 - - 虚拟化可以对一台物理服务器进行软件逻辑分割,实现运行多台不同规格的虚拟机(虚拟服务器)。 - - -- 隔离 - - 虚拟化能够模拟虚拟硬件,为虚拟机运行完整操作系统提供硬件条件,每个虚拟机内部操作系统都是独立的,互相隔离的。例如一台虚拟机的操作系统由于故障或者受到恶意破坏而崩溃,其他虚拟机内部的操作系统和应用不会受到任何影响。 - - -- 封装性 - - 以虚拟机为粒度封装,优秀的封装性使得虚拟机比物理机更灵活,可以实现虚拟机的热迁移、快照、克隆等功能,实现数据中心的快速部署和自动化运维。 - - -- 硬件无关 - - 经过虚拟化层的抽象后,虚拟机与底层的硬件没有直接的绑定关系,可以在其他服务器上不加修改地运行虚拟机。 - - -## 虚拟化优势 - -虚拟化为数据中心的基础设施带来了众多优势: - -- 灵活性和可扩展性 - - 用户可以根据需求进行动态资源分配和回收,满足动态变化的业务需求,同时也可以根据不同的产品需求,规划不同的虚拟机规格,在不改变物理资源配置的情况下进行规模调整。 - - -- 更高的可用性和更好的运维手段 - - 虚拟化提供热迁移,快照,热升级,容灾自动恢复等运维手段,可以在不影响用户的情况下对物理资源进行删除、升级或变更,提高了业务连续性,同时可以实现自动化运维。 - - -- 提高安全性 - - 虚拟化提供了操作系统级的隔离,同时实现基于硬件提供的处理器操作特权级控制,相比简单的共享机制具有更高的安全性,可实现对数据和服务进行可控和安全的访问。 - - -- 更高的资源利用率 - - 虚拟化可支持实现物理资源和资源池的动态共享,提高资源利用率。 - - -## openEuler虚拟化 - -openEuler提供了支持AArch64和x86_64处理器架构的KVM虚拟化组件。 - +# 认识虚拟化 + +## 简介 + +在计算机技术中,虚拟化是一种资源管理技术,它将计算机的各种实体资源(处理器、内存、磁盘、网络适配器等)予以抽象,转换后呈现并可供分割、组合为一个或多个计算机配置环境。这种资源管理技术打破了实体结构不可分割的障碍,使这些资源在虚拟化后不受现有资源的架设方式、地域或物理配置限制,从而让用户可以更好地应用计算机硬件资源,提高资源利用率。 + +虚拟化使得一台物理服务器上可以运行多台虚拟机,虚拟机共享物理机的处理器、内存、I/O资源等,但逻辑上虚拟机之间是互相隔离的。在虚拟化技术中,通常将这个物理服务器称为宿主机,宿主机上运行的虚拟机也叫客户机,虚拟机内部运行的操作系统称为客户机操作系统。在宿主机和虚拟机之间存在一层叫虚拟化层的软件,用于实现虚拟硬件的模拟,通常这个虚拟化层被称为虚拟机监视器,如下图所示: + +**图 1** 虚拟化架构 +![](./figures/virtualized-architecture.png) + +## 虚拟化架构 + +当前的主流虚拟化技术按照VMM(Virtual Machine Monitor)实现结构不同分为两种: + +- Hypervisor模型 + + 在这种模型中,VMM被看做是一个完备的操作系统,同时还具备虚拟化功能,VMM直接管理所有的物理资源,包括处理器,内存和I/O设备等。 + +- 宿主模型 + + 这种模型中,物理资源是由宿主机操作系统管理,宿主机操作系统是传统的操作系统,如Linux,Windows等,宿主机操作系统不提供虚拟化能力,提供虚拟化能力的VMM作为系统的一个驱动或者软件运行在宿主操作系统上,VMM通过调用host OS的服务获得资源,实现处理器,内存和I/O设备的模拟,这种模型的虚拟化实现有KVM、Virtual Box等。 + + +KVM(Kernel-based Virtual Machine)即基于内核的虚拟机,是Linux的一个内核模块,该内核模块使Linux成为一个hypervisor。KVM架构如[图2](#fig310953013541)所示。KVM本身未模拟任何硬件设备,它用于使能硬件提供的虚拟化能力,比如Intel VT-x, AMD-V, ARM virtualization extensions等。主板、内存及I/O等设备的模拟由用户态的QEMU完成。用户态QEMU配合内核KVM模块共同完成虚拟机的硬件模拟,客户操作系统运行在QEMU和KVM模拟的硬件上。 + +**图 2** KVM架构图 +![](./figures/kvm-architecture.png) + +## 虚拟化组件 + +openEuler软件包中提供的虚拟化相关组件: + +- KVM:提供核心的虚拟化基础设施,使Linux系统成为一个hypervisor,支持多个虚拟机同时在该主机上运行。 +- QEMU:模拟处理器并提供一组设备模型,配合KVM实现基于硬件的虚拟化模拟加速。 +- Libvirt:为管理虚拟机提供工具集,主要包含统一、稳定、开放的应用程序接口(API)、守护进程 (Libvirtd)和一个默认命令行管理工具(virsh)。 +- Open vSwitch:为虚拟机提供虚拟网络的工具集,支持编程扩展,以及标准的管理接口和协议(如NetFlow, sFlow,IPFIX, RSPAN, CLI, LACP, 802.1ag)。 + +## 虚拟化特点 + +业界普遍认可虚拟化有以下特点: + +- 分区 + + 虚拟化可以对一台物理服务器进行软件逻辑分割,实现运行多台不同规格的虚拟机(虚拟服务器)。 + + +- 隔离 + + 虚拟化能够模拟虚拟硬件,为虚拟机运行完整操作系统提供硬件条件,每个虚拟机内部操作系统都是独立的,互相隔离的。例如一台虚拟机的操作系统由于故障或者受到恶意破坏而崩溃,其他虚拟机内部的操作系统和应用不会受到任何影响。 + + +- 封装性 + + 以虚拟机为粒度封装,优秀的封装性使得虚拟机比物理机更灵活,可以实现虚拟机的热迁移、快照、克隆等功能,实现数据中心的快速部署和自动化运维。 + + +- 硬件无关 + + 经过虚拟化层的抽象后,虚拟机与底层的硬件没有直接的绑定关系,可以在其他服务器上不加修改地运行虚拟机。 + + +## 虚拟化优势 + +虚拟化为数据中心的基础设施带来了众多优势: + +- 灵活性和可扩展性 + + 用户可以根据需求进行动态资源分配和回收,满足动态变化的业务需求,同时也可以根据不同的产品需求,规划不同的虚拟机规格,在不改变物理资源配置的情况下进行规模调整。 + + +- 更高的可用性和更好的运维手段 + + 虚拟化提供热迁移,快照,热升级,容灾自动恢复等运维手段,可以在不影响用户的情况下对物理资源进行删除、升级或变更,提高了业务连续性,同时可以实现自动化运维。 + + +- 提高安全性 + + 虚拟化提供了操作系统级的隔离,同时实现基于硬件提供的处理器操作特权级控制,相比简单的共享机制具有更高的安全性,可实现对数据和服务进行可控和安全的访问。 + + +- 更高的资源利用率 + + 虚拟化可支持实现物理资源和资源池的动态共享,提高资源利用率。 + + +## openEuler虚拟化 + +openEuler提供了支持AArch64和x86_64处理器架构的KVM虚拟化组件。 + diff --git "a/content/zh/docs/Virtualization/\351\231\204\345\275\225.md" "b/docs/zh/docs/Virtualization/\351\231\204\345\275\225.md" similarity index 100% rename from "content/zh/docs/Virtualization/\351\231\204\345\275\225.md" rename to "docs/zh/docs/Virtualization/\351\231\204\345\275\225.md" diff --git a/themes/project/layouts/partials/docs/inject/menu-before.html b/docs/zh/docs/thirdparty_migration/figures/.keep similarity index 100% rename from themes/project/layouts/partials/docs/inject/menu-before.html rename to docs/zh/docs/thirdparty_migration/figures/.keep diff --git a/docs/zh/docs/thirdparty_migration/figures/calicotag.png b/docs/zh/docs/thirdparty_migration/figures/calicotag.png new file mode 100644 index 0000000000000000000000000000000000000000..3563a3e692ca223d5f13f1d16338ca5cfaac79a5 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/calicotag.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/clusteradd.png b/docs/zh/docs/thirdparty_migration/figures/clusteradd.png new file mode 100644 index 0000000000000000000000000000000000000000..b25de17014deb022c1bc9ab18246c0b51bdff942 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/clusteradd.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/configmaster.png b/docs/zh/docs/thirdparty_migration/figures/configmaster.png new file mode 100644 index 0000000000000000000000000000000000000000..f545b04d33e4e4e823c213cf997c44ec0c548b8b Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/configmaster.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/createuser.png b/docs/zh/docs/thirdparty_migration/figures/createuser.png new file mode 100644 index 0000000000000000000000000000000000000000..9964a86c0cf16073fc790dd5fae724883b612368 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/createuser.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/downloaddocker.png b/docs/zh/docs/thirdparty_migration/figures/downloaddocker.png new file mode 100644 index 0000000000000000000000000000000000000000..2e86a5b102c3641f753bfd367e215b1146901e53 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/downloaddocker.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/extend1.png b/docs/zh/docs/thirdparty_migration/figures/extend1.png new file mode 100644 index 0000000000000000000000000000000000000000..8bdd8e0b1ef60145ea16be676e2f70b9068804fb Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/extend1.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/faq1.png b/docs/zh/docs/thirdparty_migration/figures/faq1.png new file mode 100644 index 0000000000000000000000000000000000000000..6856b9d37975bf518c2aeb144d6bc54ec1a29bec Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/faq1.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env1.png b/docs/zh/docs/thirdparty_migration/figures/host_env1.png new file mode 100644 index 0000000000000000000000000000000000000000..60754da6d76bc817f6dbb05b30ac1749798f584b Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env1.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env10.png b/docs/zh/docs/thirdparty_migration/figures/host_env10.png new file mode 100644 index 0000000000000000000000000000000000000000..16705810949ee42054d345628599dd0fde26504e Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env10.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env11.png b/docs/zh/docs/thirdparty_migration/figures/host_env11.png new file mode 100644 index 0000000000000000000000000000000000000000..16c9a0d4bed1cfff308c9f8f5e93e98f8ba2c72c Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env11.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env5.png b/docs/zh/docs/thirdparty_migration/figures/host_env5.png new file mode 100644 index 0000000000000000000000000000000000000000..deddc3d6af1687939d274c80307d3e2c0ee7bd6c Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env5.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env6.png b/docs/zh/docs/thirdparty_migration/figures/host_env6.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7ca24a78979fe3346eb37793152cceaaee7145 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env6.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env7.png b/docs/zh/docs/thirdparty_migration/figures/host_env7.png new file mode 100644 index 0000000000000000000000000000000000000000..03370058ff0a6e237f291b543195392efcc05f5d Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env7.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env8.png b/docs/zh/docs/thirdparty_migration/figures/host_env8.png new file mode 100644 index 0000000000000000000000000000000000000000..400c79d9ab48fe0e6f91edc83ffb18082263fa71 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env8.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/host_env9.png b/docs/zh/docs/thirdparty_migration/figures/host_env9.png new file mode 100644 index 0000000000000000000000000000000000000000..aa848dfd00347b2e6d3385d6bcb372c49dc0928e Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/host_env9.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/install1.png b/docs/zh/docs/thirdparty_migration/figures/install1.png new file mode 100644 index 0000000000000000000000000000000000000000..a01325bb62e2e2f874d6110df8a19dea197b69e7 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/install1.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/installarm.png b/docs/zh/docs/thirdparty_migration/figures/installarm.png new file mode 100644 index 0000000000000000000000000000000000000000..d400c62147abe8c5c2b7f35e317e757d8aa85f97 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/installarm.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/installx86.png b/docs/zh/docs/thirdparty_migration/figures/installx86.png new file mode 100644 index 0000000000000000000000000000000000000000..3547bcf70e1b17574006e80be3578daf88344ff0 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/installx86.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/modify_timeout_value.png b/docs/zh/docs/thirdparty_migration/figures/modify_timeout_value.png new file mode 100644 index 0000000000000000000000000000000000000000..d9aab7593b2a42df41103abc4ca5a1eb7c6e34d3 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/modify_timeout_value.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run1.png b/docs/zh/docs/thirdparty_migration/figures/run1.png new file mode 100644 index 0000000000000000000000000000000000000000..1c653188ef2d6874a07a5dc185139339dc502dbc Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run1.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run2.png b/docs/zh/docs/thirdparty_migration/figures/run2.png new file mode 100644 index 0000000000000000000000000000000000000000..7d17f2d56c7adf3ccc9ef7a5e53da636561d8795 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run2.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run3.png b/docs/zh/docs/thirdparty_migration/figures/run3.png new file mode 100644 index 0000000000000000000000000000000000000000..cc4d4fbd02e4d60017d5599b74b0fda90843353c Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run3.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run4.png b/docs/zh/docs/thirdparty_migration/figures/run4.png new file mode 100644 index 0000000000000000000000000000000000000000..05ff12603bbabfb188f05c7f47551016b7aa110f Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run4.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run5.png b/docs/zh/docs/thirdparty_migration/figures/run5.png new file mode 100644 index 0000000000000000000000000000000000000000..e149c3286189a4ef4cc93f7add118f43e20cc96c Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run5.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/run6.png b/docs/zh/docs/thirdparty_migration/figures/run6.png new file mode 100644 index 0000000000000000000000000000000000000000..27c9263dbf447a0199a2a8d12af1192661efa7bb Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/run6.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/stack.png b/docs/zh/docs/thirdparty_migration/figures/stack.png new file mode 100644 index 0000000000000000000000000000000000000000..ffde91858cfd4c5e17ea64649cf7d47d3231afe0 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/stack.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/startvm.png b/docs/zh/docs/thirdparty_migration/figures/startvm.png new file mode 100644 index 0000000000000000000000000000000000000000..1254e08e85b6f515791b258e12b9ac4891cc1ffd Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/startvm.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/vmlist.png b/docs/zh/docs/thirdparty_migration/figures/vmlist.png new file mode 100644 index 0000000000000000000000000000000000000000..830261f13c434327c8bb9a01cc4fb5e6988a01c2 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/vmlist.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/x86_build_fail.png b/docs/zh/docs/thirdparty_migration/figures/x86_build_fail.png new file mode 100644 index 0000000000000000000000000000000000000000..2d91001fa9c76c3154fdaffa31c4b2befc4f34c0 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/x86_build_fail.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/yumarm.png b/docs/zh/docs/thirdparty_migration/figures/yumarm.png new file mode 100644 index 0000000000000000000000000000000000000000..538df33bcb5134c2a3f50b12cc5097d25bab1c76 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/yumarm.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/yumx86.png b/docs/zh/docs/thirdparty_migration/figures/yumx86.png new file mode 100644 index 0000000000000000000000000000000000000000..880f54f8836ad7992345e74075ff355209a08f70 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/yumx86.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836364.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836364.png new file mode 100644 index 0000000000000000000000000000000000000000..092be1b363b87b5890c1e825e38f8cc4a6b07980 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836364.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836374.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836374.png new file mode 100644 index 0000000000000000000000000000000000000000..7b407c4ac75025d0beb65a231a30b1129776a45b Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296836374.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837434.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837434.png new file mode 100644 index 0000000000000000000000000000000000000000..e947112112a9dff8c3e1d7460dbf00bf2e167adb Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837434.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837436.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837436.png new file mode 100644 index 0000000000000000000000000000000000000000..de9500feba2988934b130bf876a9134e65919f9c Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296837436.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838174.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838174.png new file mode 100644 index 0000000000000000000000000000000000000000..771a238544b18a196e8dc4fce484c037ece281c0 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838174.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838176.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838176.png new file mode 100644 index 0000000000000000000000000000000000000000..240395d4cf2625c2fd762b647d8d371eb3f010c7 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838176.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838182.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838182.png new file mode 100644 index 0000000000000000000000000000000000000000..983ec2e4e16e3570897ece58d3499f1e384d3c55 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838182.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838184.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838184.png new file mode 100644 index 0000000000000000000000000000000000000000..5ea8a5003de5e5a1a6bcbf04ccfda6be3c7591e4 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838184.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838200.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838200.png new file mode 100644 index 0000000000000000000000000000000000000000..ff90e70830df6c5c5c06dadb2446e1aad6739ad6 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838200.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838202.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838202.png new file mode 100644 index 0000000000000000000000000000000000000000..1dcf05ec51cc58c710eede1197923494c4c57f98 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838202.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838204.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838204.png new file mode 100644 index 0000000000000000000000000000000000000000..f8d858e1b97d6fb5bec2418b10fb78e47c4914bf Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838204.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838206.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838206.png new file mode 100644 index 0000000000000000000000000000000000000000..5096cabacc305fec55b581432a5cd127cae84362 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838206.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838208.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838208.png new file mode 100644 index 0000000000000000000000000000000000000000..a406893b51db2081c41c91929f17429ad3072d08 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838208.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838210.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838210.png new file mode 100644 index 0000000000000000000000000000000000000000..3d51ce1a6d6b4de233a4d3c81744f64ac18aea8a Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838210.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838212.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838212.png new file mode 100644 index 0000000000000000000000000000000000000000..49c8735599f0e0633eeb046d9f0795df2d0f5870 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838212.png differ diff --git a/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838214.png b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838214.png new file mode 100644 index 0000000000000000000000000000000000000000..8efa6420b0f2c4fbf6774fe991dcd0242a8a1ea9 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/figures/zh-cn_image_0296838214.png differ diff --git a/docs/zh/docs/thirdparty_migration/k8sinstall.md b/docs/zh/docs/thirdparty_migration/k8sinstall.md new file mode 100644 index 0000000000000000000000000000000000000000..ecb8f2c0cceaf633eec6d5f1d7169df245c7c482 --- /dev/null +++ b/docs/zh/docs/thirdparty_migration/k8sinstall.md @@ -0,0 +1,477 @@ +# k8s 迁移至 openEuler 指导 + +[[toc]] + +## 软件介绍 + +Kubernetes 集群(以下简称 K8S)是一个开源的容器集群管理平台,可以实现容器集群的自动化部署、自动扩缩容、维护等功能。Kubernetes的目标是促进完善组件和工具的生态系统,以减轻应用程序在云上运行的负担。 + +Kubernetes 集群中存在两种节点,Master 节点和 Worker 节点。Master 节点是集群的控制节点,负责整个集群的管理和控制。针对集群执行的控制命令都是发送给 Master 节点的。Worker 节点是 Kubernetes 集群中的工作负载节点,Worker 上的工作负载由 Master 分配,当某个 Worker 宕机时,Master 会将上面的工作负载转移到其他节点上去。 + +本文描述使用两个节点来搭建 Kubernetes 集群的方法,一个作为 Master 节点,另一个作为 Worker 节点。 + + +## 环境配置 + +### 软件平台 + +| 软件名称 |版本号 |安装方法 | +|:--- |:---- |:---- | +| openEuler | 20.03-LTS-SP1 |iso | +| gnu | 7.3.0 | | +| python3 | 3.7.4 | | +| bash | 5.0.11 | | + +### 必要依赖包 + +| 软件名称 |版本号 |安装方法 | +|:--- |:---- |:---- | +| docker-engine | 18.09.0-101 |见安装docker配置yum源 | +| kubelet | 1.15.10/1.18/1.16 | 见安装k8s组件 | +| kubeadm | 1.15.10/1.18/1.16 | 见安装k8s组件 | +| kubectl | 1.15.10/1.18/1.16 | 见安装k8s组件 | +| kubernetes-cni | 1.15.10/1.18/1.16 | 见安装k8s组件 | + +>![](./public_sys-resources/icon-note.gif) **说明:** +>本文适用于 K8S 1.15.10/1.18/1.16 三个版本,本文以 1.15.10 版本为例说明。 + +## 系统配置 + + +### 修改主机配置 + +分别编辑 Master 和 Worker 节点的`/etc/hosts` 文件,在文件末尾添加 Master 和 Worker 节点的IP。 + +``` +192.168.122.72 master +192.168.122.130 worker +``` + +### 安装 docker 配置 yum 源 + +1. 可选,官方发布的镜像中已配置好 yum 源,不需要另外配置。如系统中没有配置任何 openEuler yum 源,则需要按照如下操作新增 repo 文件,`baseurl`值以发布版本中的源地址为准。 +* aarch64架构 + ``` + $ vim /etc/yum.repos.d/openEuler_aarch64.repo + ``` + + ![](./figures/yumarm.png) + +* x86架构 + + ``` + $ vim /etc/yum.repos.d/openEuler_x86_64.repo + ``` + + ![](./figures/yumx86.png) + +2. 分别在 Master 和 Worker 节点上执行。 +清除缓存中的软件包及旧的headers,重新建立缓存。 + + ``` + $ yum clean all + $ yum makecache + ``` +3. 安装docker并启动相关服务,输出Docker的状态。 + + ``` + $ yum -y install docker-engine + $ systemctl daemon-reload + $ systemctl status docker + $ systemctl restart docker + $ systemctl status docker + $ systemctl enable docker + ``` + +### 关闭防火墙和selinux + +由于 nftables 后端兼容性问题,产生了重复的防火墙规则,需要关闭防火墙;为了使容器可以访问宿主机的文件系统,需要关闭 selinux。 + +分别在 Master 和 Worker 节点上执行如下命令,关闭防火墙和 selinux。 + +``` +$ systemctl stop firewalld +$ systemctl disable firewalld +$ setenforce 0 +$ sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config +``` + +### 配置 kubernetes yum 源 + +1. 分别在 Master 和 Worker 节点上执行如下命令,配置 kubernetes 的 yum 源。 + * aarch64架构 + ``` + cat < /etc/yum.repos.d/kubernetes.repo + + [kubernetes] + name=Kubernetes + baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-aarch64 + enable=1 + gpgcheck=1 + repo_gpgcheck=1 + gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg + http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg + EOF + ``` + + * x86架构: + ``` + cat < /etc/yum.repos.d/kubernetes.repo + + [kubernetes] + name=Kubernetes + baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 + enable=1 + gpgcheck=1 + repo_gpgcheck=1 + gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg + http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg + EOF + ``` + +2. 配置完成后,执行如下命令,清除缓存中的软件包及旧的 headers,重新建立缓存。 + ``` + $ yum clean all + $ yum makecache + ``` + + +### 关闭交换分区 + +在安装 K8S 集群时,Linux 的 Swap 内存交换机制需要关闭,否则会因为内存交换影响系统的性能和稳定性。 + +1. 分别在 Master 和 Worker 节点上执行如下命令,关闭交换分区。 + + ``` + $ swapoff -a + $ cp -p /etc/fstab /etc/fstab.bak$(date '+%Y%m%d%H%M%S') + $ sed -i "s/\/dev\/mapper\/openeuler-swap/\#\/dev\/mapper\/openeuler-swap/g" /etc/fstab + ``` + +2. 执行如下命令查看是否修改成功。 + ``` + $ cat /etc/fstab + ``` + ![](./figures/zh-cn_image_0296836364.png) + +3. 执行如下命令重启系统。 + + ``` + $ reboot + ``` + +## 软件安装 + +### 安装k8s组件 + +分别在 Master 和 Worker 节点上执行如下命令,安装 k8s 组件。 + +``` +$ yum install -y kubelet-1.15.10 kubeadm-1.15.10 kubectl-1.15.10 kubernetes-cni-0.7.5 +``` + +### 配置开机启动项 + +1. 分别在 Master 和 Worker 节点上执行如下命令,配置开机启动 kubelet。 + + ``` + $ systemctl enable kubelet + ``` + +2. 分别在 Master 和 Worker 节点上创建 `/etc/sysctl.d/k8s.conf` 文件,并添加如下内容。 + + ``` + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + net.ipv4.ip_forward = 1 + vm.swappiness=0 + ``` + +3. 分别在 Master 和 Worker 节点上执行如下命令,使修改生效。 + + ``` + $ modprobe br_netfilter + $ sysctl -p /etc/sysctl.d/k8s.conf + ``` + +### 通过Docker下载组件 + +Master 和 Worker 节点通过 Docker 下载其他组件,下载镜像时需要根据架构选择相应的版本,以下命令分别两台节点上执行,操作步骤如下。 + +1. 查看初始化所需镜像,执行如下命令,结果如图所示。 + ``` + $ kubeadm config images list + ``` + ![](./figures/downloaddocker.png) + >![](./public_sys-resources/icon-note.gif) **说明:** + > K8S所需镜像版本有可能会变动,故需查看列表匹配需要下载的Docker镜像,以下镜像版本仅供参考。 + +2. 执行如下命令,从 DockerHub 上下载镜像。 + * aarch64架构 + ``` + $ docker pull gcmirrors/kube-apiserver-arm64:v1.15.10 + $ docker pull gcmirrors/kube-controller-manager-arm64:v1.15.10 + $ docker pull gcmirrors/kube-scheduler-arm64:v1.15.10 + $ docker pull gcmirrors/kube-proxy-arm64:v1.15.10 + $ docker pull gcmirrors/pause-arm64:3.1 + $ docker pull gcmirrors/etcd-arm64:3.3.10 + $ docker pull coredns/coredns:1.3.1 + ``` + * x86架构 + ``` + $ docker pull gcmirrors/kube-apiserver-amd64:v1.15.10 + $ docker pull gcmirrors/kube-controller-manager-amd64:v1.15.10 + $ docker pull gcmirrors/kube-scheduler-amd64:v1.15.10 + $ docker pull gcmirrors/kube-proxy-amd64:v1.15.10 + $ docker pull gcmirrors/pause-amd64:3.1 + $ docker pull gcmirrors/etcd-amd64:3.3.10 + $ docker pull coredns/coredns:1.3.1 + ``` + >![](./public_sys-resources/icon-note.gif) **说明:** + >如果配置了docker镜像库代理,可以直接将标签换为“k8s.gcr.io”并省略以下步骤。 + +3. 执行如下命令,给已下载的镜像打标签。 + * aarch64架构 + ``` + $ docker tag gcmirrors/kube-apiserver-arm64:v1.15.10 k8s.gcr.io/kube-apiserver:v1.15.10 + $ docker tag gcmirrors/kube-controller-manager-arm64:v1.15.10 k8s.gcr.io/kube-controller-manager:v1.15.10 + $ docker tag gcmirrors/kube-scheduler-arm64:v1.15.10 k8s.gcr.io/kube-scheduler:v1.15.10 + $ docker tag gcmirrors/kube-proxy-arm64:v1.15.10 k8s.gcr.io/kube-proxy:v1.15.10 + $ docker tag gcmirrors/pause-arm64:3.1 k8s.gcr.io/pause:3.1 + $ docker tag gcmirrors/etcd-arm64:3.3.10 k8s.gcr.io/etcd:3.3.10 + $ docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1 + ``` + * x86架构 + ``` + $ docker tag gcmirrors/kube-apiserver-amd64:v1.15.10 k8s.gcr.io/kube-apiserver:v1.15.10 + $ docker tag gcmirrors/kube-controller-manager-amd64:v1.15.10 k8s.gcr.io/kube-controller-manager:v1.15.10 + $ docker tag gcmirrors/kube-scheduler-amd64:v1.15.10 k8s.gcr.io/kube-scheduler:v1.15.10 + $ docker tag gcmirrors/kube-proxy-amd64:v1.15.10 k8s.gcr.io/kube-proxy:v1.15.10 + $ docker tag gcmirrors/pause-amd64:3.1 k8s.gcr.io/pause:3.1 + $ docker tag gcmirrors/etcd-amd64:3.3.10 k8s.gcr.io/etcd:3.3.10 + $ docker tag coredns/coredns:1.3.1 k8s.gcr.io/coredns:1.3.1 + ``` + +4. 执行如下命令,查看上步中的镜像是否成功打上 k8s 标签,查询结果如下图所示: + + ``` + $ docker images | grep k8s + ``` + + ![](./figures/zh-cn_image_0296836374.png) + +5. 标签打好后,执行如下命令,删除当前环境上的旧镜像。 + * aarch64架构 + ``` + $ docker rmi gcmirrors/kube-apiserver-arm64:v1.15.10 + $ docker rmi gcmirrors/kube-controller-manager-arm64:v1.15.10 + $ docker rmi gcmirrors/kube-scheduler-arm64:v1.15.10 + $ docker rmi gcmirrors/kube-proxy-arm64:v1.15.10 + $ docker rmi gcmirrors/pause-arm64:3.1 + $ docker rmi gcmirrors/etcd-arm64:3.3.10 + $ docker rmi coredns/coredns:1.3.1 + ``` + * x86架构 + ``` + $ docker rmi gcmirrors/kube-apiserver-amd64:v1.15.10 + $ docker rmi gcmirrors/kube-controller-manager-amd64:v1.15.10 + $ docker rmi gcmirrors/kube-scheduler-amd64:v1.15.10 + $ docker rmi gcmirrors/kube-proxy-amd64:v1.15.10 + $ docker rmi gcmirrors/pause-amd64:3.1 + $ docker rmi gcmirrors/etcd-amd64:3.3.10 + $ docker rmi coredns/coredns:1.3.1 + ``` +### 配置 Master 节点 + +1. 在 Master 节点上执行如下命令,进行集群初始化。 + + ``` + $ systemctl daemon-reload + $ systemctl restart kubelet + $ kubeadm init --kubernetes-version v1.15.10 --pod-network-cidr=10.244.0.0/16 + ``` + 集群初始化成功后,界面显示信息如下。 + + ![](./figures/configmaster.png) + + 保存上图中的`kubeadm join`命令,在下文[Worker节点加入集群](#jump2)步骤中需要执行该命令。 + + + > ![](./public_sys-resources/icon-note.gif) **说明:** + > 使用 kubeadm 安装的 Kubernetes 会自动生成集群所需的证书。所有证书都存放在 `/etc/kubernetes/pki` 目录下。 + +2. 按照初始化成功的控制台显示信息配置集群,命令如下所示。 + + ``` + $ mkdir -p $HOME/.kube + $ cp -i /etc/kubernetes/admin.conf $HOME/.kube/config + $ chown $(id -u):$(id -g) $HOME/.kube/config + ``` + +3. 在Master节点执行如下命令,查看集群节点信息。 + ``` + $ kubectl get node + ``` + 由于还没有配置calico网络,当前node状态为未就绪。 + +### 安装calico网络插件 + +1. 分别在 Master 和 Worker 节点上执行如下命令,下载 calico 容器镜像。 + * aarch64架构 + ``` + $ docker pull calico/cni:v3.14.2-arm64 + $ docker pull calico/node:v3.14.2-arm64 + $ docker pull calico/kube-controllers:v3.14.2-arm64 + $ docker pull calico/pod2daemon-flexvol:v3.14.2-arm64 + ``` + * x86架构 + ``` + $ docker pull calico/cni:v3.14.2-amd64 + $ docker pull calico/node:v3.14.2-amd64 + $ docker pull calico/kube-controllers:v3.14.2-amd64 + $ docker pull calico/pod2daemon-flexvol:v3.14.2-amd64 + ``` +2. 分别在 Master 和 Worker 节点上执行如下命令,修改已下载的镜像标签 + * aarch64架构 + ``` + $ docker tag calico/cni:v3.14.2-arm64 calico/cni:v3.14.2 + $ docker tag calico/node:v3.14.2-arm64 calico/node:v3.14.2 + $ docker tag calico/kube-controllers:v3.14.2-arm64 calico/kube-controllers:v3.14.2 + $ docker tag calico/pod2daemon-flexvol:v3.14.2-arm64 calico/pod2daemon-flexvol:v3.14.2 + ``` + * x86架构 + ``` + $ docker tag calico/cni:v3.14.2-amd64 calico/cni:v3.14.2 + $ docker tag calico/node:v3.14.2-amd64 calico/node:v3.14.2 + $ docker tag calico/kube-controllers:v3.14.2-amd64 calico/kube-controllers:v3.14.2 + $ docker tag calico/pod2daemon-flexvol:v3.14.2-amd64 calico/pod2daemon-flexvol:v3.14.2 + ``` + +3. 执行如下命令,查看是否成功打上 calico 标签。 + + ``` + $ docker images | grep calico + ``` + ![](./figures/calicotag.png) + +3. 分别在 Master 和 Worker 节点上执行如下命令,删除旧镜像 + * aarch64架构 + ``` + $ docker rmi calico/cni:v3.14.2-arm64 + $ docker rmi calico/node:v3.14.2-arm64 + $ docker rmi calico/kube-controllers:v3.14.2-arm64 + $ docker rmi calico/pod2daemon-flexvol:v3.14.2-arm64 + ``` + * x86架构 + ``` + $ docker rmi calico/cni:v3.14.2-amd64 + $ docker rmi calico/node:v3.14.2-amd64 + $ docker rmi calico/kube-controllers:v3.14.2-amd64 + $ docker rmi calico/pod2daemon-flexvol:v3.14.2-amd64 + ``` +4. 在 Master 节点上执行如下命令,下载 yaml 文件。 + + ``` + $ wget https://docs.projectcalico.org/v3.14/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml --no-check-certificate + ``` + +5. 在 Master 节点上执行如下命令,部署 calico。 + + ``` + $ kubectl apply -f calico.yaml + ``` +5. 在 Master 节点上执行如下命令,查看节点状态,状态为 Ready 即表明安装成功。 + + ``` + $ kubectl get nodes + ``` + + +### 加入集群 + +1. 在 Worker 节点执行[配置 Master 节点](#jump1)中保存的命令,将 Worker 节点加入集群。 + + ``` + $ kubeadm join 192.168.122.72:6443 --token 9hyjsw.102m4qpmr93msfdv --discovery-token-ca-cert-hash sha256:ccf9a7762c7ae08fab3ec0649897b1de8e3ef37cf789517f42ea95fad0bd29b1 + ``` + >![](./public_sys-resources/icon-note.gif) **说明:** + >token默认有效期为24小时,若token超时,可在Master节点上执行命令`kubeadm token create --print-join-command`重新生成。 + +2. 在Master节点上执行如下命令,查看集群中加入的子节点。 + + ``` + $ kubectl get nodes + ``` + +3. 在Master节点上执行如下命令,查看集群中的 pod 状态,所有 pod 状态均为 Running 时表示配置成功,配置成功的界面显示如下图所示。 + + ``` + $ kubectl get pods -A + ``` + + ![](./figures/clusteradd.png) + + + +### 查看状态信息相关命令 + +* 查看所有 pods + + ``` + kubectl get pods -A + ``` + +* 查看当前节点上运行在某一命名空间的所有 pod。 + + ``` + kubectl get pods -n $namespace + ``` + +* 查看某一命名空间下 pod 的详细信息。 + + ``` + kubectl get pods -n $namespace -o wide + ``` + +* 查看单个 pod 信息,可用于定位 pod 状态异常问题。 + + ``` + kubectl describe pod $podname -n $namespace + ``` + +* 删除pod,删除正在运行的pod,控制器会马上再创建一个新的 + + ``` + kubectl delete pods $podname + ``` + + +## 软件卸载 + +如果不需要使用 k8s 集群时,可以按本章节操作,删除 k8s 集群,以下命令需要分别在 Master 和 Worker 节点上执行。 +1. 执行如下命令,清空 k8s 集群设置 + + ``` + $ kubeadm reset + $ rm –rf $HOME/.kube/config + ``` + +2. 执行如下命令,删除基础组件镜像。 + + ``` + $ docker rmi k8s.gcr.io/kube-apiserver:v1.15.10 + $ docker rmi k8s.gcr.io/kube-controller-manager:v1.15.10 + $ docker rmi k8s.gcr.io/kube-scheduler:v1.15.10 + $ docker rmi k8s.gcr.io/kube-proxy:v1.15.10 + $ docker rmi k8s.gcr.io/pause:3.1 + $ docker rmi k8s.gcr.io/etcd:3.3.10 + $ docker rmi k8s.gcr.io/coredns:1.3.1 + ``` + +3. 执行如下命令,卸载管理软件。 + + ``` + $ yum erase –y kubelet kubectl kubeadm kubernetes-cni + ``` + + diff --git a/docs/zh/docs/thirdparty_migration/openstack-train.md b/docs/zh/docs/thirdparty_migration/openstack-train.md new file mode 100644 index 0000000000000000000000000000000000000000..2366e17d47ca441744f02a351993bada254c05da --- /dev/null +++ b/docs/zh/docs/thirdparty_migration/openstack-train.md @@ -0,0 +1,480 @@ +# OpenStack-Train 迁移至 openEuler 指导 + +[[toc]] + +## 软件介绍 + +### OpenStack 简介 + +OpenStack 是一个社区,也是一个项目。它提供了一个部署云的操作平台或工具集,为组织提供可扩展的、灵活的云计算。 + +作为一个开源的云计算管理平台,OpenStack 由nova、neutron、glance、keystone、horizon等几个主要的组件组合起来完成具体工作。OpenStack 支持几乎所有类型的云环境,项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。OpenStack 通过各种互补的服务提供了基础设施即服务(IaaS)的解决方案,每个服务提供 API 进行集成。 + +### 适配版本 + +本文使用“Train”版本进行适配,OpenStack Train版本于2019年10月16日发布,是部署最广泛的开源云基础设施软件的第20个版本。 + +### DevStack 介绍 + +DevStack 是一组模块化脚本,运行这些脚本可以使开发人员快速轻松部署 OpenStack。这些脚本可以在裸机或虚拟机的单个节点上运行,也可以部署到多个节点。 + +DevStack 默认会安装 OpenStack 的核心服务,用户也可以修改配置文件来部署其他服务。通常,DevStack 从 git master 中拉取核心服务,也可以修改配置文件从稳定分支(stable branch)(如 stable/pike)克隆。 + +所有服务均从源安装,我们可以从[devstack.github](https://github.com/OpenStack/devstack )获取源。 + +本文使用 DevStack 脚本进行安装部署和测试,采用单机“All In One”模式,按照 CPU 架构不同,可以安装在 x86 或者 ARM 上。两者主要的安装步骤相同,仅有部分命令或者步骤有差异,具体差异点本文会有详细描述。 + + + + + +## 环境配置 + +建议部署环境内存大于 2 G。 +### 软件平台 + +| 软件名称 |版本号 |安装方法 | 备注 | +|:--- |:---- |:---- |:---- | +| openEuler | 20.03-LTS-SP1 |iso | x86可以选择虚拟机或物理机部署,ARM只能在物理机部署 | +| gcc | 7.3.0 |见必要库和依赖安装 | | +| python3 | 3.7.9 |见必要库和依赖安装 | | +| bash | 5.0 |见必要库和依赖安装 | | +| devstack | Latest |见修改 devstack 脚本和安装配置 | https://github.com/OpenStack/devstack | + +### 必要依赖包 + +| 软件名称 |版本号 |安装方法 | +|:--- |:---- |:---- | +| python3-systemd | 234 |见必要库和依赖安装 | +| pcp-system-tools | 4.1.3 |见必要库和依赖安装 | +| haproxy | 2.0.14 |见必要库和依赖安装 | +| httpd httpd-devel | 2.4.43 |见必要库和依赖安装 | +| memcached | 1.5.10 |见必要库和依赖安装 | +| python3-devel | 3.7.9 |见必要库和依赖安装 | +| libffi-devel | 3.3.7 |见必要库和依赖安装 | +| open-iscsi-devel | 2.1.1 |见必要库和依赖安装 | +| libxml2 libxml2-devel python3-libxml2 | 2.9.10 |见必要库和依赖安装 | +| python3-lxml | 4.2.3 |见必要库和依赖安装 | +| libxslt libxslt-devel | 1.1.34 |见必要库和依赖安装 | +| edk2-ovmf(x86) edk2-aarch64(ARM) edk2-devel python3-edk2-devel | 202002 |见必要库和依赖安装 | +| qemu qemu-guest-agent | 4.1.0 |见必要库和依赖安装 | +| libvirt* python3-libvirt | 6.2.0 |见必要库和依赖安装 | +| rabbitmq-server | 3.7.23 |见必要库和依赖安装 | +| python3-copr | 1.105 |见必要库和依赖安装 | +| python3-uWSGI | 2.0.19 |见必要库和依赖安装 | +| python3-mod_wsgi | 4.6.4 |见必要库和依赖安装 | +| python3-sqlalchemy python3-sqlalchemy-utils | 1.2.19 |见必要库和依赖安装 | +| python3-scss | 1.3.5 |见必要库和依赖安装 | +| openeuler-lsb | 5.0 |见必要库和依赖安装 | +| mariadb-server | 10.3.9 |见必要库和依赖安装 | + + +## 系统配置 + +### 关闭防火墙 + +1. 执行以下命令,停止防火墙。 + + ``` + # systemctl stop firewalld.service + ``` + +2. 执行以下命令,关闭防火墙。 + + ``` + # systemctl disable firewalld.service + ``` + +### 修改SELINUX为disabled + +执行以下命令,关闭 SELINUX。 + +``` +# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux +# setenforce 0 +``` + +## 软件编译 + +### 必要库和依赖安装(本地yum源) + +>![](./public_sys-resources/icon-note.gif) **说明:** +>本节内容可以通过执行自动化脚本prep_install.sh实现,详见附录。 + +执行以下命令,安装脚本执行过程中所需的必要库和依赖。 + +``` +# yum -y install tar git bash +# yum -y install python3-systemd +# yum -y install libffi-devel +# yum -y install open-iscsi-devel +# yum -y install libxml2-devel +# yum -y install python3-lxml python3-libxml2 libxslt libxslt-devel +# yum -y install pcp-system-tools +# yum -y install haproxy +# yum -y install qemu qemu-guest-agent +# yum -y install libvirt* python3-libvirt +# yum -y install httpd httpd-devel +# yum -y install memcached +# yum -y install mariadb-server +# yum -y install rabbitmq-server +# yum -y install python3-uWSGI +# yum -y install python3-mod_wsgi +# yum -y install python3-copr +# yum -y install python3-scss +# yum -y install gcc-c++ +# yum -y install python3-devel +# yum -y install python3-sqlalchemy python3-sqlalchemy-utils +# yum -y install openeuler-lsb +``` +利用 yum 源,安装 uefi 相关库,按照 CPU 架构不同,命令分别如下。 + +* x86 架构 +``` +# yum -y install edk2-ovmf edk2-devel python3-edk2-devel +``` +* ARM 架构 +``` +# yum -y install edk2-aarch64 edk2-devel python3-edk2-devel +``` + + +### 创建执行用户 + +1. 使用root用户登录待安装主机,执行以下命令创建 stack 用户来执行脚本。 + ``` + # useradd -s /bin/bash -d /home/stack -m stack + ``` + +2. 执行以下操作,为 stack 用户设置 root 用户权限,后续操作使用 stack 用户操作。 + + ``` + # chmod +w /etc/sudoers + # vi /etc/sudoers //在sudoers文件的“root ALL=(ALL) ALL”下面,加入如下内容:stack ALL=(ALL) NOPASSWD: ALL + # chmod -w /etc/sudoers + ``` + ![](./figures/createuser.png) + +### 下载 devstack 脚本 + +切换 stack 用户,执行以下命令,下载 devstack 脚本文件: + +``` +# su - stack +# git clone https://opendev.org/OpenStack/devstack +``` +以下操作均使用 stack 用户执行。 + +### 修改主机相关环境 + +>![](./public_sys-resources/icon-note.gif) **说明:** +>本节内容可以通过执行自动化脚本prep_install.sh实现,详见附录。 + +1. 执行`sudo vi /etc/httpd/conf/httpd.conf`命令,使用管理员权限在 `/etc/httpd/conf/httpd.conf` 文件中增加如下配置,使之可以加载第三方插件服务,插入位置见下图。 + + ``` + LoadModule wsgi_module modules/mod_wsgi_python3.so + ``` + ![](./figures/host_env1.png) + +2. 执行如下命令,修正 yum 安装 edk2.x86_64 (ARM 架构的安装 edk2.aarch64)相关库时的bug,注意目录及文件相关权限。 + * x86 架构 + ``` + # cd /usr/share + # sudo mkdir OVMF && sudo chmod -R 755 OVMF + # cd OVMF + # sudo ln -s ../edk2/ovmf/OVMF_CODE.fd OVMF_CODE.fd + # sudo ln -s ../edk2/ovmf/OVMF_VARS.fd OVMF_VARS.fd + ``` + + * ARM 架构 + ``` + # cd /usr/share + # sudo mkdir AAVMF && chmod -R 755 AAVMF + # cd AAVMF + # sudo ln -s ../edk2/aarch64/QEMU_EFI-pflash.raw AAVMF_CODE.fd + # sudo ln -s ../edk2/aarch64/vars-tmplate-pflash.raw AAVMF_VARS.fd + ``` + +3. 在 `/etc/libvirt/qemu.conf` 文件中增加如下配置,增加 qemu 对 uefi 的支持。 + + * x86 架构 + ``` + nvram = ["/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd","/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd"] + ``` + + * ARM 架构 + ``` + nvram = ["/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd","/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw"] + ``` + + +### 修改devstack脚本和相关配置 + +1. 执行以下命令,创建 `local.conf` 文件。 + + ``` + # cd /home/stack/devstack + # touch local.conf + ``` +2. 编辑 `local.conf` 文件,配置如下内容。 + + * x86 架构 + ``` + [[local|localrc]] + HOST_IP=172.168.132.11 ///主机ip + ADMIN_PASSWORD=a123456 ///各模块服务密码 + DATABASE_PASSWORD=d123456 + RABBIT_PASSWORD=r123456 + SERVICE_PASSWORD=s123456 + + disable_service tempest ///默认关闭测试模块的加载 + + GIT_BASE=http://git.trystack.cn ///国内git源,用来下载OpenStack组件 + NOVNC_REPO=http://git.trystack.cn/kanaka/noVNC.git + SPICE_REPO=http://git.trystack.cn/git/spice/spice-html5.git + + LOGFILE=$DEST/logs/stack.sh.log + + ``` + + * ARM 架构 + ``` + [[local|localrc]] + HOST_IP=192.168.122.8 ///主机ip + ADMIN_PASSWORD=a123456 ///各模块服务密码 + DATABASE_PASSWORD=d123456 + RABBIT_PASSWORD=r123456 + SERVICE_PASSWORD=s123456 + + disable_service tempest ///默认关闭测试模块的加载 + + GIT_BASE=http://git.trystack.cn ///国内git源,用来下载OpenStack组件 + NOVNC_REPO=http://git.trystack.cn/kanaka/noVNC.git + SPICE_REPO=http://git.trystack.cn/git/spice/spice-html5.git + + DOWNLOAD_DEFAULT_IMAGES=False ///修改mirros镜像地址,默认下载aarch64镜像 + IMAGE_URLS="https://github.com/cirros-dev/cirros/releases/download/0.5.1/cirros-0.5.1-aarch64-disk.img" + ETCD_DOWNLOAD_LOCATION=https://mirrors.huaweicloud.com/etcd/v3.3.12/etcd-v3.3.12-linux-arm64.tar.gz ///改用huaweicloud,减少脚本耗时 + + LOGFILE=$DEST/logs/stack.sh.log + + ``` +>![](./public_sys-resources/icon-note.gif) **说明:** +>本节以下内容可以通过执行自动化脚本prep_install.sh实现,详见附录。 +3. 编辑 `/home/stack/devstack/stackrc` 文件,修改下图所示字段值为 stable/train,指定待安装的 OpenStack 的版本。 + + ![](./figures/host_env5.png) + +4. devstack 维护的平台暂不包含 openEuler,修改 `/home/stack/devstack/functions-common` 文件中的 GetOSVersion 函数,使脚本识别默认使用 fedora30 模式安装,修改方法如下图所示。 + + ![](./figures/host_env6.png) + +5. 由于脚本文件中默认的 python-libvirt 版本不适配,需编辑 `/home/stack/devstack/lib/nova_plugins/functions-libvirt` 文件,注释掉安装 python-libvirt 相关代码。python-libvirt 已在openEuler-20.03-LTS-SP1 的 yum 源中手动安装。 + + ![](./figures/host_env7.png) + +6. 编辑`/home/stack/devstack/inc/python` 文件,修改`cmd_pip` 参数,参数值修改为使用国内源,如下图所示。 + + ![](./figures/host_env8.png) + +7. 修改 `/home/stack/devstack/inc/python` 文件,默认安装 glance 组件。 + + ![](./figures/host_env9.png) + +8. 修改`/home/stack/devstack/lib/neutron_plugins/services/l3` 文件,在图示位置添加如下配置。 + + ``` + # source openrc admin admin + ``` + + ![](./figures/host_env10.png) + +9. 修改`/home/stack/devstack/stackrc` 文件,修改 `VIRTUALENV_CMD` 参数值。 + + ![](./figures/host_env11.png) + + 修改完成后,保存退出,并执行以下命令: + ``` + # pip3 install virtualenv + ``` + +## 执行 devstack 脚本安装 OpenStack + +以stack用户,执行以下命令,运行 stack.sh 脚本,进行 OpenStack 单机版安装。 + +``` +# cd /home/stack/devstack +# FORCE=yes ./stack.sh +``` + +安装过程大约需要十几分钟,x86架构安装成功显示信息与ARM架构一致,此处以安装ARM架构为例,安装成功页面如下图所示。 + +![](./figures/stack.png) + +## 软件运行 + +devstack.sh 若执行成功,会在当前主机内,根据 local.conf 文件中的配置信息,安装指定的子模块,若 local.conf 中没有指定模块,则会安装所有子模块。 + +以 stack 用户执行以下命令,使用管理员登录 OpenStack 客户端。 + +``` +# source openrc admin admin +``` + +* 获取相关资源列表 + + - 执行以下命令,可以获取镜像资源列表。 + ``` + # openstack image list + ``` + - 执行以下命令,可以获取网络资源列表。 + ``` + # openstack network list + ``` + - 执行以下命令,可以获取虚拟机配置类型列表。 + ``` + # openstack flavor list + ``` + + +* 启动一个实例 + + - 使用查询到的资源,执行以下命令创建虚拟机。 + - x86 架构 + ``` + # openstack server create --image cirros-0.5.1-x86_64-disk --flavor 1 vm + ``` + + ![](./figures/startvm.png) + - ARM 架构 + ``` + # openstack server create --image cirros-0.5.1-aarch64-disk.img --flavor 1 vm + ``` + - 执行如下命令,查看虚拟机状态。 + + ``` + # openstack server list //查看虚拟机状态 + ``` + + ![](./figures/vmlist.png) + + +## 软件卸载 + +1. 分别执行以下命令,卸载并清理 devstack 生成的文件及环境配置。 + + ``` + # cd /home/stack/devstack + + # ./unstack.sh + + # ./clean.sh + ``` + +2. 删除 devstack。 + + ``` + # cd /home/stack + # rm -rf devstack + # rm -rf /opt/stack + ``` + + +## FAQ + +### openstack project list 因为网络问题有概率性失败 + +**问题现象** + +脚本执行 `openstack project list` 命令报错。 + +**问题原因** + +网络原因,执行完命令 `source openrc admin admin` 后,需要等待一段时间,再执行命令 `openstack project list` 才生效。 + +**解决方法** + +参考下图修改 `/home/stack/devstack/lib/neutron\_plugins/services/l3` 文件。 + +![](./figures/faq1.png) + + +### devstack@q-meta.service 服务概率性启动失败 + +**问题现象** + +命令 `sudo systemctl start devstack@q-meta.service` 执行失败。 + +**问题原因** + +执行 `systemctl enable devstack@q-meta.service` 命令后,要等待一段时间。 + +**解决方法** + +服务 enable 后,等待 30s 再启动。 + +参考下图修改 `/home/stack/devstack/functions-common` 文件。 + +![](./figures/zh-cn_image_0296837434.png) + +### mariadb 服务启动失败 + +**问题现象** + +mariadb 服务启动失败。 + +**问题原因** + +mysql_install_db 数据库创建失败,提示gssapi插件报错、inodb建立失败、galgare地址失效等问题。 + +**解决方法** + +由于没有使用到 gssapi插件,执行如下命令,卸载 mariadb-gssapi-server 包。 +``` +# ./unstack.sh ./clean.sh && FORCE=yes ./stack.sh +``` + + +### neutron 服务启动失败 + +**问题现象** + +neutron 服务启动过程中,有概率启动失败。 + +**问题原因** + +网络波动,导致network节点搭建失败。 + +**解决方法** + +执行如下命令,重新执行脚本。 +``` +# ./unstack.sh && FORCE=yes ./stack.sh +``` + +### pip引导失败 + +**问题现象** + +pip 引导失败,控制台报错信息为 "ERROR: Links are not allowed as constraints"。 + +**问题原因** + +pip 社区更新至20.3,版本不适配。 + +**解决方法** + +删除/opt/stack/requirement下旧的python 虚拟运行环境,参考社区解决方案 ,使用补丁修改 devstack 源码。 +在 /home/stack/devstack 目录下,执行如下命令: + +``` +# wget https://github.com/openstack/devstack/commit/7a3a7ce87.patch +# sudo yum install patch -y +# patch -p1 < 7a3a7ce87.patch +``` + +## 附录 + +自动化脚本 prep_install.sh点击[prep_install.sh](./prep_install.sh)获取。 +将脚本存放到`/home/stack`目录,执行命令 `bash -x prep_install.sh`即可完成必要库和依赖安装、修改主机相关环境和修改devstack脚本和相关配置的部分操作。 \ No newline at end of file diff --git a/docs/zh/docs/thirdparty_migration/prep_install.sh b/docs/zh/docs/thirdparty_migration/prep_install.sh new file mode 100644 index 0000000000000000000000000000000000000000..1f33823f6167cd078d4c5eeca27c0126d38694b2 --- /dev/null +++ b/docs/zh/docs/thirdparty_migration/prep_install.sh @@ -0,0 +1,142 @@ +#!/bin/bash +# This script contains the preparations before installing openstack + +HTTPD_CG="/etc/httpd/conf/httpd.conf" +QEMU_CG="/etc/libvirt/qemu.conf" + +EDK2_UEFI_PATH="/usr/share/edk2" +UEFI_DIR_ARM="/usr/share/AAVMF" +UEFI_DIR_X86="/usr/share/OVMF" +DEVSTACK_HOME="/home/stack/devstack" + +# Confirm installation mode for openstack +function install_mode() +{ + if [[ ! `rpm -qa` =~ "openeuler-lsb" ]]; then + echo "Maybe you should confirm whether openeuler-lsb is installed" + exit 1 + fi + + # init function is_openeuler + sed -i "/\# Git Functions/i\\function is_openeuler {\n\tif [[ -z \"\$os_VENDOR\" ]]; then\n\tGetOSVersion\n\tfi\n\n\t[[ \"\$os_VENDOR\" =~ (openEuler) ]]\n}\n" $DEVSTACK_HOME/functions-common + + # build function is_openeuler in functions-common + sed -i "s/elif is_fedora/elif is_fedora || is_openeuler/g" $DEVSTACK_HOME/functions-common + sed -i "/DISTRO=\"f\$os_RELEASE\"/a\ \ \ \ elif [[ \"\$os_VENDOR\" =~ (openEuler) ]]; then\n\tDISTRO=\"openEuler-\$os_RELEASE\"" $DEVSTACK_HOME/functions-common + # build function is_openeuler with remaining + grep -nir "is_fedora" | grep -v functions-common | cut -d ":" -f1 | sort | uniq | for line in `xargs` + do + sed -i "s/is_fedora/is_fedora || is_openeuler/g" $line + done + + # install glance + sed -i "/\${LIBS_FROM_GIT} = 'ALL'/i\\\ \ \ \ if [ \$name == \"glance_store\" ]; then enabled=0; fi" $DEVSTACK_HOME/inc/python + + # source openrc + sed -i "/openstack project list/i\\source openrc admin admin" $DEVSTACK_HOME/lib/neutron_plugins/services/l3 + + # Change VIRTUALENV_CMD + pip3 install virtualenv + sed -i "s/python3 -m venv/virtualenv/g" $DEVSTACK_HOME/stackrc + + # Fixed git branch + sed -i "s/master/stable\/train/g" $DEVSTACK_HOME/stackrc +} + +# Config mod_wsgi +function mod_wsgi_cg() +{ + sudo ls -al $HTTPD_CG 2>&1 > /dev/null + if [[ $? -ne 0 ]]; then + echo "Maybe you should confirm whether httpd is installed" + exit 1 + fi + + sudo sed -i "/Include conf.modules.d\/\*.conf/i\\LoadModule wsgi_module modules/mod_wsgi_python3.so" $HTTPD_CG +} + +# QEMU support for uefi +function qemu_uefi_init() +{ + sudo ls -al $QEMU_CG 2>&1 > /dev/null + if [[ $? -ne 0 ]]; then + echo "Maybe you should confirm whether qemu is installed" + exit 1 + fi + + if [[ `arch` == aarch64 ]]; then + sudo sed -i '$anvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd\",\"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw\"]' $QEMU_CG + fi + if [[ `arch` == x86_64 ]]; then + sudo sed -i '$anvram = [\"/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd\",\"/usr/share/edk2/ovmf/OVMF_CODE.fd:/usr/share/edk2/ovmf/OVMF_VARS.fd"]' $QEMU_CG + fi +} + +# Bugfix when yum install edk2 +function edk2_uefi_init() +{ + if [[ ! -d $EDK2_UEFI_PATH ]]; then + echo "Maybe you should confirm whether edk2 is installed" + exit 1 + fi + + if [[ `arch` == "aarch64" ]]; then + sudo mkdir $UEFI_DIR_ARM && pushd $UEFI_DIR_ARM + sudo ln -s $EDK2_UEFI_PATH/aarch64/QEMU_EFI-pflash.raw AAVMF_CODE.fd + sudo ln -s $EDK2_UEFI_PATH/aarch64/vars-tmplate-pflash.raw AAVMF_VARS.fd + popd + fi + if [[ `arch` == "x86_64" ]]; then + sudo mkdir $UEFI_DIR_X86 && pushd $UEFI_DIR_X86 + sudo ln -s $EDK2_UEFI_PATH/ovmf/OVMF_CODE.fd OVMF_CODE.fd + sudo ln -s $EDK2_UEFI_PATH/ovmf/OVMF_VARS.fd OVMF_VARS.fd + popd + + fi + + qemu_uefi_init +} + +# Fixed libvirt version +function libvirt_version_fixed() +{ + if [[ ! `rpm -qa` =~ "python3-libvirt" ]]; then + echo "Maybe you should confirm whether python3-libvirt is installed" + exit 1 + fi + sudo sed -i "s/pip_uninstall libvirt-python//g" $DEVSTACK_HOME/lib/nova_plugins/functions-libvirt + sudo sed -i "s/pip_install_gr libvirt-python//g" $DEVSTACK_HOME/lib/nova_plugins/functions-libvirt +} + +# The installation system script execution process must depend on +function yum_pkgs() +{ + # install base service + sudo yum install -y gcc-c++ python3-devel tar patch git + # install necessary dependences + sudo yum install -y python3-systemd + sudo yum install -y libffi-devel + sudo yum install -y open-iscsi-devel + sudo yum install -y libxml2 libxml2-devel + sudo yum install -y python3-lxml python3-libxml2 libxslt libxslt-devel + sudo yum install -y pcp-system-tools + sudo yum install -y haproxy + if [[ `arch` == "aarch64" ]]; then + sudo yum install -y edk2-aarch64 edk2-devel python3-edk2-devel + fi + if [[ `arch` == "x86_64" ]]; then + sudo yum install -y edk2-ovmf edk2-devel python3-edk2-devel + fi + sudo yum install -y libvirt* python3-libvirt && libvirt_version_fixed + sudo yum install -y qemu qemu-guest-agent && edk2_uefi_init + sudo yum install -y httpd httpd-devel + sudo yum install -y memcached + sudo yum install -y mariadb-server + sudo yum install -y rabbitmq-server + sudo yum install -y python3-uWSGI python3-mod_wsgi && mod_wsgi_cg + sudo yum install -y python3-copr python3-scss + sudo yum install -y openeuler-lsb && install_mode + sudo yum install -y python3-sqlalchemy python3-SQLAlchemy-Utils +} + +yum_pkgs diff --git a/themes/project/layouts/taxonomy/list.html b/docs/zh/docs/thirdparty_migration/public_sys-resources/.keep similarity index 100% rename from themes/project/layouts/taxonomy/list.html rename to docs/zh/docs/thirdparty_migration/public_sys-resources/.keep diff --git a/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-note.gif b/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-note.gif new file mode 100644 index 0000000000000000000000000000000000000000..6314297e45c1de184204098efd4814d6dc8b1cda Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-note.gif differ diff --git a/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-notice.gif b/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-notice.gif new file mode 100644 index 0000000000000000000000000000000000000000..86024f61b691400bea99e5b1f506d9d9aef36e27 Binary files /dev/null and b/docs/zh/docs/thirdparty_migration/public_sys-resources/icon-notice.gif differ diff --git a/docs/zh/docs/thirdparty_migration/springframework.md b/docs/zh/docs/thirdparty_migration/springframework.md new file mode 100644 index 0000000000000000000000000000000000000000..dade814ac8d04647dbdb5eb1428e966d15e8a83f --- /dev/null +++ b/docs/zh/docs/thirdparty_migration/springframework.md @@ -0,0 +1,410 @@ + +# Spring Framework迁移至 openEuler 指导 + +[[toc]] + +## 软件介绍 + +### Spring Framwork 简介 + +Spring Framework 是为解决 EJB 开发 JavaEE 程序代码冗余,配置复杂等诸多问题而引入的开源框架。Spring 作为容器,提供了对多种技术\(JMS, MQ, UnitTest\)的支持,同时通过 AOP\(事物管理,日志等\)提供了众多方便应用的辅助类,对主流框架提供了良好的支持。 + +Spring Framework 整体框架结构如 [图1](#fig1601161484619)所示 + +**图 1** Spring Framework 整体框架结构 +![](./figures/zh-cn_image_0296838174.png) + +Spring Framework 包括三个核心组件 Spring-Core、Spring-Context 和 Spring-Beans。还包括基础组件Spring-AOP、Spring-Web 和 Spring-Webmvc 等,各个组件的功能说明如下: + +**Spring-Core** +核心容器提供 Spring 框架的基本功能,主要组件是 BeanFactory ,实现对 Bean 的管理。 + +**Spring-Context** +是一个配置文件,向Spring Framework 提供上下文信息。上下文包括企业服务,例如 JNDI,EJB,电子邮件,国际化,校验和调度功能。 + +**Spring-Beans** +实现IOC\(控制反转\)的包,是 Spring Framework 的关键特性。 + +**Spring-AOP** +直接将面向切面的编程功能集成到 Spring 框架中,所以可以很容易的使用 Spring 框架管理任何对象。Spring-AOP 为基于 Spring 的应用程序中的对象提供了事物管理服务,不依赖 EJB 组件,就可以将声明性事物管理集成到应用程序中。 + +**Spring-Web** +建立在 Spring-Context 模块之上,为基于 Web 的应用程序提供上下文。 + +**Spring-Webmvc** +是一个全功能的构建 web 应用程序的 MVC 实现,容纳了大量视图技术。MVC 框架通过策略接口变成了高度可配置的。 + +从上面的介绍可以看出,IOC\(控制反转\)的实现包 Spring-Beans 和 AOP\(依赖注入\)的实现包 Spring-AOP 是整个框架的基础,而 Spring-Core 是整个框架的核心。在此基础上,Spring-Context 提供了上下文环境,为各个模块提供粘合作用。而 web 部分的功能,是依赖 Spring-Web 和 Spring-Webmvc 来实现的。 + + +### Spring Boot 和 Spring Cloud 简介 + +Spring Framework 引入到本地 maven 仓库后,就可以使用这个框架对 Java 程序进行 maven 构建。但 Spring 构建需要配置大量的 xml 文件,开发繁琐。Spring Boot 基于 Spring Framework 来构建,是一种快速构建 Spring 应用的方案,而 Spring Cloud 是构建 Spring Boot的分布式环境,也就是常说的云应用,Spring Boot 起到承上启下的作用。 + +Spring Framework、Spring Boot和Spring Cloud三者的关系如 [图2](#fig1601161484620)所示 + +**图 2** 组件关系 +![](./figures/zh-cn_image_0296838176.png) + +Spring Boot 是 Spring 的一套快速配置方案,可以用来快速开发单个微服务,Spring Cloud 是一个基于 Spring Boot 实现的云应用开发工具;Spring Boot 专注于快速、方便集成单个个体,Spring Cloud 是关注全局的服务治理框架。Spring Boot 可以离开 Spring Cloud 独立使用开发项目,但 Spring Cloud 无法离开 Spring Boot使用。 + +## 环境配置 + +建议部署环境内存大于 2 G。 + +### 软件平台 + +| 软件名称 |版本号 |安装方法 | +|:--- |:---- |:---- | +| openEuler | 20.03-LTS-SP1 |iso | +| tar | 1.32 |yum install | +| wget | 1.20.3 |yum install | +| git | 2.27 |yum install | + + +### 必要依赖包 + +| 软件名称 |版本号 |安装方法 | +|:--- |:---- |:---- | +| jdk | 1.8.0 |见基础软件安装 | +| maven | 3.5.4 |见基础软件安装 | + + +## 系统配置 + +### 配置本地 yum 源 + +若环境可以连接互联网,可不用配置本地源,直接用系统配置好的源或者自己添加其它网络源即可。 + +1. 执行以下命令,配置源文件,查看已经配置好的 yum 源的 repo 文件。 + + ``` + # cat /etc/yum.repos.d/openEuler.repo + [base] + name=base + baseurl=file:///mnt + enable=1 + gpgcheck=0 + ``` + +2. 执行以下命令,挂载源镜像。 + + ``` + # mount /root/openEuler-20.03-LTS-SP1-everything-aarch64-dvd.iso /mnt + ``` + +## 软件编译 + +## 使用本地 yum 源安装基础软件 + +1. 执行以下命令,安装 maven 构建工具。 + + ``` + # yum -y install maven + ``` + +2. 执行以下命令,利用 yum 源,安装 jdk。 + + ``` + # yum -y install java-1.8.0-openjdk-devel + ``` + +3. 安装验证,安装成功输入以下命令,分别查看 maven 和 java 的版本信息以及查看 javac 的使用方法 + + ``` + # mvn -version + # java -version + # javac -help + ``` + + ![](./figures/install1.png) + + + +### 安装 Spring Framework 到本地 maven 仓库 + +1. 执行以下命令,获取 Spring Framework 工程源码包: + + ``` + # cd /home + # wget https://github.com/Spring-projects/Spring-framework/archive/v5.2.10.RELEASE.tar.gz + # tar -xvf v5.2.10.RELEASE.tar.gz + ``` + +2. 执行以下命令,编译Spring Framework源码包,编译成功页面显示如下: + + ``` + # cd /home/spring-framework-5.2.10.RELEASE + # ./gradlew build + ``` + + ![](./figures/zh-cn_image_0296838182.png) + +3. 执行以下命令,安装 Spring Framework 到本地 maven 仓库。 + + ``` + # ./gradlew publishToMavenLocal -x javadoc -x dokka -x asciidoctor + ``` + + 安装成功后会在`/root/.m2/repository/org/`文件夹下看到 springframework 文件夹。 + ![](./figures/zh-cn_image_0296838184.png) + + +### Spring Boot工程 tomcat 用例编译 + +1. 执行以下命令,获取用例源码。 + + ``` + # cd /home + # wget https://github.com/Spring-projects/Spring-boot/archive/v1.5.4.RELEASE.tar.gz + # tar -xvf v1.5.4.RELEASE.tar.gz + # cd /home/spring-boot-1.5.4.RELEASE/spring-boot-samples/spring-boot-sample-tomcat + ``` + +2. 执行以下命令,编译工程。 + + ``` + # mvn package -DskipTests + ``` + +### Spring Cloud 工程用例编译 + +1. 执行以下命令,编译 Spring-cloud-gateway-sample 工程。 + + ``` + # cd /home + # git clone https://github.com/Spring-cloud-samples/Spring-cloud-gateway-sample.git + # cd /home/Spring-cloud-gateway-sample + # mvn package -DskipTests + ``` + +2. 执行以下命令,编译 zuul-server-1.0.0.BUILD-SNAPSHOT 工程。 + + ``` + # cd /home + # git clone https://github.com/Spring-cloud-samples/zuul-server.git + # cd /home/zuul-server + # mvn package -DskipTests + + ``` + +3. 执行以下命令,编译 eureka-0.0.1-SNAPSHOT 工程 + + ``` + # cd /home + # git clone https://github.com/Spring-cloud-samples/eureka.git + # cd /home/eureka + # mvn package -DskipTests + ``` + +4. 执行以下命令,编译 feign-eurka 工程。 + + ``` + # cd /home + # git clone https://github.com/Spring-cloud-samples/feign-eureka.git + # cd /home/feign-eureka + # mvn package -DskipTests + ``` + + +## 软件运行 + +### Spring Boot单机环境运行示例 + +1. spring-boot-sample-tomcat 若编译成功,会在工程目录的`/home/spring-boot-1.5.4.RELEASE/spring-boot-samples/spring-boot-samples-tomcat/target` 文件夹下生成 spring-boot-sample-tomcat-1.5.4.RELEASE.jar 文件,执行以下命令,运行这个 jar 文件。 + + ``` + # java -jar spring-boot-sample-tomcat-1.5.4.RELEASE.jar + ``` + +2. 待控制台出现 `tomcat start` 字样后,启动新窗口执行以下命令,查看 tomcat 服务运行状态。 + + ``` + # curl http://localhost:8080 + ``` + 回显“helloworld”即表明运行成功。 + +3. 如果要关闭 Spring-Boot 服务,在步骤 1 窗口中,按 ctrl + c 组合键关闭服务。 + +### Spring Cloud单机环境运行示例 + + +#### spring-cloud-gateway-sample 工程运行示例。 + +1. spring-cloud-gateway-sample 工程若编译成功,会在工程目录的 `/home/Spring-cloud-gateway-sample/target` 文件夹下生成 spring-cloud-gateway-sample-0.0.1-SNAPSHOT.jar 文件,执行如下命令,运行这个 jar 文件。 + + ``` + # java -jar spring-cloud-gateway-sample-0.0.1-SNAPSHOT.jar + ``` +2. 待控制台出现 `Started DemogatewayApplication` 字样后,启动新窗口执行以下命令,查看 gateway服务运行状态。返回结果如下图所示,即表明运行成功。 + + ``` + # curl http://localhost:8080/get + ``` + ![](./figures/run1.png) +3. 如果要关闭服务,在步骤 1 窗口中,按 ctrl + c 组合键关闭服务。 + +#### zuul-server工程运行示例 +1. zuul-server 需要在 eureka 工程运行后再运行。在`/home/eureka/target` 目录下,执行如下命令,启动 eureka 服务。 + + ``` + # java -jar eureka-0.0.1-SNAPSHOT.jar + ``` +2. 待控制台出现 `Started EurekaApplicattion` 字样后,启动新窗口在工程目录`/home/zuul-server/target`下执行以下命令,启动 zuul-server 服务。 + + ``` + # java -jar zuul-server-1.0.0.BUILD-SNAPSHOT.jar + ``` +3. 待控制台出现 `Started ZuulServerApplicatttion` 字样后,启动新窗口执行以下命令查看服务运行状态。 + + ``` + # curl http://localhost:8765 + ``` + zuul-server 服务启动后控制台会输出访问的端口为 8765, curl 访问本地 8765 端口,会看到返回的带有时间戳的 404 信息,同时服务端控制会记录到一次访问事件。 + + curl访问8765端口如下图所示: + + ![](./figures/run3.png) + + 用户访问时服务端打印的日志信息如下图所示: + + ![](./figures/run4.png) +4. 如果要关闭服务,在步骤 2 和 3 窗口中,按 ctrl + c 组合键关闭服务。 + +#### feign-eureka工程运行示例 +1. feign-eureka 要在 eureka 工程运行后执行,在`/home/eureka/target` 目录下,执行如下命令,启动 eureka 服务。 + + ``` + # java -jar eureka-0.0.1-SNAPSHOT.jar + ``` +2. 待控制台出现 `Started EurekaApplicattion` 字样后,启动新窗口在工程目录`/home/feign-eureka/server/target`下执行以下命令,启动 feign-eureka 工程的 server。 + + ``` + # java -jar feign-eureka-hello-server-0.0.1-SNAPSHOT.jar + ``` + +3. 待控制台出现 `Started HelloServerApplication` 字样后,启动新窗口在工程目录`/home/feign-eureka/client/target` 下执行以下命令,启动 feign-eureka 工程的 client。 + + ``` + # java -jar feign-eureka-hello-client-0.0.1-SNAPSHOT.jar + ``` + +4. 待控制台出现 `Started HelloClientApplication` 字样后,启动新窗口执行以下命令查看服务运行状态。 + ``` + # curl http://localhost:7211 + ``` + 服务启动后会在client的控制台看到,服务打开了7211端口,curl访问这个端口,获得Hello SERVER信息 + + 工程 feign-eureka 开放 7211 端口如下图所示: + + ![](./figures/run5.png) + + 访问 feign-eureka 服务查看返回结果如下图所示: + + ![](./figures/run6.png) + + + +## FAQ + + +### Spring Framework编译过程中Spring-webmvc:test 失败 + +**问题现象** + +MvcNamespaceTests.java 中的 assert 未通过测试,失败提示信息如下图所示。 + +![](./figures/zh-cn_image_0296838200.png) + +**问题原因** + +服务器回传时间存在8小时时差。 + +**解决方法** + +修改工程目录下的文件`spring-webmvc/src/test/java/org/springframework/web/servlet/config/MvcNamespaceTests.java`, + +将handler的date成员时间强制置0,与LocalDate转换的默认Time保持一致。 + +![](./figures/zh-cn_image_0296838204.png) + + +### 任务 asciidoctor 执行失败 + +**问题现象** + +提示找不到`/root/.gem/jruby/1.9`文件夹 + +![](./figures/zh-cn_image_0296838206.png) + + +**问题原因** + +部分 Spring Framework 版本使用的 Gradle 版本在 JDK9 上运行会存在问题\(由于AspectJ升级到1.9版本所导致\)。 + +**解决方法** + +执行命令 `./gradlew clean test` 进行构建 + + +### Spring-test:compileJava执行失败 + +**问题现象** + +Spring-test:compileJava执行失败,页面提示 "error:warnings found and -Werror specified" +![](./figures/zh-cn_image_0296838208.png) + + +**问题原因** + +错误提示是因为 warning 导致的错误,分析 warning 原因,一些旧的 package 已经在 repo 上不存在了\(repo源是由 build.gradle 脚本指定的\),从而导致编译时报出 warning。 + +**解决方法** + +编辑项目的 build.gradle 编译脚本,去除编译参数中的“-Werror”选项 + +![](./figures/zh-cn_image_0296838210.png) + +### repo源失效 + +**问题现象**: + +repo源无效,页面提示“Received status code 403 from server: Forbidden”。 + +![](./figures/zh-cn_image_0296838212.png) + + +**问题原因** + +偶现,一般是由于网络不稳定,或编译脚本中指定的repo源无法提供所需的包所导致。 + +**解决方法** + +检查 build.gradle 文件的 repo 源设置,是否正确,登录 repo 源,看是否存在缺失的文件。 + +![](./figures/zh-cn_image_0296838214.png) + + +以下有效的 repo 源供参考: + +[https://repo.Spring.io/plugins-release](https://repo.Spring.io/plugins-release) + +[https://repo.Springsource.org/plugins-release](https://repo.Springsource.org/plugins-release) + +### build超时导致的失败 + +**问题现象**: + +问题集中体现在网络相关模块的test不通过,例如提示信息,Task :spring-webflux:test FAILED,而且上报失败的代码位置并不是每次编译都会出现。 + +![](./figures/x86_build_fail.png) + +**问题原因** + +通过分析代码,可以得出结论,失败是因为在规定时间内得不到远端服务的回应,产生超时错误,导致构建失败。 + +**解决方法** + +根据编译错误提示的代码位置,延长超时等待时间。具体的操作:修改提示代码处.verify\(Duration.ofSeconds\(TIMEOUT\)\)或.block\(TIMEOUT\),将TIMEOUT的数值,调整为二倍大。例如下图时间一处超时时间由5秒改为10秒。 + +![](./figures/modify_timeout_value.png) \ No newline at end of file diff --git a/docs/zh/docs/thirdparty_migration/thidrparty.md b/docs/zh/docs/thirdparty_migration/thidrparty.md new file mode 100644 index 0000000000000000000000000000000000000000..effd3fd2ffc6417327884e3d257c0cbe0940d65a --- /dev/null +++ b/docs/zh/docs/thirdparty_migration/thidrparty.md @@ -0,0 +1 @@ +# 第三方软件移植指南 diff --git a/docs/zh/docs/userguide/UKUIuserguide.md b/docs/zh/docs/userguide/UKUIuserguide.md new file mode 100644 index 0000000000000000000000000000000000000000..81d5ac343cb9c2da0239a2b49736ffde5e624550 --- /dev/null +++ b/docs/zh/docs/userguide/UKUIuserguide.md @@ -0,0 +1,402 @@ + +- [基础桌面环境帮助手册](#基础桌面环境帮助手册) + - [概述](#概述) + - [桌面](#桌面) + - [桌面图标](#桌面图标) + - [右键菜单](#右键菜单) + - [任务栏](#任务栏) + - [基本功能](#基本功能) + - [多视图切换](#多视图切换) + - [预览窗口](#预览窗口) + - [侧边栏](#侧边栏) + - [通知中心](#通知中心) + - [剪切板](#剪切板) + - [托盘菜单](#托盘菜单) + - [收纳菜单](#收纳菜单) + - [输入法](#输入法) + - [U盘](#u盘) + - [电源](#电源) + - [网络](#网络) + - [1)有线网络](#1有线网络) + - [2)无线网络](#2无线网络) + - [3)网络设置窗口](#3网络设置窗口) + - [音量](#音量) + - [1)mini模式](#1mini模式) + - [2)按设备](#2按设备) + - [3)按应用](#3按应用) + - [日历](#日历) + - [夜间模式](#夜间模式) + - [高级设置](#高级设置) + - [窗口](#窗口) + - [窗口管理器](#窗口管理器) + - [窗口切换](#窗口切换) + - [开始菜单](#开始菜单) + - [基本功能](#基本功能-1) + - [右侧分类菜单](#右侧分类菜单) + - [右侧功能键](#右侧功能键) + - [用户头像](#用户头像) + - [计算机](#计算机) + - [设置](#设置) + - [电源](#电源-1) + - [锁定屏幕](#锁定屏幕) + - [切换用户和注销](#切换用户和注销) + - [关机与重启](#关机与重启) + - [高级设置](#高级设置-1) + - [应用](#应用) + - [常见问题](#常见问题) + - [锁屏后无法登录系统?](#锁屏后无法登录系统) + - [附录](#附录) + - [快捷键](#快捷键) + + + +# UKUI 用户指南 +## 概述 +桌面是用户进行图形界面操作的基础,提供了多个功能部件,包括任务栏、开始菜单等,主界面如下图所示。 + +![图 1 桌面主界面-big](./figures/1.png) + +
+ +## 桌面 +### 桌面图标 +系统默认放置了计算机、回收站、个人三个图标,鼠标左键双击即可打开页面,功能如下表。 + + +| 图标 | 说明 | +| :------------ | :------------ | +| ![](./figures/icon1.png) | 计算机:显示连接到本机的驱动器和硬件| +| ![](./figures/icon2.png) | 回收站:显示除移的文件| +| ![](./figures/icon3.png) | 主文件夹:显示个人主目录| + + +另外,右键单击“计算机”,选择“属性”,可显示当前系统版本、内核版本等相关信息。 + +![图 2 “计算机”-“属性”-big](./figures/2.png) + +### 右键菜单 +在桌面空白处单击鼠标右键,出现的菜单如下图所示,为用户提供了一些快捷功能。 + +![图 3 右键菜单](./figures/3.png) + +部分选项说明如表 2。 + +| 选项 | 说明| +| :------------ | :------------ | +| 新 建 | 可新建文件夹、文本文档、WPS文件 | +| 视图类型 | 提供四种视图类型:小图标、中图标、大图标、超大图标 | +| 排序方式 | 提供根据文件名称、文件类型、文件大小、修改日期排列的四种方式| + +
+ +## 任务栏 +### 基本功能 +任务栏位于底部,包括开始菜单、多视图切换、文件浏览器、Firefox网络浏览器、WPS、托盘菜单。 + +![图 4 任务栏](./figures/4.png) + +| 组件 | 说明 | +| :------------ | :------------ | +|![](./figures/icon4.png)| 开始菜单,用于弹出系统菜单,可查找应用和文件 | +|![](./figures/icon5.png)| 多视图切换,可在多个工作区互不干扰进行操作| +|![](./figures/icon6.png)| 文件浏览器,可浏览和管理系统中的文件| +|![](./figures/icon7.png)| Firefox网页浏览器,提供便捷安全的上网方式| +|![](./figures/icon8.png)| WPS办公套件,可以实现办公软件最常用的文字、表格、演示等多种功能| +|窗口显示区 |横条中间空白部分;显示正在运行的程序或打开的文档,可进行关闭窗口、窗口置顶操作。| +|![](./figures/icon9.png)| 托盘菜单,包含了对声音、麒麟天气、网络连接、输入法、通知中心、日期、夜间模式的设置| +|显示桌面| 按钮位于最右侧;最小化桌面的所有窗口,返回桌面;再次单击将恢复窗口| + +
+ +#### 多视图切换 +点击任务栏“![](./figures/icon10-o.png)”图标,即可进入如下图所示界面,在多个工作区内选择当下需要工作的操作区。 + +![图 5 多视图切换-big](./figures/5.png) + +#### 预览窗口 +用户将鼠标移动到任务栏的应用图标上,会对该应用打开的窗口进行小窗口预览,悬停在指定窗口如下图所示为悬停状态,该窗口会微微呈现毛玻璃效果(左),其余窗口为默认状态(右)。 + +![图 6 任务栏预览窗口](./figures/6.png) + +用户通过鼠标右键点击任务栏的应用图标,可关闭该应用。 + +![图 7 任务栏右键预览](./figures/7.png) + +#### 侧边栏 +侧边栏位于整个桌面的右侧,点击任务栏托盘菜单中的“![](./figures/icon11-o.png)”图标打开收纳菜单,点击侧边栏“![](./figures/icon12-o.png)”图标,弹出侧边栏如下图所示。 + +侧边栏由两部分构成:通知中心、剪切板和小插件。 + +![图 8 侧边栏无消息状态-big](./figures/8.png) + +##### 通知中心 +通知中心将会显示重要的近期最新的重要信息列表,选择右上角“清空”可将信息列表清空;用户可通过选择右上角“设置”跳转进入控制面板的通知设置界面,能设置显示信息的应用,以及信息的数量。 + +![图 9 通知中心-big](./figures/9.png) + +右侧工作区可设置为按应用折叠的模式。 + +![图 10 按应用折叠通知消息-big](./figures/10.png) + +侧边栏右上角“![](./figures/icon13-o.png)”图标可收纳不重要信息,可以打开不重要的和已被设置为收纳的应用软件信息,消息超过999+后显示成![](./figures/icon14-o.png)的形式表示无穷大。 + +![图 11 消息收纳箱](./figures/11.png) + +##### 剪切板 +剪切板可保存近期选择复制或剪切的内容,同时可通过表上说明的图标进行相应操作。 + +其中点击“![](./figures/icon15-o.png)”图标,可对剪切板的内容进行编辑。 + +|图标| 说明| 图标 |说明 | +| :------------ | :------------ | :------------ | :------------ | +|![](./figures/icon16.png)| 复制剪切板上的该内容 |![](./figures/icon18.png)| 编辑剪切板上的该内容 | +|![](./figures/icon17.png)| 删除剪切板上的该内容 | | | + +
+ +![图 12 剪切板](./figures/12.png) + +![图 13 编辑选中实的剪切板内容](./figures/13.png) + +剪切板的第二个标签为小插件,插件包含:闹钟、笔记本、用户反馈,可供用户快捷选择。 + +![图 14 小插件](./figures/14.png) + +#### 托盘菜单 +##### 收纳菜单 +点击任务栏托盘菜单中的“![](./figures/icon19-o.png)”图标打开收纳菜单,收纳菜单中可收纳麒麟天气、输入法、蓝牙、u盘等小工具。 + +![图 15 收纳菜单](./figures/15.png) + +##### 输入法 +任务栏输入法默认为搜狗输入法,使用快捷键“Ctrl+Space”可切换出来,“Shift”按键切换中英文模式。 + +![图 16 输入法](./figures/16.png) + +##### U盘 +U盘插入主机后,自动读取U盘数据,点击任务栏中U盘“![](./figures/icon26-o.png)”图标弹窗如下图所示。 + +需要卸载U盘时仅需点击弹出“![](./figures/icon27-o.png)”图标即可。 + +![图 17 U盘状态窗口](./figures/17.png) + +##### 电源 +没有检测到电源设备时,用户通过点击鼠标左键任务栏中电源“![](./figures/icon28-o.png)”图标。 + +![图 18 无电源设备](./figures/18.png) + +若检测到接入的电源设备,用户通过点击鼠标左键任务栏中电源“![](./figures/icon29-o.png)”图标。 + +![图 19 电源管理器窗口](./figures/19.png) + +用户通过点击鼠标右键任务栏中电源“![](./figures/icon30-o.png)”图标,弹出电源管理器设置菜单,设置调整屏幕亮度、设置电源和休眠两项。 + +![图 20 电源管理器设置](./figures/20.png) + +若电源管理器弹出“电池电量不足”的弹窗后,用户可点击开启节能模式,电源管理器则即刻将本机设为节能模式运行。 + +![图 21 电池电量不足开启节能模式](./figures/21.png) + +##### 网络 +用户通过鼠标左键点击任务栏上的网络“![](./figures/icon31-o.png)”图标,可根据需要选择有线和无线两种网络连接方式。 + +|图标 |说明| 图标 |说明 | +| :------------ | :------------ | :------------ | :------------ | +|![](./figures/icon32.png)| 网络已连接 |![](./figures/icon37.png)| 网络未连接 | +|![](./figures/icon33.png)| 网络连接受限 |![](./figures/icon38.png)| 网络已上锁 | +|![](./figures/icon34.png)| 网络正在连接 |![](./figures/icon39.png)| Wifi已连接 | +|![](./figures/icon35.png)| Wifi未连接 |![](./figures/icon40.png)| Wifi连接受限 | +|![](./figures/icon36.png)| Wifi已上锁 |![](./figures/icon41.png)| Wifi正在连接 | + +
+ +![图 22 网络连接界面](./figures/22.png) + +###### 1)有线网络 +在有线网络连接界面,点击有线网络方案即可展开,查看网络的详细信息。 + +![图 23 有线网络连接](./figures/23.png) + +###### 2)无线网络 +无线网络连接,点击右上角开关按钮打开无线网络连接,并在可用无线网络列表中选择需要连接的WiFi,并键入密码即可通过WiFi上网。 + +![图 24 无线网络连接](./figures/24.png) + +###### 3)网络设置窗口 +用户通过鼠标右键点击任务栏上的网络“![](./figures/icon42-o.png)”图标,弹出网络设置菜单。 + +![图 25 有线网络设置](./figures/25.png) + +点击设置网络,即刻进入网络设置窗口。 + +![图 26 网络设置窗口](./figures/26.png) + +##### 音量 +用户通过鼠标左键点击任务栏上的音量“![](./figures/icon43-o.png)”图标,打开声音界面。 + +###### 1)mini模式 +音量min模式,仅显示扬声器的音量。 + +![图 27 音量min模式](./figures/27.png) + +###### 2)按设备 +音量按设备标签包括输出设备、输入设备。 + +![图 28 按设备音量列表](./figures/28.png) + +###### 3)按应用 +音量按应用标签包括系统音量、其他应用音量。 + +![图 29 按应用音量列表](./figures/29.png) + +##### 日历 +用户通过鼠标左键点击任务栏上的时间日期弹出日历窗口,查看日历、月历、年历窗口。 + +用户可通过筛选年 > 月 > 日查看一日信息,会以大字显示当日日期,并有当日的时间、星期、节气、农历,点击下方宜忌勾选可查看。 + +![图 30 日历查看-big](./figures/30.png) + +##### 夜间模式 +用户通过鼠标左键点击任务栏上的夜间模式“![](./figures/icon44-o.png)”图标,可设置为夜间模式。 + +#### 高级设置 +右键单击任务栏,出现的菜单。 + +![图 31 任务栏右键菜单](./figures/31.png) + +用户可对任务栏的布局进行设定,在“设置任务栏”中可进行相关设置。 + +
+ +## 窗口 +### 窗口管理器 +窗口管理器为用户提供了如表所示的功能。 + +|功能 |说明 | +| :--------| :----------| +|窗口标题栏| 显示当前窗口的标题名称 | +|最小化/最大化/关闭 |标题栏右侧的三个图标按钮,分别对应最小化窗口、最大化窗口、关闭窗口的功能 | +|侧边滑动 |在窗口右侧提供滑动条,可上下滚动查看页面 | +|窗口堆叠| 允许窗口之间产生重叠 | +|窗口拖拽 |在窗口标题栏长按鼠标左键,可移动窗口到任意位置 | +|窗口大小调整 |将鼠标移至窗口四角,长按左键,可任意调整窗口大小 | + +
+ +### 窗口切换 +用户有三种方式可以切换: + +* 在任务栏上点击窗口标题; + +* 在桌面上点击不同窗口; + +* 使用快捷键< Alt > + < Tab >; + +
+ +## 开始菜单 +### 基本功能 +单击“开始菜单”按钮,菜单具备滑动条功能。 + +![图 32 开始菜单主界面](./figures/32.png) + +#### 右侧分类菜单 +用户将鼠标停留在开始菜单右侧,会出现一个右侧预展开的提示栏,点击展开,即在右侧默认显示三个分类:“常用软件”、“字母分类”、“功能分类”,其中: + +* 所有软件:列出所有软件,近期使用过的软件将会在此页面置顶显示。 + +* 字母分类:列出系统根据首字母进行分类显示所有软件。 + +* 功能分类:列出系统根据功能进行分类显示所有软件。 + +用户可通过点击右上角开始菜单的全屏图标,查看全屏菜单。 + +![图 33 全屏开始菜单-big](./figures/33.png) + +#### 右侧功能键 +右下侧显示用户头像、计算机、设置和电源四个选项。 + +##### 用户头像 +点击“![](./figures/icon45-o.png)”图标,进入控制面板查看用户信息。 + +##### 计算机 +点击“![](./figures/icon46-o.png)”图标进入计算机:个人主文件夹。 + +##### 设置 +点击“![](./figures/icon47-o.png)”图标进入控制面板。 + +##### 电源 +###### 锁定屏幕 +当用户暂时不需要使用计算机时,可以选择锁屏(不会影响系统当前的运行状态),防止误操作;用户返回后,输入密码即可重新进入系统。 + +在默认设置下,系统在一段空闲时间后,将自动锁定屏幕。 + +锁屏界面如下图所示。 + +![图 34 锁屏界面-big](./figures/34.png) + +###### 切换用户和注销 +当要选择其他用户登录使用计算机时,可选择“注销”或“切换用户”。 + +此时,系统会关闭所有正在运行的应用;所以,在执行此操作前,请先保存当前工作。 + +###### 关机与重启 +有两种操作方式: + +1)“开始菜单” > “电源” > “关机” + +会弹出对话框,用户可根据需要选择重启或关机。 + +![图 35 关闭系统对话框-big](./figures/35.png) + +2)“开始菜单” > “关机” 按钮右边菜单 > “关机”/“重启” + +系统将直接关机/重启,不再弹出对话框。 + +### 高级设置 +右键单击开始菜单图标,提供锁屏、切换用户、注销、重启、关闭五个快捷选项。 + +### 应用 +用户可以在搜索框中,通过关键字搜索应用。如下图所示,可输入中文,如:搜索用户手册,查询结果会随着输入自动显示出来。 + +![图 36 搜索应用](./figures/36.png) + +通过右键点击开始菜单中的某个应用,弹出右键菜单,可将选中应用固定到“所有软件”、任务栏,可添加该应用到桌面方式,可快捷卸载该应用。 + +![图 37 应用的右键菜单](./figures/37.png) + +各个选项说明如下表。 + +|选项 |说明 | +| :------| :-------- +|固定到所有用软件 |将选中软件在所有软件列表中置顶 | +|固定到任务栏 |在任务栏上生成应用的图标 | +|添加到桌面快捷方式| 在桌面生成应用的快捷方式图标 | +|卸载| 卸载软件 | + +
+ +## 常见问题 + +### 锁屏后无法登录系统? +* 通过Ctrl + Alt + F1切换到字符终端。 + +* 输入用户名和密码后登录。 + +* 执行命令“sudo rm -rf ~/.Xauthority”。 + +* 通过Ctrl + Alt + F7切回图形界面,输入用户密码登录。 + +
+ +## 附录 +### 快捷键 + +|快捷键 |功能 | +| :------ | :----- | +|F5| 刷新桌面 | +|F1 |打开用户手册 | +|Alt + Tab |切换窗口 | +|win |打开开始菜单 | +|Ctrl + Alt + L| 锁屏 | +|Ctrl + Alt + Delete| 注销 | \ No newline at end of file diff --git a/docs/zh/docs/userguide/figures/1.png b/docs/zh/docs/userguide/figures/1.png new file mode 100644 index 0000000000000000000000000000000000000000..40af4242eebb440a76c749a8d970d50cd7b89bf4 Binary files /dev/null and b/docs/zh/docs/userguide/figures/1.png differ diff --git a/docs/zh/docs/userguide/figures/10.png b/docs/zh/docs/userguide/figures/10.png new file mode 100644 index 0000000000000000000000000000000000000000..e588ffbe3d8d7b66d92ae8f2b4bcec7c80d0592c Binary files /dev/null and b/docs/zh/docs/userguide/figures/10.png differ diff --git a/docs/zh/docs/userguide/figures/11.png b/docs/zh/docs/userguide/figures/11.png new file mode 100644 index 0000000000000000000000000000000000000000..1989a5bb08155f920363e154e68bb148715c7e9e Binary files /dev/null and b/docs/zh/docs/userguide/figures/11.png differ diff --git a/docs/zh/docs/userguide/figures/12.png b/docs/zh/docs/userguide/figures/12.png new file mode 100644 index 0000000000000000000000000000000000000000..cb6346161182d2cfeaf3818d5ec518ddb11c732e Binary files /dev/null and b/docs/zh/docs/userguide/figures/12.png differ diff --git a/docs/zh/docs/userguide/figures/13.png b/docs/zh/docs/userguide/figures/13.png new file mode 100644 index 0000000000000000000000000000000000000000..0a7def1fb66c90da62acde799eaffca97e3b5396 Binary files /dev/null and b/docs/zh/docs/userguide/figures/13.png differ diff --git a/docs/zh/docs/userguide/figures/14.png b/docs/zh/docs/userguide/figures/14.png new file mode 100644 index 0000000000000000000000000000000000000000..3a27a66d57e284775420d467f90dcc02889bbffe Binary files /dev/null and b/docs/zh/docs/userguide/figures/14.png differ diff --git a/docs/zh/docs/userguide/figures/15.png b/docs/zh/docs/userguide/figures/15.png new file mode 100644 index 0000000000000000000000000000000000000000..370bea32abcaa8a2b06a1a61c1455d4b35f43474 Binary files /dev/null and b/docs/zh/docs/userguide/figures/15.png differ diff --git a/docs/zh/docs/userguide/figures/16.png b/docs/zh/docs/userguide/figures/16.png new file mode 100644 index 0000000000000000000000000000000000000000..812ee462669c5263ef4bffc49ca4f9b6af4541c6 Binary files /dev/null and b/docs/zh/docs/userguide/figures/16.png differ diff --git a/docs/zh/docs/userguide/figures/17.png b/docs/zh/docs/userguide/figures/17.png new file mode 100644 index 0000000000000000000000000000000000000000..36e524b806874fa3788f5e4dcd78350686281107 Binary files /dev/null and b/docs/zh/docs/userguide/figures/17.png differ diff --git a/docs/zh/docs/userguide/figures/18.png b/docs/zh/docs/userguide/figures/18.png new file mode 100644 index 0000000000000000000000000000000000000000..51b32442980aa60646f77dabd53ade74f55891fe Binary files /dev/null and b/docs/zh/docs/userguide/figures/18.png differ diff --git a/docs/zh/docs/userguide/figures/19.png b/docs/zh/docs/userguide/figures/19.png new file mode 100644 index 0000000000000000000000000000000000000000..c9457d09aa9f1662b2c9e4550cdbdb9f57dd020e Binary files /dev/null and b/docs/zh/docs/userguide/figures/19.png differ diff --git a/docs/zh/docs/userguide/figures/2.png b/docs/zh/docs/userguide/figures/2.png new file mode 100644 index 0000000000000000000000000000000000000000..97917cc245484a43bec8562757d920a06f123121 Binary files /dev/null and b/docs/zh/docs/userguide/figures/2.png differ diff --git a/docs/zh/docs/userguide/figures/20.png b/docs/zh/docs/userguide/figures/20.png new file mode 100644 index 0000000000000000000000000000000000000000..b0943189920d7a541d35da27340593ea93f92a17 Binary files /dev/null and b/docs/zh/docs/userguide/figures/20.png differ diff --git a/docs/zh/docs/userguide/figures/21.png b/docs/zh/docs/userguide/figures/21.png new file mode 100644 index 0000000000000000000000000000000000000000..e590c22c0ea28906b5f4ea7ccbc6ab11e47ad173 Binary files /dev/null and b/docs/zh/docs/userguide/figures/21.png differ diff --git a/docs/zh/docs/userguide/figures/22.png b/docs/zh/docs/userguide/figures/22.png new file mode 100644 index 0000000000000000000000000000000000000000..03a548b1ffb1f0ad53cfa5387af2721af90bca81 Binary files /dev/null and b/docs/zh/docs/userguide/figures/22.png differ diff --git a/docs/zh/docs/userguide/figures/23.png b/docs/zh/docs/userguide/figures/23.png new file mode 100644 index 0000000000000000000000000000000000000000..834c492094715cde1c02c91752ecabfe7921ed62 Binary files /dev/null and b/docs/zh/docs/userguide/figures/23.png differ diff --git a/docs/zh/docs/userguide/figures/24.png b/docs/zh/docs/userguide/figures/24.png new file mode 100644 index 0000000000000000000000000000000000000000..1881e868b74a60888b319576fa38fb4af92ba75c Binary files /dev/null and b/docs/zh/docs/userguide/figures/24.png differ diff --git a/docs/zh/docs/userguide/figures/25.png b/docs/zh/docs/userguide/figures/25.png new file mode 100644 index 0000000000000000000000000000000000000000..f38839725d27a3486984d152e5d9de305364fbd2 Binary files /dev/null and b/docs/zh/docs/userguide/figures/25.png differ diff --git a/docs/zh/docs/userguide/figures/26.png b/docs/zh/docs/userguide/figures/26.png new file mode 100644 index 0000000000000000000000000000000000000000..6d7957119133ecb98b1b6b104e54a3a4647ec2a5 Binary files /dev/null and b/docs/zh/docs/userguide/figures/26.png differ diff --git a/docs/zh/docs/userguide/figures/27.png b/docs/zh/docs/userguide/figures/27.png new file mode 100644 index 0000000000000000000000000000000000000000..3e4733717fdc5172d6479b393005219e65e96df4 Binary files /dev/null and b/docs/zh/docs/userguide/figures/27.png differ diff --git a/docs/zh/docs/userguide/figures/28.png b/docs/zh/docs/userguide/figures/28.png new file mode 100644 index 0000000000000000000000000000000000000000..a77772e818e3f6c11acac3b9cfa18bad14a0a48c Binary files /dev/null and b/docs/zh/docs/userguide/figures/28.png differ diff --git a/docs/zh/docs/userguide/figures/29.png b/docs/zh/docs/userguide/figures/29.png new file mode 100644 index 0000000000000000000000000000000000000000..c4f58ffe5855295268298448744e5aadbdc55276 Binary files /dev/null and b/docs/zh/docs/userguide/figures/29.png differ diff --git a/docs/zh/docs/userguide/figures/3.png b/docs/zh/docs/userguide/figures/3.png new file mode 100644 index 0000000000000000000000000000000000000000..fbb76b336957020ed6867d908e0a8bdcfc953c52 Binary files /dev/null and b/docs/zh/docs/userguide/figures/3.png differ diff --git a/docs/zh/docs/userguide/figures/30.png b/docs/zh/docs/userguide/figures/30.png new file mode 100644 index 0000000000000000000000000000000000000000..d91adefba1753959e90ccf4aa1501ac08d7144bd Binary files /dev/null and b/docs/zh/docs/userguide/figures/30.png differ diff --git a/docs/zh/docs/userguide/figures/31.png b/docs/zh/docs/userguide/figures/31.png new file mode 100644 index 0000000000000000000000000000000000000000..0abef09ab438f5f8cfb68090993f55c493b8c15e Binary files /dev/null and b/docs/zh/docs/userguide/figures/31.png differ diff --git a/docs/zh/docs/userguide/figures/32.png b/docs/zh/docs/userguide/figures/32.png new file mode 100644 index 0000000000000000000000000000000000000000..d567cfbacc07a9eb46ff2c54a68432f45e034e94 Binary files /dev/null and b/docs/zh/docs/userguide/figures/32.png differ diff --git a/docs/zh/docs/userguide/figures/33.png b/docs/zh/docs/userguide/figures/33.png new file mode 100644 index 0000000000000000000000000000000000000000..7b5896e2884520672c0bd88d68471b45a09c56fe Binary files /dev/null and b/docs/zh/docs/userguide/figures/33.png differ diff --git a/docs/zh/docs/userguide/figures/34.png b/docs/zh/docs/userguide/figures/34.png new file mode 100644 index 0000000000000000000000000000000000000000..81bc9480fbbd81a97c559d7a6a74274deeab2bd1 Binary files /dev/null and b/docs/zh/docs/userguide/figures/34.png differ diff --git a/docs/zh/docs/userguide/figures/35.png b/docs/zh/docs/userguide/figures/35.png new file mode 100644 index 0000000000000000000000000000000000000000..ab2399847a643a87279337704e23fea7609bb211 Binary files /dev/null and b/docs/zh/docs/userguide/figures/35.png differ diff --git a/docs/zh/docs/userguide/figures/36.png b/docs/zh/docs/userguide/figures/36.png new file mode 100644 index 0000000000000000000000000000000000000000..536981609b9ae5d32be56bec612f2b3446146184 Binary files /dev/null and b/docs/zh/docs/userguide/figures/36.png differ diff --git a/docs/zh/docs/userguide/figures/37.png b/docs/zh/docs/userguide/figures/37.png new file mode 100644 index 0000000000000000000000000000000000000000..e39aa03587642dc1f8622fff515b05a9a3085b28 Binary files /dev/null and b/docs/zh/docs/userguide/figures/37.png differ diff --git a/docs/zh/docs/userguide/figures/4.png b/docs/zh/docs/userguide/figures/4.png new file mode 100644 index 0000000000000000000000000000000000000000..5078e36aca713706d2cf08a3ebecdc3769951899 Binary files /dev/null and b/docs/zh/docs/userguide/figures/4.png differ diff --git a/docs/zh/docs/userguide/figures/5.png b/docs/zh/docs/userguide/figures/5.png new file mode 100644 index 0000000000000000000000000000000000000000..2976a745cfaede26594d6daa01cfc18d18b1de8b Binary files /dev/null and b/docs/zh/docs/userguide/figures/5.png differ diff --git a/docs/zh/docs/userguide/figures/6.png b/docs/zh/docs/userguide/figures/6.png new file mode 100644 index 0000000000000000000000000000000000000000..275c23872f2353f007371672714902babcc3db53 Binary files /dev/null and b/docs/zh/docs/userguide/figures/6.png differ diff --git a/docs/zh/docs/userguide/figures/7.png b/docs/zh/docs/userguide/figures/7.png new file mode 100644 index 0000000000000000000000000000000000000000..4d397959ac7f6d166ef5a3b7084bd5c3c93b475f Binary files /dev/null and b/docs/zh/docs/userguide/figures/7.png differ diff --git a/docs/zh/docs/userguide/figures/8.png b/docs/zh/docs/userguide/figures/8.png new file mode 100644 index 0000000000000000000000000000000000000000..8ade274092d7b3e461c96d7909a9d89d3a944f09 Binary files /dev/null and b/docs/zh/docs/userguide/figures/8.png differ diff --git a/docs/zh/docs/userguide/figures/9.png b/docs/zh/docs/userguide/figures/9.png new file mode 100644 index 0000000000000000000000000000000000000000..f7b2215404929346f1a814b0b1d6d482559c08b5 Binary files /dev/null and b/docs/zh/docs/userguide/figures/9.png differ diff --git a/docs/zh/docs/userguide/figures/icon1.png b/docs/zh/docs/userguide/figures/icon1.png new file mode 100644 index 0000000000000000000000000000000000000000..9bac00355cf4aa57d32287fd4271404f6fd3fd4d Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon1.png differ diff --git a/docs/zh/docs/userguide/figures/icon10-o.png b/docs/zh/docs/userguide/figures/icon10-o.png new file mode 100644 index 0000000000000000000000000000000000000000..d6c56d1a64c588d86f8fe510c74e5a7c4cb810d4 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon10-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon11-o.png b/docs/zh/docs/userguide/figures/icon11-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon11-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon12-o.png b/docs/zh/docs/userguide/figures/icon12-o.png new file mode 100644 index 0000000000000000000000000000000000000000..f1f0f59dd3879461a0b5bc0632693a4a4124def3 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon12-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon13-o.png b/docs/zh/docs/userguide/figures/icon13-o.png new file mode 100644 index 0000000000000000000000000000000000000000..c05a981b29d8ad11c6682f796f79b4cafd0f088b Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon13-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon14-o.png b/docs/zh/docs/userguide/figures/icon14-o.png new file mode 100644 index 0000000000000000000000000000000000000000..b21deee4d98593d93fb5f72158d2d78f3d3f1cb9 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon14-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon15-o.png b/docs/zh/docs/userguide/figures/icon15-o.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon15-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon16.png b/docs/zh/docs/userguide/figures/icon16.png new file mode 100644 index 0000000000000000000000000000000000000000..f271594dda9d3ad0f038c9d719dd68c3e82c59f1 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon16.png differ diff --git a/docs/zh/docs/userguide/figures/icon17.png b/docs/zh/docs/userguide/figures/icon17.png new file mode 100644 index 0000000000000000000000000000000000000000..dbe58b89347c857920bce25f067fbd11c308e502 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon17.png differ diff --git a/docs/zh/docs/userguide/figures/icon18.png b/docs/zh/docs/userguide/figures/icon18.png new file mode 100644 index 0000000000000000000000000000000000000000..1827a20e9da4d28e35e8ab2eae739b2fec37b385 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon18.png differ diff --git a/docs/zh/docs/userguide/figures/icon19-o.png b/docs/zh/docs/userguide/figures/icon19-o.png new file mode 100644 index 0000000000000000000000000000000000000000..47a1f2cb7f99b583768c7cbd7e05a57f302dbe8a Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon19-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon2.png b/docs/zh/docs/userguide/figures/icon2.png new file mode 100644 index 0000000000000000000000000000000000000000..9101e4b386df065a87d422bc5a0b287528ea5ec7 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon2.png differ diff --git a/docs/zh/docs/userguide/figures/icon20.png b/docs/zh/docs/userguide/figures/icon20.png new file mode 100644 index 0000000000000000000000000000000000000000..4de3c7c695893539967245ea5e269b26e2b735be Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon20.png differ diff --git a/docs/zh/docs/userguide/figures/icon21.png b/docs/zh/docs/userguide/figures/icon21.png new file mode 100644 index 0000000000000000000000000000000000000000..e7b4320b6ce1fd4adb52525ba2c60983ffb2eed3 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon21.png differ diff --git a/docs/zh/docs/userguide/figures/icon22.png b/docs/zh/docs/userguide/figures/icon22.png new file mode 100644 index 0000000000000000000000000000000000000000..43bfa96965ad13e0a34ead3cb1102a76b9346a23 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon22.png differ diff --git a/docs/zh/docs/userguide/figures/icon23.png b/docs/zh/docs/userguide/figures/icon23.png new file mode 100644 index 0000000000000000000000000000000000000000..aee221ddaa81d06fa7bd5b89a624da90cd1e53da Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon23.png differ diff --git a/docs/zh/docs/userguide/figures/icon24.png b/docs/zh/docs/userguide/figures/icon24.png new file mode 100644 index 0000000000000000000000000000000000000000..a9e5d700431ca1666fe9eda2cefce5dd2f83bdcd Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon24.png differ diff --git a/docs/zh/docs/userguide/figures/icon25.png b/docs/zh/docs/userguide/figures/icon25.png new file mode 100644 index 0000000000000000000000000000000000000000..3de0f9476bbee9e89c3b759afbed968f17b5bbcc Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon25.png differ diff --git a/docs/zh/docs/userguide/figures/icon26-o.png b/docs/zh/docs/userguide/figures/icon26-o.png new file mode 100644 index 0000000000000000000000000000000000000000..2293a893caf6d89c3beb978598fe7f281e68e7d5 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon26-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon27-o.png b/docs/zh/docs/userguide/figures/icon27-o.png new file mode 100644 index 0000000000000000000000000000000000000000..abbab8e40f7e3ca7c2a6f28ff78f08f15117828e Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon27-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon28-o.png b/docs/zh/docs/userguide/figures/icon28-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon28-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon29-o.png b/docs/zh/docs/userguide/figures/icon29-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon29-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon3.png b/docs/zh/docs/userguide/figures/icon3.png new file mode 100644 index 0000000000000000000000000000000000000000..930ee8909e89e3624c581f83d713af271cd96c75 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon3.png differ diff --git a/docs/zh/docs/userguide/figures/icon30-o.png b/docs/zh/docs/userguide/figures/icon30-o.png new file mode 100644 index 0000000000000000000000000000000000000000..e40d45fc0a9d2af93280ea14e01512838bb3c3dc Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon30-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon31-o.png b/docs/zh/docs/userguide/figures/icon31-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon31-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon32.png b/docs/zh/docs/userguide/figures/icon32.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon32.png differ diff --git a/docs/zh/docs/userguide/figures/icon33.png b/docs/zh/docs/userguide/figures/icon33.png new file mode 100644 index 0000000000000000000000000000000000000000..88ed145b25f6f025ad795ceb012500e0944cb54c Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon33.png differ diff --git a/docs/zh/docs/userguide/figures/icon34.png b/docs/zh/docs/userguide/figures/icon34.png new file mode 100644 index 0000000000000000000000000000000000000000..8247f52a3424c81b451ceb318f4a7979a5eddece Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon34.png differ diff --git a/docs/zh/docs/userguide/figures/icon35.png b/docs/zh/docs/userguide/figures/icon35.png new file mode 100644 index 0000000000000000000000000000000000000000..7c656e9030b94809a57c7e369921e6a585f3574c Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon35.png differ diff --git a/docs/zh/docs/userguide/figures/icon36.png b/docs/zh/docs/userguide/figures/icon36.png new file mode 100644 index 0000000000000000000000000000000000000000..7d29d173e914dfff48245d3d3a4d42575ce2d1db Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon36.png differ diff --git a/docs/zh/docs/userguide/figures/icon37.png b/docs/zh/docs/userguide/figures/icon37.png new file mode 100644 index 0000000000000000000000000000000000000000..58be4c621b6638115153e361801deb9ee06634d8 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon37.png differ diff --git a/docs/zh/docs/userguide/figures/icon38.png b/docs/zh/docs/userguide/figures/icon38.png new file mode 100644 index 0000000000000000000000000000000000000000..0c861ccb891f4fb5e533eb7f7151a8fce1571f17 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon38.png differ diff --git a/docs/zh/docs/userguide/figures/icon39.png b/docs/zh/docs/userguide/figures/icon39.png new file mode 100644 index 0000000000000000000000000000000000000000..b1ba1f347452d0cd1c06c6c51d2cdf5aea5e490b Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon39.png differ diff --git a/docs/zh/docs/userguide/figures/icon4.png b/docs/zh/docs/userguide/figures/icon4.png new file mode 100644 index 0000000000000000000000000000000000000000..548dc8b648edb73ff1dd8a0266e8479203e72ca0 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon4.png differ diff --git a/docs/zh/docs/userguide/figures/icon40.png b/docs/zh/docs/userguide/figures/icon40.png new file mode 100644 index 0000000000000000000000000000000000000000..9c29dd1e9a1bf22c36abf51cb18fa9e47b455fab Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon40.png differ diff --git a/docs/zh/docs/userguide/figures/icon41.png b/docs/zh/docs/userguide/figures/icon41.png new file mode 100644 index 0000000000000000000000000000000000000000..9e8aea527a2119433fffec5a8800ebfa4fa5062f Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon41.png differ diff --git a/docs/zh/docs/userguide/figures/icon42-o.png b/docs/zh/docs/userguide/figures/icon42-o.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon42-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon42.png b/docs/zh/docs/userguide/figures/icon42.png new file mode 100644 index 0000000000000000000000000000000000000000..25959977f986f433ddf3d66935f8d2c2bc6ed86b Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon42.png differ diff --git a/docs/zh/docs/userguide/figures/icon43-o.png b/docs/zh/docs/userguide/figures/icon43-o.png new file mode 100644 index 0000000000000000000000000000000000000000..284bdd551baf25beb4143013402e77a1a4c60ccb Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon43-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon44-o.png b/docs/zh/docs/userguide/figures/icon44-o.png new file mode 100644 index 0000000000000000000000000000000000000000..810f4d784ee140dbf562e67a0d3fd391272626a5 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon44-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon45-o.png b/docs/zh/docs/userguide/figures/icon45-o.png new file mode 100644 index 0000000000000000000000000000000000000000..3e528ce2c98284f020ae4912a853f5864526396b Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon45-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon46-o.png b/docs/zh/docs/userguide/figures/icon46-o.png new file mode 100644 index 0000000000000000000000000000000000000000..ec6a3ca0fe57016f3685981ed518493ceea1c855 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon46-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon47-o.png b/docs/zh/docs/userguide/figures/icon47-o.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeaba98d908775bd363a8ffcec27c3b6a214013 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon47-o.png differ diff --git a/docs/zh/docs/userguide/figures/icon5.png b/docs/zh/docs/userguide/figures/icon5.png new file mode 100644 index 0000000000000000000000000000000000000000..e4206b7b584bf0702c7cb2f03a3a41e20bfba844 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon5.png differ diff --git a/docs/zh/docs/userguide/figures/icon6.png b/docs/zh/docs/userguide/figures/icon6.png new file mode 100644 index 0000000000000000000000000000000000000000..88ced3587e9a42b145fe11393726f40aba9d1b2c Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon6.png differ diff --git a/docs/zh/docs/userguide/figures/icon7.png b/docs/zh/docs/userguide/figures/icon7.png new file mode 100644 index 0000000000000000000000000000000000000000..05fe8aa38c84ca0c0c99b0b005ddec2f2ba42f4a Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon7.png differ diff --git a/docs/zh/docs/userguide/figures/icon8.png b/docs/zh/docs/userguide/figures/icon8.png new file mode 100644 index 0000000000000000000000000000000000000000..01543c3e0f5e96a023b4e1f0859a03e3a0dafd56 Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon8.png differ diff --git a/docs/zh/docs/userguide/figures/icon9.png b/docs/zh/docs/userguide/figures/icon9.png new file mode 100644 index 0000000000000000000000000000000000000000..a07c9ab8e51decd9a3bca8c969d2ae95bd68512c Binary files /dev/null and b/docs/zh/docs/userguide/figures/icon9.png differ diff --git a/docs/zh/menu/menu.json b/docs/zh/menu/menu.json new file mode 100644 index 0000000000000000000000000000000000000000..6218084de6db77092cfa11526dd295f0d7637b13 --- /dev/null +++ b/docs/zh/menu/menu.json @@ -0,0 +1,920 @@ +[ + { + "label": "法律声明", + "path": "docs/Releasenotes/法律声明", + "children": [ + + ] + }, + { + "label": "发行说明", + "path": "docs/Releasenotes/release_notes", + "children": [ + { + "label": "用户须知", + "path": "docs/Releasenotes/用户须知", + "children": [ + + ] + }, + { + "label": "简介", + "path": "docs/Releasenotes/简介", + "children": [ + + ] + }, + { + "label": "系统安装", + "path": "docs/Releasenotes/系统安装", + "children": [ + + ] + }, + { + "label": "关键特性", + "path": "docs/Releasenotes/关键特性", + "children": [ + + ] + }, + { + "label": "已知问题", + "path": "docs/Releasenotes/已知问题", + "children": [ + + ] + }, + { + "label": "已修复问题", + "path": "docs/Releasenotes/已修复问题", + "children": [ + + ] + }, + { + "label": "CVE漏洞", + "path": "docs/Releasenotes/CVE漏洞", + "children": [ + + ] + }, + { + "label": "源代码", + "path": "docs/Releasenotes/源代码", + "children": [ + + ] + }, + { + "label": "参与贡献", + "path": "docs/Releasenotes/参与贡献", + "children": [ + + ] + }, + { + "label": "致谢", + "path": "docs/Releasenotes/致谢", + "children": [ + + ] + } + ] + }, + { + "label": "快速入门", + "path": "docs/Quickstart/quick-start", + "children": [ + + ] + }, + { + "label": "安装指南", + "path": "docs/Installation/installation", + "children": [ + { + "label": "安装在服务器", + "path": "docs/Installation/安装在服务器", + "children": [ + { + "label": "安装准备", + "path": "docs/Installation/安装准备", + "children": [] + }, + { + "label": "安装方式介绍", + "path": "docs/Installation/安装方式介绍", + "children": [] + }, + { + "label": "安装指导", + "path": "docs/Installation/安装指导", + "children": [] + }, + { + "label": "使用kickstart自动化安装", + "path": "docs/Installation/使用kickstart自动化安装", + "children": [] + }, + { + "label": "安装UKUI", + "path": "docs/Installation/安装UKUI", + "children": [] + }, + { + "label": "安装DDE", + "path": "docs/Installation/安装DDE", + "children": [] + }, + { + "label": "FAQ", + "path": "docs/Installation/FAQ", + "children": [] + } + ] + }, + { + "label": "安装在树莓派", + "path": "docs/Installation/安装在树莓派", + "children": [ + { + "label": "安装准备", + "path": "docs/Installation/安装准备-1", + "children": [] + }, + { + "label": "安装方式介绍", + "path": "docs/Installation/安装方式介绍-1", + "children": [] + }, + { + "label": "安装指导", + "path": "docs/Installation/安装指导-1", + "children": [] + }, + { + "label": "FAQ", + "path": "docs/Installation/FAQ-1", + "children": [] + }, + { + "label": "更多资源", + "path": "docs/Installation/更多资源", + "children": [] + } + ] + } + ] + }, + { + "label": "管理员指南", + "path": "docs/Administration/administration", + "children": [ + { + "label": "查看系统信息", + "path": "docs/Administration/查看系统信息", + "children": [ + + ] + }, + { + "label": "基础配置", + "path": "docs/Administration/基础配置", + "children": [ + + ] + }, + { + "label": "管理用户和用户组", + "path": "docs/Administration/管理用户和用户组", + "children": [ + + ] + }, + { + "label": "使用DNF管理软件包", + "path": "docs/Administration/使用DNF管理软件包", + "children": [ + + ] + }, + { + "label": "管理服务", + "path": "docs/Administration/管理服务", + "children": [ + + ] + }, + { + "label": "管理进程", + "path": "docs/Administration/管理进程", + "children": [ + + ] + }, + { + "label": "配置网络", + "path": "docs/Administration/配置网络", + "children": [ + + ] + }, + { + "label": "使用LVM管理硬盘", + "path": "docs/Administration/使用LVM管理硬盘", + "children": [ + + ] + }, + { + "label": "使用KAE加速引擎", + "path": "docs/Administration/使用KAE加速引擎", + "children": [ + + ] + }, + { + "label": "搭建服务", + "path": "docs/Administration/搭建服务", + "children": [ + { + "label": "搭建repo服务器", + "path": "docs/Administration/搭建repo服务器", + "children": [ + + ] + }, + { + "label": "搭建FTP服务器", + "path": "docs/Administration/搭建FTP服务器", + "children": [ + + ] + }, + { + "label": "搭建web服务器", + "path": "docs/Administration/搭建web服务器", + "children": [ + + ] + }, + { + "label": "搭建数据库服务器", + "path": "docs/Administration/搭建数据库服务器", + "children": [ + + ] + } + ] + }, + { + "label": "FAQ", + "path": "docs/Administration/FAQ-54", + "children": [ + + ] + } + ] + }, + { + "label": "安全加固指南", + "path": "docs/SecHarden/secHarden", + "children": [ + { + "label": "操作系统加固概述", + "path": "docs/SecHarden/操作系统加固概述", + "children": [ + ] + }, + { + "label": "加固指导", + "path": "docs/SecHarden/加固指导", + "children": [ + { + "label": "账户口令", + "path": "docs/SecHarden/账户口令", + "children": [ + + ] + }, + { + "label": "授权认证", + "path": "docs/SecHarden/授权认证", + "children": [ + + ] + }, + { + "label": "系统服务", + "path": "docs/SecHarden/系统服务", + "children": [ + + ] + }, + { + "label": "文件权限", + "path": "docs/SecHarden/文件权限", + "children": [ + + ] + }, + { + "label": "内核参数", + "path": "docs/SecHarden/内核参数", + "children": [ + + ] + }, + { + "label": "SELinux配置", + "path": "docs/SecHarden/SELinux配置", + "children": [ + + ] + } + ] + }, + { + "label": "安全加固工具", + "path": "docs/SecHarden/安全加固工具", + "children": [ + + ] + }, + { + "label": "附录", + "path": "docs/SecHarden/附录", + "children": [ + + ] + } + ] + }, + { + "label": "虚拟化用户指南", + "path": "docs/Virtualization/virtualization", + "children": [ + { + "label": "认识虚拟化", + "path": "docs/Virtualization/认识虚拟化", + "children": [ + + ] + }, + { + "label": "安装虚拟化", + "path": "docs/Virtualization/安装虚拟化", + "children": [ + + ] + }, + { + "label": "准备使用环境", + "path": "docs/Virtualization/准备使用环境", + "children": [ + + ] + }, + { + "label": "虚拟机配置", + "path": "docs/Virtualization/虚拟机配置", + "children": [ + + ] + }, + { + "label": "管理虚拟机", + "path": "docs/Virtualization/管理虚拟机", + "children": [ + + ] + }, + { + "label": "热迁移虚拟机", + "path": "docs/Virtualization/热迁移虚拟机", + "children": [ + + ] + }, + { + "label": "管理系统资源", + "path": "docs/Virtualization/管理系统资源", + "children": [ + + ] + }, + { + "label": "管理设备", + "path": "docs/Virtualization/管理设备", + "children": [ + + ] + }, + { + "label": "最佳实践", + "path": "docs/Virtualization/最佳实践", + "children": [ + + ] + }, + { + "label": "工具使用指南", + "path": "docs/Virtualization/工具使用指南", + "children": [ + { + "label": "vmtop", + "path": "docs/Virtualization/vmtop", + "children": [] + }, + { + "label": "LibcarePlus", + "path": "docs/Virtualization/LibcarePlus", + "children": [] + } + ] + }, + { + "label": "附录", + "path": "docs/Virtualization/附录", + "children": [ + + ] + } + ] + }, + { + "label": "容器用户指南", + "path": "docs/Container/container", + "children": [ + { + "label": "iSula容器引擎", + "path": "docs/Container/iSula容器引擎", + "children": [ + { + "label": "安装、升级与卸载", + "path": "docs/Container/安装-升级与卸载", + "children": [ + { + "label": "安装与配置", + "path": "docs/Container/安装与配置", + "children": [ + + ] + }, + { + "label": "升级", + "path": "docs/Container/升级", + "children": [ + + ] + }, + { + "label": "卸载", + "path": "docs/Container/卸载", + "children": [ + + ] + } + ] + }, + { + "label": "使用指南", + "path": "docs/Container/使用指南", + "children": [ + { + "label": "容器管理", + "path": "docs/Container/容器管理", + "children": [ + + ] + }, + { + "label": "支持CNI网络", + "path": "docs/Container/支持CNI网络", + "children": [ + + ] + }, + { + "label": "特权容器", + "path": "docs/Container/特权容器", + "children": [ + + ] + }, + { + "label": "CRI接口", + "path": "docs/Container/CRI接口", + "children": [ + + ] + }, + { + "label": "镜像管理", + "path": "docs/Container/镜像管理", + "children": [ + + ] + }, + { + "label": "容器健康状态检查", + "path": "docs/Container/容器健康状态检查", + "children": [ + + ] + }, + { + "label": "查询信息", + "path": "docs/Container/查询信息", + "children": [ + + ] + }, + { + "label": "安全特性", + "path": "docs/Container/安全特性", + "children": [ + + ] + }, + { + "label": "支持OCI hooks", + "path": "docs/Container/支持OCI-hooks", + "children": [ + + ] + }, + { + "label": "本地卷管理", + "path": "docs/Container/本地卷管理", + "children": [] + } + ] + }, + { + "label": "附录", + "path": "docs/Container/附录", + "children": [ + + ] + } + ] + }, + { + "label": "系统容器", + "path": "docs/Container/系统容器", + "children": [ + { + "label": "安装指导", + "path": "docs/Container/安装指导", + "children": [ + + ] + }, + { + "label": "使用指南", + "path": "docs/Container/使用指南-1", + "children": [ + { + "label": "指定rootfs创建容器", + "path": "docs/Container/指定rootfs创建容器", + "children": [ + + ] + }, + { + "label": "通过systemd启动容器", + "path": "docs/Container/通过systemd启动容器", + "children": [ + + ] + }, + { + "label": "容器内reboot/shutdown", + "path": "docs/Container/容器内reboot-shutdown", + "children": [ + + ] + }, + { + "label": "cgroup路径可配置", + "path": "docs/Container/cgroup路径可配置", + "children": [ + + ] + }, + { + "label": "namespace化内核参数可写", + "path": "docs/Container/namespace化内核参数可写", + "children": [ + + ] + }, + { + "label": "共享内存通道", + "path": "docs/Container/共享内存通道", + "children": [ + + ] + }, + { + "label": "动态加载内核模块", + "path": "docs/Container/动态加载内核模块", + "children": [ + + ] + }, + { + "label": "环境变量持久化", + "path": "docs/Container/环境变量持久化", + "children": [ + + ] + }, + { + "label": "最大句柄数限制", + "path": "docs/Container/最大句柄数限制", + "children": [ + + ] + }, + { + "label": "安全性和隔离性", + "path": "docs/Container/安全性和隔离性", + "children": [ + + ] + }, + { + "label": "容器资源动态管理", + "path": "docs/Container/容器资源动态管理", + "children": [ + + ] + } + ] + }, + { + "label": "附录", + "path": "docs/Container/附录-2", + "children": [ + + ] + } + ] + }, + { + "label": "安全容器", + "path": "docs/Container/安全容器", + "children": [ + { + "label": "安装与配置", + "path": "docs/Container/安装与配置-2", + "children": [ + + ] + }, + { + "label": "使用方法", + "path": "docs/Container/使用方法-1", + "children": [ + { + "label": "管理安全容器的生命周期", + "path": "docs/Container/管理安全容器的生命周期", + "children": [ + + ] + }, + { + "label": "为安全容器配置资源", + "path": "docs/Container/为安全容器配置资源", + "children": [ + + ] + }, + { + "label": "为安全容器配置网络", + "path": "docs/Container/为安全容器配置网络", + "children": [ + + ] + }, + { + "label": "监控安全容器", + "path": "docs/Container/监控安全容器", + "children": [ + + ] + } + ] + }, + { + "label": "附录", + "path": "docs/Container/附录-3", + "children": [ + + ] + } + ] + }, + { + "label": "Docker容器", + "path": "docs/Container/Docker容器", + "children": [ + { + "label": "安装配置", + "path": "docs/Container/安装配置-3", + "children": [ + + ] + }, + { + "label": "容器管理", + "path": "docs/Container/容器管理-3", + "children": [ + + ] + }, + { + "label": "镜像管理", + "path": "docs/Container/镜像管理-3", + "children": [ + + ] + }, + { + "label": "命令行参考", + "path": "docs/Container/命令行参考", + "children": [ + { + "label": "容器引擎", + "path": "docs/Container/容器引擎-4", + "children": [ + + ] + }, + { + "label": "容器管理", + "path": "docs/Container/容器管理-4", + "children": [ + + ] + }, + { + "label": "镜像管理", + "path": "docs/Container/镜像管理-4", + "children": [ + + ] + }, + { + "label": "统计信息", + "path": "docs/Container/统计信息-4", + "children": [ + + ] + } + ] + } + ] + }, + { + "label": "容器工具", + "path": "docs/Container/容器工具", + "children": [ + { + "label": "isula-build构建工具", + "path": "docs/Container/isula-build构建工具", + "children": [ + + ] + }, + { + "label": "isula-transform迁移工具", + "path": "docs/Container/isula-transform迁移工具", + "children": [ + + ] + } + ] + } + ] + }, + { + "label": "A-Tune用户指南", + "path": "docs/A-Tune/A-Tune", + "children": [ + { + "label": "认识A-Tune", + "path": "docs/A-Tune/认识A-Tune", + "children": [ + + ] + }, + { + "label": "安装与部署", + "path": "docs/A-Tune/安装与部署", + "children": [ + + ] + }, + { + "label": "使用方法", + "path": "docs/A-Tune/使用方法", + "children": [ + + ] + }, + { + "label": "常见问题与解决方法", + "path": "docs/A-Tune/常见问题与解决方法", + "children": [ + + ] + }, + { + "label": "附录", + "path": "docs/A-Tune/附录", + "children": [ + + ] + } + ] + }, + { + "label": "应用开发指南", + "path": "docs/ApplicationDev/application-development", + "children": [ + { + "label": "开发环境准备", + "path": "docs/ApplicationDev/开发环境准备", + "children": [ + + ] + }, + { + "label": "使用GCC编译", + "path": "docs/ApplicationDev/使用GCC编译", + "children": [ + + ] + }, + { + "label": "使用make编译", + "path": "docs/ApplicationDev/使用make编译", + "children": [ + + ] + }, + { + "label": "使用JDK编译", + "path": "docs/ApplicationDev/使用JDK编译", + "children": [ + + ] + }, + { + "label": "构建RPM包", + "path": "docs/ApplicationDev/构建RPM包", + "children": [ + + ] + } + ] + }, + { + "label": "第三方软件移植指南", + "path": "docs/thirdparty_migration/thidrparty", + "children": [ + { + "label": "OpenStack-train迁移至openEuler指导", + "path": "docs/thirdparty_migration/openstack-train", + "children": [ + + ] + }, + { + "label": "K8S迁移至openEuler指导", + "path": "docs/thirdparty_migration/k8sinstall", + "children": [ + + ] + }, + { + "label": "SpringFramework迁移至openEuler指导", + "path": "docs/thirdparty_migration/springframework", + "children": [ + + ] + } + ] + }, + { + "label": "UKUI用户指南", + "path": "docs/userguide/UKUIuserguide", + "children": [ + + ] + } +] diff --git a/package.json b/package.json new file mode 100644 index 0000000000000000000000000000000000000000..909a6f70df873bedaef61403ce6b5ec24ad3dd5e --- /dev/null +++ b/package.json @@ -0,0 +1,16 @@ +{ + "name": "website-v2", + "version": "0.0.1", + "description": "", + "main": "index.js", + "scripts": { + "dev": "vuepress dev docs", + "build": "vuepress build docs" + }, + "keywords": [], + "author": "", + "license": "", + "dependencies": { + "vuepress": "^1.5.2" + } +} diff --git a/rdocs/en/openEuler 1.0 Installation Guide.pdf b/rdocs/en/openEuler 1.0 Installation Guide.pdf deleted file mode 100644 index 7a6a2cdb852d5f2502e13b5b8ce46a915072410f..0000000000000000000000000000000000000000 Binary files a/rdocs/en/openEuler 1.0 Installation Guide.pdf and /dev/null differ diff --git a/rdocs/en/openEuler 20.03 LTS A-Tune User Guide.pdf b/rdocs/en/openEuler 20.03 LTS A-Tune User Guide.pdf deleted file mode 100644 index c5a43911b4fa7839ab5f5eb0bc38818c8bb8b34a..0000000000000000000000000000000000000000 Binary files a/rdocs/en/openEuler 20.03 LTS A-Tune User Guide.pdf and /dev/null differ diff --git a/rdocs/en/openEuler 20.03 LTS Administrator Guide.pdf b/rdocs/en/openEuler 20.03 LTS Administrator Guide.pdf deleted file mode 100644 index 2039b90984988ae4c8e0214ebd9f033fd8490ebd..0000000000000000000000000000000000000000 Binary files a/rdocs/en/openEuler 20.03 LTS Administrator Guide.pdf and /dev/null differ diff --git a/rdocs/en/openEuler 20.03 LTS Application Development Guide.pdf b/rdocs/en/openEuler 20.03 LTS Application Development Guide.pdf deleted file mode 100644 index 5c132a743d2c7b3a27c15397c7c3acdebc8a8d1e..0000000000000000000000000000000000000000 Binary files a/rdocs/en/openEuler 20.03 LTS Application Development Guide.pdf and /dev/null differ diff --git a/rdocs/en/openEuler 20.03 LTS Container User Guide.pdf b/rdocs/en/openEuler 20.03 LTS Container User Guide.pdf deleted file mode 100644 index 79804395bd8605d0e1566405e066b66b911aff6c..0000000000000000000000000000000000000000 Binary files a/rdocs/en/openEuler 20.03 LTS Container User Guide.pdf and /dev/null differ diff --git a/rdocs/en/openEuler 20.03 LTS Installation Guide.pdf b/rdocs/en/openEuler 20.03 LTS Installation Guide.pdf deleted file mode 100644 index 9e72c47cae20bb7f523d4423d1c87c492a1a9d51..0000000000000000000000000000000000000000 Binary files a/rdocs/en/openEuler 20.03 LTS Installation Guide.pdf and /dev/null differ diff --git a/rdocs/en/openEuler 20.03 LTS Release Description.pdf b/rdocs/en/openEuler 20.03 LTS Release Description.pdf deleted file mode 100644 index 0efe706b9efd66f89a25d84ad6fdb037ef341e06..0000000000000000000000000000000000000000 Binary files a/rdocs/en/openEuler 20.03 LTS Release Description.pdf and /dev/null differ diff --git a/rdocs/en/openEuler 20.03 LTS Virtualization User Guide.pdf b/rdocs/en/openEuler 20.03 LTS Virtualization User Guide.pdf deleted file mode 100644 index 45b7a82a4f2e40d6fa1f145e7fce50c8a9b91a7f..0000000000000000000000000000000000000000 Binary files a/rdocs/en/openEuler 20.03 LTS Virtualization User Guide.pdf and /dev/null differ diff --git "a/rdocs/zh/date20200101/openEuler 1.0 \345\256\211\350\243\205\346\214\207\345\215\227.pdf" "b/rdocs/zh/date20200101/openEuler 1.0 \345\256\211\350\243\205\346\214\207\345\215\227.pdf" deleted file mode 100644 index 576eb0a1f8cdcffd68ec60df3dce8c0e729f8e7f..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200101/openEuler 1.0 \345\256\211\350\243\205\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/date20200101/openEuler 1.0 \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" "b/rdocs/zh/date20200101/openEuler 1.0 \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" deleted file mode 100644 index 032fae106298bef8d9f3dc2381c478904fd0236a..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200101/openEuler 1.0 \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/date20200101/openEuler 1.0 \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" "b/rdocs/zh/date20200101/openEuler 1.0 \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" deleted file mode 100644 index 5c9df30f521b0b5adf71044b7e87de4018b610b8..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200101/openEuler 1.0 \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/date20200115/openEuler 1.0 \345\256\211\350\243\205\346\214\207\345\215\227.pdf" "b/rdocs/zh/date20200115/openEuler 1.0 \345\256\211\350\243\205\346\214\207\345\215\227.pdf" deleted file mode 100644 index b6e6ddd880a473f80821501031441927b99712f3..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200115/openEuler 1.0 \345\256\211\350\243\205\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/date20200115/openEuler 1.0 \347\211\210\346\234\254\345\217\221\350\241\214\350\257\264\346\230\216.pdf" "b/rdocs/zh/date20200115/openEuler 1.0 \347\211\210\346\234\254\345\217\221\350\241\214\350\257\264\346\230\216.pdf" deleted file mode 100644 index 639ab676d80da674b1edc47480cbacd3b590a2ff..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200115/openEuler 1.0 \347\211\210\346\234\254\345\217\221\350\241\214\350\257\264\346\230\216.pdf" and /dev/null differ diff --git "a/rdocs/zh/date20200115/openEuler 1.0 \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" "b/rdocs/zh/date20200115/openEuler 1.0 \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" deleted file mode 100644 index 6bf63ab9e446c95e194af64ecf7308abc3ba74e2..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200115/openEuler 1.0 \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/date20200115/openEuler 1.0 \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" "b/rdocs/zh/date20200115/openEuler 1.0 \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" deleted file mode 100644 index be501ab13eee41e6cba3070ab220c0e9a47cbfdf..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200115/openEuler 1.0 \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/date20200207Base/openEuler 1.0 Base \347\211\210\346\234\254\345\217\221\350\241\214\350\257\264\346\230\216.pdf" "b/rdocs/zh/date20200207Base/openEuler 1.0 Base \347\211\210\346\234\254\345\217\221\350\241\214\350\257\264\346\230\216.pdf" deleted file mode 100644 index c766d7b2eaf6da74e8fc525b595d5bb826b45774..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200207Base/openEuler 1.0 Base \347\211\210\346\234\254\345\217\221\350\241\214\350\257\264\346\230\216.pdf" and /dev/null differ diff --git "a/rdocs/zh/date20200207Base/openEuler 1.0 \345\256\211\350\243\205\346\214\207\345\215\227.pdf" "b/rdocs/zh/date20200207Base/openEuler 1.0 \345\256\211\350\243\205\346\214\207\345\215\227.pdf" deleted file mode 100644 index 15bf70973654b6207c6921b5e58756aac752f638..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200207Base/openEuler 1.0 \345\256\211\350\243\205\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/date20200207Base/openEuler 1.0 \345\256\271\345\231\250\347\224\250\346\210\267\346\214\207\345\215\227.pdf" "b/rdocs/zh/date20200207Base/openEuler 1.0 \345\256\271\345\231\250\347\224\250\346\210\267\346\214\207\345\215\227.pdf" deleted file mode 100644 index 41141857a5e3251a251f8e2cc3d17d1a3dea0525..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200207Base/openEuler 1.0 \345\256\271\345\231\250\347\224\250\346\210\267\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/date20200207Base/openEuler 1.0 \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" "b/rdocs/zh/date20200207Base/openEuler 1.0 \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" deleted file mode 100644 index 9069a0f35cec4d4876826af08d71223f4790ce91..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200207Base/openEuler 1.0 \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/date20200207Base/openEuler 1.0 \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" "b/rdocs/zh/date20200207Base/openEuler 1.0 \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" deleted file mode 100644 index f42bf90865210637e48a83cecc6d427cf726035d..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/date20200207Base/openEuler 1.0 \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS A-Tune\347\224\250\346\210\267\346\214\207\345\215\227.pdf" "b/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS A-Tune\347\224\250\346\210\267\346\214\207\345\215\227.pdf" deleted file mode 100644 index e1b232819ded604e5156ba01f582bd2563e0f91f..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS A-Tune\347\224\250\346\210\267\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\215\207\347\272\247\346\214\207\345\257\274\344\271\246.pdf" "b/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\215\207\347\272\247\346\214\207\345\257\274\344\271\246.pdf" deleted file mode 100644 index 04e04bb92dcdc7265fa18e147d1bd1c857bf1426..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\215\207\347\272\247\346\214\207\345\257\274\344\271\246.pdf" and /dev/null differ diff --git "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\256\211\350\243\205\346\214\207\345\215\227.pdf" "b/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\256\211\350\243\205\346\214\207\345\215\227.pdf" deleted file mode 100644 index 6c2b9eef6dea506d9cc731b4aa83054a3163e45c..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\256\211\350\243\205\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\256\271\345\231\250\347\224\250\346\210\267\346\214\207\345\215\227.pdf" "b/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\256\271\345\231\250\347\224\250\346\210\267\346\214\207\345\215\227.pdf" deleted file mode 100644 index ce957156f9c572455eaa16eb7f627258d7244cb4..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\256\271\345\231\250\347\224\250\346\210\267\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\272\224\347\224\250\345\274\200\345\217\221\346\214\207\345\215\227.pdf" "b/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\272\224\347\224\250\345\274\200\345\217\221\346\214\207\345\215\227.pdf" deleted file mode 100644 index 7b120d4c9d07fbd2822b457b233c55e57d4cc4c3..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \345\272\224\347\224\250\345\274\200\345\217\221\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \347\211\210\346\234\254\345\217\221\350\241\214\350\257\264\346\230\216.pdf" "b/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \347\211\210\346\234\254\345\217\221\350\241\214\350\257\264\346\230\216.pdf" deleted file mode 100644 index 39fcb1398029a87f3c2d499a9bbf1643f34e2f17..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \347\211\210\346\234\254\345\217\221\350\241\214\350\257\264\346\230\216.pdf" and /dev/null differ diff --git "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" "b/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" deleted file mode 100644 index 262ef388677ae150e2062085396e1aed6e1235c9..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \347\256\241\347\220\206\345\221\230\346\214\207\345\215\227.pdf" and /dev/null differ diff --git "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" "b/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" deleted file mode 100644 index 072b911c841e83f70865a171eb7df99f4357b874..0000000000000000000000000000000000000000 Binary files "a/rdocs/zh/openEuler 20.03 LTS_20200324/openEuler 20.03 LTS \350\231\232\346\213\237\345\214\226\347\224\250\346\210\267\346\214\207\345\215\227.pdf" and /dev/null differ diff --git a/themes/project/.travis.yml b/themes/project/.travis.yml deleted file mode 100644 index baaea454a3f0e7ee7f045783d88f4c10add3e56e..0000000000000000000000000000000000000000 --- a/themes/project/.travis.yml +++ /dev/null @@ -1,2 +0,0 @@ -language: generic -script: docker run --rm -it -v $(pwd)/exampleSite:/src -v $(pwd):/src/themes/hugo-book klakegg/hugo:ext-alpine --enableGitInfo=false diff --git a/themes/project/LICENSE b/themes/project/LICENSE deleted file mode 100644 index e7a669ab2fdc6f7401b8472af82b0444db0ec8ed..0000000000000000000000000000000000000000 --- a/themes/project/LICENSE +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2018 Alex Shpak - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/themes/project/README.md b/themes/project/README.md deleted file mode 100644 index 35f45040833b81f824c6a27836a57a88e765049d..0000000000000000000000000000000000000000 --- a/themes/project/README.md +++ /dev/null @@ -1,275 +0,0 @@ -# Hugo Book Theme - -[![Build Status](https://travis-ci.org/alex-shpak/hugo-book.svg?branch=master)](https://travis-ci.org/alex-shpak/hugo-book) -[![Hugo](https://img.shields.io/badge/hugo-0.55-blue.svg)](https://gohugo.io) -[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE) - -### [Hugo](https://gohugo.io) documentation theme as simple as plain book - -![Screenshot](https://github.com/alex-shpak/hugo-book/blob/master/images/screenshot.png) - -- [Features](#features) -- [Installation](#installation) -- [Menu](#menu) -- [Configuration](#configuration) -- [Shortcodes](#shortcodes) -- [Contributing](#contributing) - -## Features - -- Clean simple design -- Mobile friendly -- Customisable -- Designed to not interfere with other layouts -- Zero initial configuration -- Handy shortcodes - -## Requirements - -- Hugo 0.55 or higher -- Hugo extended version, read more [here](https://gohugo.io/news/0.48-relnotes/) - -## Installation - -Navigate to your hugo project root and run: - -``` -git submodule add https://github.com/alex-shpak/hugo-book themes/book -``` - -Then run hugo (or set `theme = "book"`/`theme: book` in configuration file) - -``` -hugo server --minify --theme book -``` - -### Creating site from scratch - -Below is example how to create new site from scratch - -```sh -hugo new site mydocs; cd mydocs -git init -git submodule add https://github.com/alex-shpak/hugo-book themes/book -cp -R themes/book/exampleSite/content . -``` - -```sh -hugo server --minify --theme book -``` - -## Menu - -### File tree menu (default) - -By default theme will render pages from `content/docs` section as menu in a tree structure. -You can set `title` and `weight` in front matter of pages to adjust order and titles in menu. - -### Leaf bundle menu - -You can also use leaf bundle and content of it's `index.md` as menu. -Given you have this file structure - -``` -├── content -│ ├── docs -│ │ ├── page-one.md -│ │ └── page-two.md -│ └── posts -│ ├── post-one.md -│ └── post-two.md -``` - -Create file `content/docs/menu/index.md` with content - -```md -+++ -headless = true -+++ - -- [Book Example](/docs/) - - [Page One](/docs/page-one) - - [Page Two](/docs/page-two) -- [Blog](/posts) -``` - -And Enable it by settings `BookMenuBundle: /menu` in Site configuration - -- [Example menu](https://github.com/alex-shpak/hugo-book/blob/master/exampleSite/content/menu/index.md) -- [Example config file](https://github.com/alex-shpak/hugo-book/blob/master/exampleSite/config.yaml) -- [Leaf bundles](https://gohugo.io/content-management/page-bundles/) - -## Blog - -Simple blog supported for section `posts` - -## Configuration - -### Site Configuration - -There are few configuration options you can add to your `config.toml` file. -You can also see `yaml` example [here](https://github.com/alex-shpak/hugo-book/blob/master/exampleSite/config.yaml). - -```toml -# (Optional) Set this to true if you use capital letters in file names -disablePathToLower = true - -# (Optional) Set this to true to enable 'Last Modified by' date and git author -# information on 'doc' type pages. -enableGitInfo = true - -# (Optional) Theme is intended for documentation use, therefore it doesn't render taxonomy. -# You can remove related files with config below -disableKinds = ['taxonomy', 'taxonomyTerm'] - -[params] -# (Optional, default 6) Set how many table of contents levels to be showed on page. -# Use false to hide ToC, note that 0 will default to 6 (https://gohugo.io/functions/default/) -# You can also specify this parameter per page in front matter -BookToC = 3 - -# (Optional, default none) Set leaf bundle to render as side menu -# When not specified file structure and weights will be used -BookMenuBundle = '/menu' - -# (Optional, default docs) Specify section of content to render as menu -# You can also set value to "*" to render all sections to menu -BookSection = 'docs' - -# (Optional) This value is duplicate of $link-color for making active link highlight in menu bundle mode -# BookMenuBundleActiveLinkColor = '\#004ed0' - -# Set source repository location. -# Used for 'Last Modified' and 'Edit this page' links. -BookRepo = 'https://github.com/alex-shpak/hugo-book' - -# Enable 'Edit this page' links for 'doc' page type. -# Disabled by default. Uncomment to enable. Requires 'BookRepo' param. -# Path must point to 'content' directory of repo. -BookEditPath = 'edit/master/exampleSite/content' - -# (Optional, default January 2, 2006) Configure the date format used on the pages -# - In git information -# - In blog posts -BookDateFormat = 'Jan 2, 2006' - -# (Optional, default true) Enables search function with lunr.js, -# Index is built on fly, therefore it might slowdown your website. -BookSearch = true -``` - -### Page Configuration - -You can specify additional params per page in front matter - -```toml -# Set type to 'docs' if you want to render page outside of configured section or if you render section other than 'docs' -type = 'docs' - -# Set page weight to re-arrange items in file-tree menu (if BookMenuBundle not set) -weight = 10 - -# (Optional) Set to mark page as flat section in file-tree menu (if BookMenuBundle not set) -bookFlatSection = true - -# (Optional) Set true to hide page or section from side menu (if BookMenuBundle not set) -bookHidden = true - -# (Optional) Set how many levels of ToC to show. use 'false' to hide ToC completely -bookToC = 3 -``` - -### Partials - -There are few empty partials you can override in `layouts/partials/` - -| Partial | Placement | -| ----------------------------------------------- | -------------------------------------- | -| `layouts/partials/docs/inject/head.html` | Before closing `` tag | -| `layouts/partials/docs/inject/body.html` | Before closing `` tag | -| `layouts/partials/docs/inject/footer.html` | After page content | -| `layouts/partials/docs/inject/menu-before.html` | At the beginning of `