diff --git a/README-en.md b/README-en.md
new file mode 100644
index 0000000000000000000000000000000000000000..bda49b40489de363e69bdb704c60d30fbf42ede5
--- /dev/null
+++ b/README-en.md
@@ -0,0 +1,58 @@
+# openEuler DOCS
+
+English | [简体中文](./README.md)
+
+### Introduction
+
+DOCS contains all documents of the openEuler community, including the release notes, OS installation guide, administrator guide, virtualization, container, A-Tune user guides and application development guide.
+
+### Searching for a Document in DOCS
+
+Open the **docs** folder. The folder contains documents in Chinese (**zh** folder) and English (**en** folder). The English document is used as an example. In the **en** folder, the **docs** folder contains the content of a specific document, and the **menu** folder contains the overview of the document.
+Open the **docs** folder. The relationship between guides and folders is as follows:
+
+| folder | Content |
+|-----|-----|
+| **A-Tune** | *A-Tune User Guide* |
+| **Administrator** | *Administrator Guide* |
+| **ApplicationDev** | *Application Development Guide* |
+| **Container** | *Container User Guide* |
+| **Installation** | *Installation Guide* |
+| **Quickstart** | *Quick Start*
+| **Releasenotes** | *Release Notes*
+| **SecHarden** | *Security Hardening Guide* |
+| **Virtualization** | *Virtualization Application Guide* |
+| **userGuide** | *openEuler Toolset User Guide* |
+| **StratoVirt** | *StratoVirt User Guide* |
+
+
+### Modifying a Document
+
+When the openEuler version information is updated, the documents herein also need to be updated. Thank you for providing updates.
+
+### Checking the Relationship Between Versions and Branches
+The DOCS contains the following four branches:
+
+| Branch | Description | Documentation |
+|--------|-------------|---------------|
+| **master** | development branch, which is the default branch ||
+| **stable2-1.0\_Base** | 1.0 Base version branch | **DOCS** > **1.0 BASE** on the [openEuler community website](https://openeuler.org/) |
+| **stable2-20.03\_LTS** | 20.03 LTS version branch | **DOCS** > **20.03 LTS** on the [openEuler community website](https://openeuler.org/) |
+| **stable2-20.09** | 20.09 version branch | **DOCS** > **20.09** on the [openEuler community website](https://openeuler.org/) |
+
+### Participating in SIG
+Create or reply to an issue: You can discuss an issue by creating or replying to an issue.
+Submit a Pull Request (PR): You can participate in SIG by submitting a PR.
+Submit comments: You can submit comments on issues or PRs. You can also comment on the document through **Feedback** on the website document page.
+We are always pleased to receive PRs from you.
+
+### Member
+#### Maintainer List
+- Rudy_Tan[@rudy_tan](https://gitee.com/rudy_tan)
+- amyMaYun[@amy_mayun](https://gitee.com/amy_mayun)
+- qiaominna[@qiaominna](https://gitee.com/qiaominna)
+
+
+### Contacting Us
+E-mails: doc@openeuler.org
+IRC: #openeuler-doc
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..a9fd16651f5fb5d38c2f66da01abf094783ec3f2
--- /dev/null
+++ b/README.md
@@ -0,0 +1,61 @@
+# openEuler 文档
+
+[English](./README-en.md) | 简体中文
+
+### 介绍
+
+Docs包含了openEuler社区的所有文档,包括发行说明、操作系统安装、管理员指南、虚拟化和容器的使用指导、A-Tune使用指导和应用开发指导等内容。
+
+### 如何在Docs中查找文档
+
+打开“docs”文件夹,该文件夹包含了中文(“zh”文件夹)和英文(“en”文件夹)两种语言文档,以中文文档举例进行说明。
+在“zh”文件夹中,进入到目录docs/zh/docs/20.09,“docs”文件夹包含了具体文档的内容,“menu”包含了文档的大纲内容。
+打开“docs”文件夹,各手册和文件夹对应关系如下:
+
+| 文件夹 | 手册 |
+|-----|----|
+| A-Tune | A-Tune用户指南 |
+| Adminnistration | 管理员指南 |
+| ApplicationDev | 应用开发指南 |
+| Container | 容器用户指南 |
+| Installation | 安装指南 |
+| Quickstart | 快速入门 |
+| Releasenotes | 发行说明 |
+| SecHarden | 安全加固指南 |
+| Virtualization | 虚拟化应用指南 |
+| userguide | openEuler工具集用户指南 |
+| StratoVirt | StratoVrit虚拟化用户指南 |
+
+
+### 如何修改文档
+
+当openEuler版本信息有刷新时,这里文档也需要刷新。很感谢您愿意提供刷新内容。
+请阅读[资料开发流程指导](https://gitee.com/lss410313/docs/wikis/Home)进行操作参考。
+
+### 如何查看版本分支对应关系
+
+Docs当前使用如下4个分支:
+| 分支 | 说明 | 内容呈现 |
+|-----|----|----|
+| master | 开发分支,为默认分支||
+| stable2-1.0_Base | 1.0 Base版本分支 | 分支内容呈现在[openEuler社区](https://openeuler.org/)网站“文档->1.0 BASE |
+| stable2-20.03_LTS | 20.03 LTS版本分支 | 分支内容呈现在[openEuler社区](https://openeuler.org/)网站“文档->20.03 LTS |
+| stable2-20.09 | 20.09 版本分支 | 分支内容呈现在[openEuler社区](https://openeuler.org/)网站“文档->20.09 |
+
+
+### 如何参与SIG
+
+建立或回复 issue:欢迎通过建立或回复 issue 来讨论。
+提交PR:欢迎通过提交PR的方式参与SIG。具体操作方法可参考[PR提交指南](https://gitee.com/openeuler/community/blob/master/zh/contributors/pull-request.md)。
+提交评论:欢迎在issue或PR中提交评论。 您也可以通过网站文档页的“意见反馈”对文档进行评论。
+重要的事说三遍:欢迎提交 PR!欢迎提交 PR!欢迎提交 PR!
+
+### 成员
+#### Maintainer 列表
+- Rudy_Tan[@rudy_tan](https://gitee.com/rudy_tan)
+- amyMaYun[@amy_mayun](https://gitee.com/amy_mayun)
+- qiaominna[@qiaominna](https://gitee.com/qiaominna)
+
+### 如何联系我们
+邮件列表: doc@openeuler.org
+IRC: #openeuler-doc
\ No newline at end of file
diff --git a/docs/.vuepress/components/docs/docsList.vue b/docs/.vuepress/components/docs/docsList.vue
deleted file mode 100644
index 94a22b2410782321a7f154c545ace0937155f042..0000000000000000000000000000000000000000
--- a/docs/.vuepress/components/docs/docsList.vue
+++ /dev/null
@@ -1,397 +0,0 @@
-
-
Isulad breaks down when a pod is created using kubectl.
-
-
-
-
-
diff --git a/docs/en/docs/20.09/docs/A-Tune/A-Tune.md b/docs/en/docs/A-Tune/A-Tune.md
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/A-Tune.md
rename to docs/en/docs/A-Tune/A-Tune.md
diff --git a/docs/en/docs/20.09/docs/A-Tune/appendixes.md b/docs/en/docs/A-Tune/appendixes.md
similarity index 55%
rename from docs/en/docs/20.09/docs/A-Tune/appendixes.md
rename to docs/en/docs/A-Tune/appendixes.md
index 46f489cac3e98bcc418e368e7f442270d31a13fa..2d776555c04a00f5a7c56e5d8b503925019af32a 100644
--- a/docs/en/docs/20.09/docs/A-Tune/appendixes.md
+++ b/docs/en/docs/A-Tune/appendixes.md
@@ -8,19 +8,13 @@
**Table 1** Terminology
-
Term
Description
-
workload_type
-
-
Workload type, which is used to identify a type of service with the same characteristics.
-
-
-
profile
+
profile
Set of optimization items and optimal parameter configuration.
@@ -28,3 +22,4 @@
+
diff --git a/docs/en/docs/20.09/docs/A-Tune/application-scenarios.md b/docs/en/docs/A-Tune/application-scenarios.md
similarity index 69%
rename from docs/en/docs/20.09/docs/A-Tune/application-scenarios.md
rename to docs/en/docs/A-Tune/application-scenarios.md
index cbac0bf1c1114edc27d3e7c5c936e3711b5f4bd4..e1401b69a97062fdb9513018a30df0916b9e464e 100644
--- a/docs/en/docs/20.09/docs/A-Tune/application-scenarios.md
+++ b/docs/en/docs/A-Tune/application-scenarios.md
@@ -41,10 +41,6 @@ You can use functions provided by A-Tune through the CLI client atune-adm. This
- The **define**, **update**, **undefine**, **collection**, **train**, and **upgrade **commands do not support remote execution.
- In the command format, brackets \(\[\]\) indicate that the parameter is optional, and angle brackets \(<\>\) indicate that the parameter is mandatory. The actual parameters prevail.
-- In the command format, meanings of each command are as follows:
- - **WORKLOAD\_TYPE**: name of a user-defined workload type. For details about the supported workload types, see the query result of the **list** command.
- - **PROFILE\_NAME**: user-defined profile name.
- - **PROFILE\_PATH**: path of the user-defined profile.
## Querying Workload Types
@@ -55,7 +51,7 @@ You can use functions provided by A-Tune through the CLI client atune-adm. This
#### Function
-Query the supported workload types, profiles, and the values of Active.
+Query the supported profiles, and the values of Active.
#### Format
@@ -66,39 +62,111 @@ Query the supported workload types, profiles, and the values of Active.
```
# atune-adm list
-Support WorkloadTypes:
-+-----------------------------------+------------------------+-----------+
-| WorkloadType | ProfileName | Active |
-+===================================+========================+===========+
-| default | default | true |
-+-----------------------------------+------------------------+-----------+
-| webserver | ssl_webserver | false |
-+-----------------------------------+------------------------+-----------+
-| big_database | database | false |
-+-----------------------------------+------------------------+-----------+
-| big_data | big_data | false |
-+-----------------------------------+------------------------+-----------+
-| in-memory_computing | in-memory_computing | false |
-+-----------------------------------+------------------------+-----------+
-| in-memory_database | in-memory_database | false |
-+-----------------------------------+------------------------+-----------+
-| single_computer_intensive_jobs | compute-intensive | false |
-+-----------------------------------+------------------------+-----------+
-| communication | rpc_communication | false |
-+-----------------------------------+------------------------+-----------+
-| idle | default | false |
-+-----------------------------------+------------------------+-----------+
+Support profiles:
++------------------------------------------------+-----------+
+| ProfileName | Active |
++================================================+===========+
+| arm-native-android-container-robox | false |
++------------------------------------------------+-----------+
+| basic-test-suite-euleros-baseline-fio | false |
++------------------------------------------------+-----------+
+| basic-test-suite-euleros-baseline-lmbench | false |
++------------------------------------------------+-----------+
+| basic-test-suite-euleros-baseline-netperf | false |
++------------------------------------------------+-----------+
+| basic-test-suite-euleros-baseline-stream | false |
++------------------------------------------------+-----------+
+| basic-test-suite-euleros-baseline-unixbench | false |
++------------------------------------------------+-----------+
+| basic-test-suite-speccpu-speccpu2006 | false |
++------------------------------------------------+-----------+
+| basic-test-suite-specjbb-specjbb2015 | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-hdfs-dfsio-hdd | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-hdfs-dfsio-ssd | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-bayesian | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-kmeans | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-sql1 | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-sql10 | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-sql2 | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-sql3 | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-sql4 | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-sql5 | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-sql6 | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-sql7 | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-sql8 | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-sql9 | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-tersort | false |
++------------------------------------------------+-----------+
+| big-data-hadoop-spark-wordcount | false |
++------------------------------------------------+-----------+
+| cloud-compute-kvm-host | false |
++------------------------------------------------+-----------+
+| database-mariadb-2p-tpcc-c3 | false |
++------------------------------------------------+-----------+
+| database-mariadb-4p-tpcc-c3 | false |
++------------------------------------------------+-----------+
+| database-mongodb-2p-sysbench | false |
++------------------------------------------------+-----------+
+| database-mysql-2p-sysbench-hdd | false |
++------------------------------------------------+-----------+
+| database-mysql-2p-sysbench-ssd | false |
++------------------------------------------------+-----------+
+| database-postgresql-2p-sysbench-hdd | false |
++------------------------------------------------+-----------+
+| database-postgresql-2p-sysbench-ssd | false |
++------------------------------------------------+-----------+
+| default-default | false |
++------------------------------------------------+-----------+
+| docker-mariadb-2p-tpcc-c3 | false |
++------------------------------------------------+-----------+
+| docker-mariadb-4p-tpcc-c3 | false |
++------------------------------------------------+-----------+
+| hpc-gatk4-human-genome | false |
++------------------------------------------------+-----------+
+| in-memory-database-redis-redis-benchmark | false |
++------------------------------------------------+-----------+
+| middleware-dubbo-dubbo-benchmark | false |
++------------------------------------------------+-----------+
+| storage-ceph-vdbench-hdd | false |
++------------------------------------------------+-----------+
+| storage-ceph-vdbench-ssd | false |
++------------------------------------------------+-----------+
+| virtualization-consumer-cloud-olc | false |
++------------------------------------------------+-----------+
+| virtualization-mariadb-2p-tpcc-c3 | false |
++------------------------------------------------+-----------+
+| virtualization-mariadb-4p-tpcc-c3 | false |
++------------------------------------------------+-----------+
+| web-apache-traffic-server-spirent-pingpo | false |
++------------------------------------------------+-----------+
+| web-nginx-http-long-connection | true |
++------------------------------------------------+-----------+
+| web-nginx-https-short-connection | false |
++------------------------------------------------+-----------+
```
-> **NOTE:**
->If the value of Active is **true**, the profile is activated. In the example, the profile of the default type is activated.
+> **NOTE:**
+>If the value of Active is **true**, the profile is activated. In the example, the profile of web-nginx-http-long-connection is activated.
## Workload Type Analysis and Auto Optimization
-
-
### analysis
#### Function
@@ -121,7 +189,12 @@ Collect real-time statistics from the system to identify and automatically optim
--model, -m
-
Model generated by user-defined training
+
New model generated after user self-training
+
+
+
--characterization, -c
+
+
Use the default model for application identification and do not perform automatic optimization
@@ -130,12 +203,18 @@ Collect real-time statistics from the system to identify and automatically optim
#### Example
-- Use the default model for classification and identification.
+- Use the default model for application identification.
```
- # atune-adm analysis
+ # atune-adm analysis --characterization
```
+- Use the default model to identify applications and perform automatic tuning.
+
+ ```
+ # atune-adm analysis
+ ```
+
- Use the user-defined training model for recognition.
```
@@ -147,60 +226,56 @@ Collect real-time statistics from the system to identify and automatically optim
A-Tune allows users to define and learn new models. To define a new model, perform the following steps:
-1. Run the **define** command to define workload\_type and profile.
-2. Run the **collection** command to collect the profile data corresponding to workload\_type.
+1. Run the **define** command to define a new profile.
+2. Run the **collection** command to collect the system data corresponding to the application.
3. Run the **train** command to train the model.
-
-
### define
#### Function
-Add a user-defined workload type and the corresponding profile optimization item.
+Add a user-defined application scenarios and the corresponding profile tuning items.
#### Format
-**atune-adm define**
+**atune-adm define**
#### Example
-Add a workload type. Set workload type to **test\_type**, profile name to **test\_name**, and configuration file of an optimization item to **example.conf**.
+Add a profile whose service_type is **test_service**, application_name is **test_app**, scenario_name is **test_scenario**, and tuning item configuration file is **example.conf**.
```
-# atune-adm define test_type test_name ./example.conf
+# atune-adm define test_service test_app test_scenario ./example.conf
```
-The **example.conf** file can be written as follows \(the following optimization items are optional and are for reference only\). You can also run the **atune-adm info** command to view how the existing profile is written.
+The **example.conf** file can be written as follows (the following optimization items are optional and are for reference only). You can also run the **atune-adm info** command to view how the existing profile is written.
```
-[main]
-# list its parent profile
-[tip]
-# the recommended optimization, which should be performed manunaly
-[check]
-# check the environment
-[affinity.irq]
-# to change the affinity of irqs
-[affinity.task]
-# to change the affinity of tasks
-[bios]
-# to change the bios config
-[bootloader.grub2]
-# to change the grub2 config
-[kernel_config]
-# to change the kernel config
-[script]
-# the script extention of cpi
-[sysctl]
-# to change the /proc/sys/* config
-[sysfs]
-# to change the /sys/* config
-[systemctl]
-# to change the system service config
-[ulimit]
-# to change the resources limit of user
+ [main]
+ # list its parent profile
+ [kernel_config]
+ # to change the kernel config
+ [bios]
+ # to change the bios config
+ [bootloader.grub2]
+ # to change the grub2 config
+ [sysfs]
+ # to change the /sys/* config
+ [systemctl]
+ # to change the system service status
+ [sysctl]
+ # to change the /proc/sys/* config
+ [script]
+ # the script extention of cpi
+ [ulimit]
+ # to change the resources limit of user
+ [schedule_policy]
+ # to change the schedule policy
+ [check]
+ # check the environment
+ [tip]
+ # the recommended optimization, which should be performed manunaly
```
### collection
@@ -209,7 +284,7 @@ The **example.conf** file can be written as follows \(the following optimizati
Collect the global resource usage and OS status information during service running, and save the collected information to a CSV output file as the input dataset for model training.
-> **NOTE:**
+> **NOTE:**
>- This command depends on the sampling tools such as perf, mpstat, vmstat, iostat, and sar.
>- Currently, only the Kunpeng 920 CPU is supported. You can run the **dmidecode -t processor** command to check the CPU model.
@@ -247,9 +322,9 @@ Collect the global resource usage and OS status information during service runni
Network port used during service running, for example, eth0.
-
--workload_type, -t
+
--app_type, -t
-
Workload type, which is used as a label for training.
+
Mark the application type of the service as a label for training.
--duration, -d
@@ -269,14 +344,14 @@ Collect the global resource usage and OS status information during service runni
#### Example
```
-# atune-adm collection --filename name --interval 5 --duration 1200 --output_path /home/data --disk sda --network eth0 --workload_type test_type
+# atune-adm collection --filename name --interval 5 --duration 1200 --output_path /home/data --disk sda --network eth0 --app_type test_type
```
### train
#### Function
-Use the collected data to train the model. Collect data of at least two workload types during training. Otherwise, an error is reported.
+Use the collected data to train the model. Collect data of at least two application types during training. Otherwise, an error is reported.
#### Format
@@ -304,18 +379,18 @@ Use the CSV file in the **data** directory as the training input. The generate
#### Function
-Delete a user-defined workload type.
+Delete a user-defined profile.
#### Format
-**atune-adm undefine**
+**atune-adm undefine**
#### Example
-Delete the **test\_type** workload type.
+Delete the user-defined profile.
```
-# atune-adm undefine test_type
+# atune-adm undefine test_service-test_app-test_scenario
```
## Querying Profiles
@@ -325,26 +400,26 @@ Delete the **test\_type** workload type.
#### Function
-View the profile content of a workload type.
+View the profile content.
#### Format
-**atune-adm info** _
+**atune-adm info**
#### Example
-View the profile content of webserver.
+View the profile content of web-nginx-http-long-connection.
```
-# atune-adm info webserver
+# atune-adm info web-nginx-http-long-connection
-*** ssl_webserver:
+*** web-nginx-http-long-connection:
#
-# webserver tuned configuration
+# nginx http long connection A-Tune configuration
#
[main]
-#TODO CONFIG
+include = default-default
[kernel_config]
#TODO CONFIG
@@ -352,11 +427,18 @@ View the profile content of webserver.
[bios]
#TODO CONFIG
+[bootloader.grub2]
+iommu.passthrough = 1
+
[sysfs]
#TODO CONFIG
+[systemctl]
+sysmonitor = stop
+irqbalance = stop
+
[sysctl]
-fs.file-max=6553600
+fs.file-max = 6553600
fs.suid_dumpable = 1
fs.aio-max-nr = 1048576
kernel.shmmax = 68719476736
@@ -384,63 +466,46 @@ net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
-[systemctl]
-sysmonitor=stop
-irqbalance=stop
-
-[bootloader.grub2]
-selinux=0
-iommu.passthrough=1
-
-[tip]
-bind your master process to the CPU near the network = affinity
-bind your network interrupt to the CPU that has this network = affinity
-relogin into the system to enable limits setting = OS
-
[script]
-openssl_hpre = 0
prefetch = off
+ethtool = -X {network} hfunc toeplitz
[ulimit]
{user}.hard.nofile = 102400
{user}.soft.nofile = 102400
-[affinity.task]
-#TODO CONFIG
-
-[affinity.irq]
+[schedule_policy]
#TODO CONFIG
[check]
#TODO CONFIG
+[tip]
+SELinux provides extra control and security features to linux kernel. Disabling SELinux will improve the performance but may cause security risks. = kernel
+disable the nginx log = application
```
-
-
## Updating a Profile
You can update the existing profile as required.
-
-
### update
#### Function
-Update an optimization item of a workload type to the content in the **new.conf** file.
+Update the original tuning items in the existing profile to the content in the **new.conf** file.
#### Format
-**atune-adm update**
+**atune-adm update**
#### Example
-Update the workload type to **test\_type** and the optimization item of test\_name to **new.conf**.
+Change the tuning item of the profile named **test_service-test_app-test_scenario** to **new.conf**.
```
-# atune-adm update test_type test_name ./new.conf
+# atune-adm update test_service-test_app-test_scenario ./new.conf
```
## Activating a Profile
@@ -449,30 +514,26 @@ Update the workload type to **test\_type** and the optimization item of test\_
#### Function
-Manually activate a profile of a workload type.
+Manually activate the profile to make it in the active state.
#### Format
-**atune-adm profile **_<_WORKLOAD\_TYPE_\>_
+**atune-adm profile**
#### Parameter Description
-You can run the **list** command to query the supported workload types.
+For details about the profile name, see the query result of the list command.
#### Example
-Activate the profile configuration of webserver.
+Activate the profile corresponding to the web-nginx-http-long-connection.
```
-# atune-adm profile webserver
+# atune-adm profile web-nginx-http-long-connection
```
## Rolling Back Profiles
-
-
-
-
### rollback
#### Functions
@@ -491,10 +552,6 @@ Roll back the current configuration to the initial configuration of the system.
## Updating Database
-
-
-
-
### upgrade
#### Function
@@ -522,10 +579,6 @@ The database is updated to **new\_sqlite.db**.
## Querying System Information
-
-
-
-
### check
@@ -561,9 +614,7 @@ Check the CPU, BIOS, OS, and NIC information.
## Automatic Parameter Optimization
-A-Tune provides the automatic search capability for optimal configurations, eliminating the need for repeated manual parameter adjustment and performance evaluation. This greatly improves the search efficiency of optimal configurations.
-
-
+A-Tune provides the automatic search capability with the optimal configuration, saving the trouble of manually configuring parameters and performance evaluation. This greatly improves the search efficiency of optimal configurations.
### Tuning
@@ -574,13 +625,13 @@ Use the specified project file to search the dynamic space for parameters and fi
#### Format
-> **NOTE:**
->Before running the command, ensure that the following conditions are met:
->1. The YAML configuration file of the server has been edited and placed in the **/etc/atuned/tuning/** directory on the server by the server administrator.
->2. The YAML configuration file of the client has been edited and placed in an arbitrary directory on the client.
-
**atune-adm tuning** \[OPTIONS\]
+> **NOTE:**
+>Before running the command, ensure that the following conditions are met:
+>1. The YAML configuration file on the server has been edited and stored in the **/etc/atuned/tuning/** directory of the atuned service.
+>2. The YAML configuration file of the client has been edited and stored on the atuned client.
+
#### Parameter Description
- OPTIONS
@@ -601,11 +652,22 @@ Use the specified project file to search the dynamic space for parameters and fi
Specifies the project name in the YAML file to be restored.
+
--restart, -c
+
+
Perform tuning based on historical tuning results.
+
+
+
--detail, -d
+
+
Print detailed information about the tuning process.
+
+
-
- > **NOTE:**
- >The preceding two parameters must be used at the same time, and the -p parameter must be followed by the specific project name.
+
+
+ > **NOTE:**
+ >If this parameter is used, the -p parameter must be followed by a specific project name and the YAML file of the project must be specified.
- **PROJECT\_YAML**: YAML configuration file of the client.
@@ -672,6 +734,7 @@ Use the specified project file to search the dynamic space for parameters and fi
+
**Table 2** Description of object configuration items
Name
@@ -740,36 +803,36 @@ Use the specified project file to search the dynamic space for parameters and fi
dtype
-
This parameter is available only when type is set to discrete. Currently, only int and string are supported.
+
This parameter is available only when type is set to discrete. Currently, int, float and string are supported.
Enumeration
-
int, string
+
int, float, string
scope
-
Parameter setting range. This parameter is valid only when type is set to discrete and dtype is set to int, or type is set to continuous.
+
Parameter setting range. This parameter is valid only when type is set to discrete and dtype is set to int or float, or type is set to continuous.
-
Integer
+
Integer/Float
The value is user-defined and must be within the valid range of this parameter.
step
-
Parameter value step, which is used when dtype is set to int.
+
Parameter value step, which is used when dtype is set to int or float.
-
Integer
+
Integer/Float
This value is user-defined.
items
-
Enumerated value of which the parameter value is not within the scope. This is used when dtype is set to int.
+
Enumerated value of which the parameter value is not within the scope. This is used when dtype is set to int or float.
-
Integer
+
Integer/Float
The value is user-defined and must be within the valid range of this parameter.
@@ -783,21 +846,13 @@ Use the specified project file to search the dynamic space for parameters and fi
The value is user-defined and must be within the valid range of this parameter.
-
ref
-
-
Recommended initial value of the parameter
-
-
Integer or character string
-
-
The value is user-defined and must be within the valid range of this parameter.
-
-
**Table 3** Description of configuration items of a YAML file on the client
+
Name
Description
@@ -817,6 +872,15 @@ Use the specified project file to search the dynamic space for parameters and fi
-
+
engine
+
+
Tuning algorithm.
+
+
Character string
+
+
"random", "forest", "gbrt", "bayes", "extraTrees"
+
+
iterations
Number of optimization iterations.
@@ -826,6 +890,51 @@ Use the specified project file to search the dynamic space for parameters and fi
≥ 10
+
random_starts
+
+
Number of random iterations.
+
+
Integer
+
+
< iterations
+
+
+
feature_filter_engine
+
+
Parameter search algorithm, which is used to select important parameters. This parameter is optional.
+
+
Character string
+
+
"lhs"
+
+
+
feature_filter_cycle
+
+
Parameter search cycles, which is used to select important parameters. This parameter is used together with feature_filter_engine.
+
+
Integer
+
+
-
+
+
+
feature_filter_iters
+
+
Number of iterations for each cycle of parameter search, which is used to select important parameters. This parameter is used together with feature_filter_engine.
+
+
Integer
+
+
-
+
+
+
split_count
+
+
Number of evenly selected parameters in the value range of tuning parameters, which is used to select important parameters. This parameter is used together with feature_filter_engine.
+
+
Integer
+
+
-
+
+
benchmark
Performance test script.
@@ -847,6 +956,8 @@ Use the specified project file to search the dynamic space for parameters and fi
+
+
**Table 4** Description of evaluations configuration item
Name
@@ -912,86 +1023,36 @@ Use the specified project file to search the dynamic space for parameters and fi
The following is an example of the YAML file configuration on a server:
```
-project: "example"
-maxiterations: 10
+project: "compress"
+maxiterations: 500
startworkload: ""
stopworkload: ""
object :
-
- name : "vm.swappiness"
+ name : "compressLevel"
info :
- desc : "the vm.swappiness"
- get : "sysctl -a | grep vm.swappiness"
- set : "sysctl -w vm.swappiness=$value"
- needrestart: "false"
+ desc : "The compresslevel parameter is an integer from 1 to 9 controlling the level of compression"
+ get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressLevel=' | awk -F '=' '{print $2}'"
+ set : "sed -i 's/compressLevel=\\s*[0-9]*/compressLevel=$value/g' /root/A-Tune/examples/tuning/compress/compress.py"
+ needrestart : "false"
type : "continuous"
scope :
- - 0
- - 10
- ref : 1
- -
- name : "irqbalance"
- info :
- desc : "system irqbalance"
- get : "systemctl status irqbalance"
- set : "systemctl $value sysmonitor;systemctl $value irqbalance"
- needrestart: "false"
- type : "discrete"
- options:
- - "start"
- - "stop"
- dtype : "string"
- ref : "start"
- -
- name : "net.tcp_min_tso_segs"
- info :
- desc : "the minimum tso number"
- get : "cat /proc/sys/net/ipv4/tcp_min_tso_segs"
- set : "echo $value > /proc/sys/net/ipv4/tcp_min_tso_segs"
- needrestart: "false"
- type : "continuous"
- scope:
- 1
- - 16
- ref : 2
+ - 9
+ dtype : "int"
-
- name : "prefetcher"
+ name : "compressMethod"
info :
- desc : ""
- get : "cat /sys/class/misc/prefetch/policy"
- set : "echo $value > /sys/class/misc/prefetch/policy"
- needrestart: "false"
+ desc : "The compressMethod parameter is a string controlling the compression method"
+ get : "cat /root/A-Tune/examples/tuning/compress/compress.py | grep 'compressMethod=' | awk -F '=' '{print $2}' | sed 's/\"//g'"
+ set : "sed -i 's/compressMethod=\\s*[0-9,a-z,\"]*/compressMethod=\"$value\"/g' /root/A-Tune/examples/tuning/compress/compress.py"
+ needrestart : "false"
type : "discrete"
- options:
- - "0"
- - "15"
+ options :
+ - "bz2"
+ - "zlib"
+ - "gzip"
dtype : "string"
- ref : "15"
- -
- name : "kernel.sched_min_granularity_ns"
- info :
- desc : "Minimal preemption granularity for CPU-bound tasks"
- get : "sysctl kernel.sched_min_granularity_ns"
- set : "sysctl -w kernel.sched_min_granularity_ns=$value"
- needrestart: "false"
- type : "continuous"
- scope:
- - 5000000
- - 50000000
- ref : 10000000
- -
- name : "kernel.sched_latency_ns"
- info :
- desc : ""
- get : "sysctl kernel.sched_latency_ns"
- set : "sysctl -w kernel.sched_latency_ns=$value"
- needrestart: "false"
- type : "continuous"
- scope:
- - 10000000
- - 100000000
- ref : 16000000
-
```
@@ -999,17 +1060,25 @@ object :
The following is an example of the YAML file configuration on a client:
```
-project: "example"
-iterations : 10
-benchmark : "sh /home/Benchmarks/mysql/tunning_mysql.sh"
+project: "compress"
+engine : "gbrt"
+iterations : 20
+random_starts : 10
+
+benchmark : "python3 /root/A-Tune/examples/tuning/compress/compress.py"
evaluations :
-
- name: "tps"
+ name: "time"
+ info:
+ get: "echo '$out' | grep 'time' | awk '{print $3}'"
+ type: "positive"
+ weight: 20
+ -
+ name: "compress_ratio"
info:
- get: "echo -e '$out' |grep 'transactions:' |awk '{print $3}' | cut -c 2-"
+ get: "echo '$out' | grep 'compress_ratio' | awk '{print $3}'"
type: "negative"
- weight: 100
- threshold: 100
+ weight: 80
```
@@ -1019,13 +1088,13 @@ evaluations :
- Perform tuning.
```
- # atune-adm tuning example-client.yaml
+ # atune-adm tuning --project compress --detail compress_client.yaml
```
-- Restore the initial configuration before tuning. The example value is the project name in the YAML file.
+- Restore the initial configuration before tuning. The compress is the project name in the YAML file.
```
- # atune-adm tuning --restore --project example
+ # atune-adm tuning --restore --project compress
```
diff --git a/docs/en/docs/20.09/docs/A-Tune/faqs.md b/docs/en/docs/A-Tune/faqs.md
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/faqs.md
rename to docs/en/docs/A-Tune/faqs.md
diff --git a/docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0213178479.png b/docs/en/docs/A-Tune/figures/en-us_image_0213178479.png
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0213178479.png
rename to docs/en/docs/A-Tune/figures/en-us_image_0213178479.png
diff --git a/docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0213178480.png b/docs/en/docs/A-Tune/figures/en-us_image_0213178480.png
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0213178480.png
rename to docs/en/docs/A-Tune/figures/en-us_image_0213178480.png
diff --git a/docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0214540398.png b/docs/en/docs/A-Tune/figures/en-us_image_0214540398.png
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0214540398.png
rename to docs/en/docs/A-Tune/figures/en-us_image_0214540398.png
diff --git a/docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0227497000.png b/docs/en/docs/A-Tune/figures/en-us_image_0227497000.png
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0227497000.png
rename to docs/en/docs/A-Tune/figures/en-us_image_0227497000.png
diff --git a/docs/en/docs/A-Tune/figures/en-us_image_0227497343.png b/docs/en/docs/A-Tune/figures/en-us_image_0227497343.png
new file mode 100644
index 0000000000000000000000000000000000000000..a8654b170295b4b0be3c37187e4b227ca635fbc0
Binary files /dev/null and b/docs/en/docs/A-Tune/figures/en-us_image_0227497343.png differ
diff --git a/docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0231122163.png b/docs/en/docs/A-Tune/figures/en-us_image_0231122163.png
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0231122163.png
rename to docs/en/docs/A-Tune/figures/en-us_image_0231122163.png
diff --git a/docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0245342444.png b/docs/en/docs/A-Tune/figures/en-us_image_0245342444.png
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/figures/en-us_image_0245342444.png
rename to docs/en/docs/A-Tune/figures/en-us_image_0245342444.png
diff --git a/docs/en/docs/20.09/docs/A-Tune/getting-to-know-a-tune.md b/docs/en/docs/A-Tune/getting-to-know-a-tune.md
similarity index 73%
rename from docs/en/docs/20.09/docs/A-Tune/getting-to-know-a-tune.md
rename to docs/en/docs/A-Tune/getting-to-know-a-tune.md
index 732048c9023e25a04c245f777a175c33c3fbc731..2092e0152e2c31ea4bf1aa95277302bcc981b6a9 100644
--- a/docs/en/docs/20.09/docs/A-Tune/getting-to-know-a-tune.md
+++ b/docs/en/docs/A-Tune/getting-to-know-a-tune.md
@@ -19,17 +19,17 @@ To address the preceding challenges, openEuler launches A-Tune.
A-Tune is an AI-based engine that optimizes system performance. It uses AI technologies to precisely profile business scenarios, discover and infer business characteristics, so as to make intelligent decisions, match with the optimal system parameter configuration combination, and give recommendations, ensuring the optimal business running status.
-
+
## Architecture
The following figure shows the A-Tune core technical architecture, which consists of intelligent decision-making, system profile, and interaction system.
- Intelligent decision-making layer: consists of the awareness and decision-making subsystems, which implements intelligent awareness of applications and system optimization decision-making, respectively.
-- System profile layer: consists of the labeling and learning subsystems. The labeling subsystem is used to cluster service models, and the learning subsystem is used to learn and classify service models.
+- System profile layer: consists of the feature engineering and two-layer classification model. The feature engineering is used to automatically select service features, and the two-layer classification model is used to learn and classify service models.
- Interaction system layer: monitors and configures various system resources and executes optimization policies.
-
+
## Supported Features and Service Models
@@ -39,7 +39,6 @@ The following figure shows the A-Tune core technical architecture, which consist
**Table 1** Feature maturity
-
Feature
Maturity
@@ -48,14 +47,14 @@ The following figure shows the A-Tune core technical architecture, which consist
-
Auto optimization of 11 applications in seven workload types
+
Auto optimization of 15 applications in 11 workload types
Tested
Pilot
-
User-defined workload types and service models
+
User-defined profile and service models
Tested
@@ -72,18 +71,19 @@ The following figure shows the A-Tune core technical architecture, which consist
+
### Supported Service Models
-Based on the workload characteristics of applications, A-Tune classifies services into seven types. For details about the workload characteristics of each type and the applications supported by A-Tune, see [Table 2](#table2819164611311).
+Based on the workload characteristics of applications, A-Tune classifies services into 11 types. For details about the bottleneck of each type and the applications supported by A-Tune, see [Table 2](#table2819164611311).
**Table 2** Supported workload types and applications
-
Workload
+
Service category
Type
-
Workload Characteristic
+
Bottleneck
Supported Application
@@ -93,87 +93,103 @@ Based on the workload characteristics of applications, A-Tune classifies service
Default type
-
The usage of CPU, memory bandwidth, network, and I/O resources is low.
+
Low resource usage in terms of cpu, memory, network, and I/O
N/A
webserver
-
HTTPS application
+
Web application
-
The CPU usage is high.
+
Bottlenecks of cpu and network
-
Nginx
+
Nginx, Apache Traffic Server
-
big_database
+
database
Database
-
Relational database
Read: The usage of CPU, memory bandwidth, and network is high.
-
Write: The usage of I/O is high.
-
-
Non-relational database
The usage of CPU and I/O is high.
-
+
Bottlenecks of cpu, memory, and I/O
-
MongoDB, MySQL, PostgreSQL, and MariaDB
+
Mongodb, Mysql, Postgresql, Mariadb
big_data
Big data
-
The usage of CPU and I/O is high.
+
Bottlenecks of cpu and memory
-
Hadoop and Spark
+
Hadoop-hdfs, Hadoop-spark
-
in-memory_computing
+
middleware
-
Memory-intensive application
+
Middleware framework
-
The usage of CPU and memory bandwidth is high.
+
Bottlenecks of cpu and network
-
SPECjbb2015
+
Dubbo
in-memory_database
-
Computing- and network-intensive application
+
Memory database
-
The usage of a single-core CPU is high, and the network usage is high in multi-instance scenarios.
+
Bottlenecks of memory and I/O
Redis
-
single_computer_intensive_jobs
+
basic-test-suite
+
+
Basic test suite
+
+
Bottlenecks of cpu and memory
+
+
SPECCPU2006, SPECjbb2015
+
+
+
hpc
-
Computing-intensive application
+
Human genome
-
The usage of a single-core CPU is high, and the usage of memory bandwidth of some subitems is high.
+
Bottlenecks of cpu, memory, and I/O
-
SPECCPU2006
+
Gatk4
-
communication
+
storage
-
Network-intensive application
+
Storage
-
The usage of CPU and network is high.
+
Bottlenecks of network, and I/O
-
Dubbo
+
Ceph
-
idle
+
virtualization
-
System in idle state
+
Virtualization
-
The system is in idle state and no applications are running.
+
Bottlenecks of cpu, memory, and I/O
-
N/A
+
Consumer-cloud, Mariadb
+
+
+
docker
+
+
Docker
+
+
Bottlenecks of cpu, memory, and I/O
+
+
Mariadb
+
+
diff --git a/docs/en/docs/20.09/docs/A-Tune/installation-and-deployment.md b/docs/en/docs/A-Tune/installation-and-deployment.md
similarity index 31%
rename from docs/en/docs/20.09/docs/A-Tune/installation-and-deployment.md
rename to docs/en/docs/A-Tune/installation-and-deployment.md
index 6b9b5bd530908a0eff76d74de2aa87396bd1df54..103e27926763fd40276ea5cdb63271b2cc869f67 100644
--- a/docs/en/docs/20.09/docs/A-Tune/installation-and-deployment.md
+++ b/docs/en/docs/A-Tune/installation-and-deployment.md
@@ -10,6 +10,7 @@ This chapter describes how to install and deploy A-Tune.
- [Installation Procedure](#installation-procedure)
- [A-Tune Deployment](#a-tune-deployment)
- [Starting A-Tune](#starting-a-tune)
+ - [Starting A-Tune engine](#starting-a-tune-engine)
@@ -22,11 +23,11 @@ This chapter describes how to install and deploy A-Tune.
### Software Requirement
-- OS: openEuler 20.03 LTS
+- OS: openEuler 20.09
## Environment Preparation
-For details about installing an openEuler OS, see _openEuler 20.03 LTS Installation Guide_.
+For details about installing an openEuler OS, see _openEuler 20.09 Installation Guide_.
## A-Tune Installation
@@ -58,7 +59,7 @@ To install the A-Tune, perform the following steps:
1. Mount an openEuler ISO file.
```
- # mount openEuler-20.03-LTS-aarch64-dvd.iso /mnt
+ # mount openEuler-20.09-aarch64-dvd.iso /mnt
```
2. Configure the local yum source.
@@ -84,16 +85,17 @@ To install the A-Tune, perform the following steps:
```
-4. Install an A-Tune server.
+4. Install an A-Tune server.
> **NOTE:**
>In this step, both the server and client software packages are installed. For the single-node deployment, skip **Step 5**.
```
# yum install atune -y
+ # yum install atune-engine -y
```
-5. For a distributed mode, install an A-Tune client.
+5. For a distributed mode, install an A-Tune client on associated server.
```
# yum install atune-client -y
@@ -106,8 +108,9 @@ To install the A-Tune, perform the following steps:
atune-client-xxx
atune-db-xxx
atune-xxx
+ atune-engine-xxx
```
-
+
If the preceding information is displayed, the installation is successful.
@@ -121,16 +124,37 @@ This chapter describes how to deploy A-Tune.
The configuration items in the A-Tune configuration file **/etc/atuned/atuned.cnf** are described as follows:
-- A-Tune service startup configuration
+- A-Tune service startup configuration
You can modify the parameter value as required.
- **protocol**: Protocol used by the gRPC service. The value can be **unix** or **tcp**. **unix** indicates the local socket communication mode, and **tcp** indicates the socket listening port mode. The default value is **unix**.
-
- **address**: Listening IP address of the gRPC service. The default value is **unix socket**. If the gRPC service is deployed in distributed mode, change the value to the listening IP address.
- - **port**: Listening port of the gRPC server. The value ranges from 0 to 65535. If **protocol** is set to **unix**, you do not need to set this parameter.
- - **rest\_port**: Listening port of the system REST service. The value ranges from 0 to 65535.
- - **sample\_num**: Number of samples collected when the system executes the analysis process.
+ - **port**: Listening port of the gRPC server. The value ranges from 0 to 65535. If **protocol** is set to **unix**, you do not need to set this parameter.
+ - **connect**: IP address list of the nodes where the A-Tune is located when the A-Tune is deployed in a cluster. IP addresses are separated by commas (,).
+ - **rest_host**: Listening address of the REST service. The default value is localhost.
+ - **rest_port**: Listening port of the REST service. The value ranges from 0 to 65535. The default value is 8383.
+ - **engine_host**: IP address for connecting to the A-Tune engine service of the system.
+ - **engine_port**: Port for connecting to the A-Tune engine service of the system.
+ - **sample_num**: Number of samples collected when the system executes the analysis process. The default value is 20.
+ - **interval**: Interval for collecting samples when the system executes the analysis process. The default value is 5s.
+ - **grpc_tls**: Indicates whether to enable SSL/TLS certificate verification for the gRPC service. By default, this function is disabled. After grpc_tls is enabled, you need to set the following environment variables before running the **atune-adm** command to communicate with the server:
+ - export ATUNE_TLS=yes
+ - export ATUNED_CACERT=
+ - export ATUNED_CLIENTCERT=
+ - export ATUNED_CLIENTKEY=
+ - export ATUNED_SERVERCN=server
+ - **tlsservercafile**: Path of the gPRC server's CA certificate.
+ - **tlsservercertfile**: Path of the gPRC server certificate.
+ - **tlsserverkeyfile**: Path of the gPRC server key.
+ - **rest_tls**: Indicates whether to enable SSL/TLS certificate verification for the REST service. This function is enabled by default.
+ - **tlsrestcacertfile**: Path of the server's CA certificate of the REST service.
+ - **tlsrestservercertfile**: Path of the server certificate of the REST service.
+ - **tlsrestserverkeyfile**: Indicates the key path of the REST service.
+ - **engine_tls**: Indicates whether to enable SSL/TLS certificate verification for the A-Tune engine service. This function is enabled by default..
+ - **tlsenginecacertfile**: Path of the client CA certificate of the A-Tune engine service.
+ - **tlsengineclientcertfile**: Client certificate path of the A-Tune engine service.
+ - **tlsengineclientkeyfile**: Client key path of the A-Tune engine service.
- System information
@@ -139,104 +163,199 @@ The configuration items in the A-Tune configuration file **/etc/atuned/atuned.c
- **disk**: Disk information to be collected during the analysis process or specified disk during disk optimization.
- **network**: NIC information to be collected during the analysis process or specified NIC during NIC optimization.
- **user**: User name used for ulimit optimization. Currently, only the user **root** is supported.
- - **tls**: SSL/TLS certificate verification for the gRPC and HTTP services of A-Tune. This is disabled by default. After TLS is enabled, you need to set the following environment variables before running the **atune-adm** command to communicate with the server:
- - export ATUNE\_TLS=yes
- - export ATUNE\_CLICERT=
-
- - **tlsservercertfile**: path of the gPRC server certificate.
- - **tlsserverkeyfile**: gPRC server key path.
- - **tlshttpcertfile**: HTTP server certificate path.
- - **tlshttpkeyfile**: HTTP server key path.
- - **tlshttpcacertfile**: CA certificate path of the HTTP server.
-
+
- Log information
- Change the log path and level based on the site requirements. By default, the log information is stored in **/var/log/messages**.
+ Change the log level as required. The default log level is info. Log information is recorded in the **/var/log/messages** file.
- Monitor information
Hardware information that is collected by default when the system is started.
+
+- Tuning information
+
+ Tuning is the parameter information required for offline tuning.
+
+ - **noise**: Evaluation value of Gaussian noise.
+ - **sel_feature**: Indicates whether to enable the function of generating the importance ranking of offline tuning parameters. By default, this function is disabled.
+
+
+#### Example
+
+```
+#################################### server ###############################
+ # atuned config
+ [server]
+ # the protocol grpc server running on
+ # ranges: unix or tcp
+ protocol = unix
+
+ # the address that the grpc server to bind to
+ # default is unix socket /var/run/atuned/atuned.sock
+ # ranges: /var/run/atuned/atuned.sock or ip address
+ address = /var/run/atuned/atuned.sock
+
+ # the atune nodes in cluster mode, separated by commas
+ # it is valid when protocol is tcp
+ # connect = ip01,ip02,ip03
+
+ # the atuned grpc listening port
+ # the port can be set between 0 to 65535 which not be used
+ # port = 60001
+
+ # the rest service listening port, default is 8383
+ # the port can be set between 0 to 65535 which not be used
+ rest_host = localhost
+ rest_port = 8383
+
+ # the tuning optimizer host and port, start by engine.service
+ # if engine_host is same as rest_host, two ports cannot be same
+ # the port can be set between 0 to 65535 which not be used
+ engine_host = localhost
+ engine_port = 3838
+
+ # when run analysis command, the numbers of collected data.
+ # default is 20
+ sample_num = 20
+
+ # interval for collecting data, default is 5s
+ interval = 5
+
+ # enable gRPC authentication SSL/TLS
+ # default is false
+ # grpc_tls = false
+ # tlsservercafile = /etc/atuned/grpc_certs/ca.crt
+ # tlsservercertfile = /etc/atuned/grpc_certs/server.crt
+ # tlsserverkeyfile = /etc/atuned/grpc_certs/server.key
+
+ # enable rest server authentication SSL/TLS
+ # default is true
+ rest_tls = true
+ tlsrestcacertfile = /etc/atuned/rest_certs/ca.crt
+ tlsrestservercertfile = /etc/atuned/rest_certs/server.crt
+ tlsrestserverkeyfile = /etc/atuned/rest_certs/server.key
+
+ # enable engine server authentication SSL/TLS
+ # default is true
+ engine_tls = true
+ tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt
+ tlsengineclientcertfile = /etc/atuned/engine_certs/client.crt
+ tlsengineclientkeyfile = /etc/atuned/engine_certs/client.key
+
+
+ #################################### log ###############################
+ [log]
+ # either "debug", "info", "warn", "error", "critical", default is "info"
+ level = info
+
+ #################################### monitor ###############################
+ [monitor]
+ # with the module and format of the MPI, the format is {module}_{purpose}
+ # the module is Either "mem", "net", "cpu", "storage"
+ # the purpose is "topo"
+ module = mem_topo, cpu_topo
+
+ #################################### system ###############################
+ # you can add arbitrary key-value here, just like key = value
+ # you can use the key in the profile
+ [system]
+ # the disk to be analysis
+ disk = sda
+
+ # the network to be analysis
+ network = enp189s0f0
+
+ user = root
+
+ #################################### tuning ###############################
+ # tuning configs
+ [tuning]
+ noise = 0.000000001
+ sel_feature = false
+```
+
+The configuration items in the configuration file **/etc/atuned/engine.cnf** of the A-Tune engine are described as follows:
+
+- Startup configuration of the A-Tune engine service
+
+ You can modify the parameter value as required.
+
+ - **engine_host**: Listening address of the A-Tune engine service. The default value is localhost.
+ - **engine_port**: Listening port of the A-Tune engine service. The value ranges from 0 to 65535. The default value is 3838.
+ - **engine_tls**: Indicates whether to enable SSL/TLS certificate verification for the A-Tune engine service. This function is enabled by default.
+ - **tlsenginecacertfile**: Path of the server CA certificate of the A-Tune engine service.
+ - **tlsengineservercertfile**: Path of the server certificate of the A-Tune engine service.
+ - **tlsengineserverkeyfile**: Server key path of the A-Tune engine service.
+
+- Log information
+
+ Change the log level as required. The default log level is info. Log information is recorded in the **/var/log/messages** file.
#### Example
```
-#################################### server ###############################
-# atuned config
-[server]
-# the protocol grpc server running on
-# ranges: unix or tcp
-protocol = unix
-
-# the address that the grpc server to bind to
-# default is unix socket /var/run/atuned/atuned.sock
-# ranges: /var/run/atuned/atuned.sock or ip
-address = /var/run/atuned/atuned.sock
-
-# the atuned grpc listening port, default is 60001
-# the port can be set between 0 to 65535 which not be used
-port = 60001
-
-# the rest service listening port, default is 8383
-# the port can be set between 0 to 65535 which not be used
-rest_port = 8383
-
-# when run analysis command, the numbers of collected data.
-# default is 20
-sample_num = 20
-
-# Enable gRPC and http server authentication SSL/TLS
-# default is false
-# tls = true
-# tlsservercertfile = /etc/atuned/server.pem
-# tlsserverkeyfile = /etc/atuned/server.key
-# tlshttpcertfile = /etc/atuned/http/server.pem
-# tlshttpkeyfile = /etc/atuned/http/server.key
-# tlshttpcacertfile = /etc/atuned/http/cacert.pem
-
-#################################### log ###############################
-# Either "debug", "info", "warn", "error", "critical", default is "info"
-level = info
-
-#################################### monitor ###############################
-[monitor]
-# With the module and format of the MPI, the format is {module}_{purpose}
-# The module is Either "mem", "net", "cpu", "storage"
-# The purpose is "topo"
-module = mem_topo, cpu_topo
-
-#################################### system ###############################
-# you can add arbitrary key-value here, just like key = value
-# you can use the key in the profile
-[system]
-# the disk to be analysis
-disk = sda
-
-# the network to be analysis
-network = enp189s0f0
-
-user = root
+#################################### engine ###############################
+ [server]
+ # the tuning optimizer host and port, start by engine.service
+ # if engine_host is same as rest_host, two ports cannot be same
+ # the port can be set between 0 to 65535 which not be used
+ engine_host = localhost
+ engine_port = 3838
+
+ # enable engine server authentication SSL/TLS
+ # default is true
+ engine_tls = true
+ tlsenginecacertfile = /etc/atuned/engine_certs/ca.crt
+ tlsengineservercertfile = /etc/atuned/engine_certs/server.crt
+ tlsengineserverkeyfile = /etc/atuned/engine_certs/server.key
+
+ #################################### log ###############################
+ [log]
+ # either "debug", "info", "warn", "error", "critical", default is "info"
+ level = info
```
## Starting A-Tune
After the A-Tune is installed, you need to start the A-Tune service.
-- Start the atuned service.
+- Start the atuned service.
+
+ ```
+ # systemctl start atuned
+ ```
+
+
+- Query the atuned service status.
+
+ ```
+ # systemctl status atuned
+ ```
+
+ If the following command output is displayed, the service is started successfully:
+
+ 
+
+## Starting A-Tune engine
+
+To use AI functions, you need to start the A-Tune engine service.
+
+- Start the atune-engine service.
```
- # systemctl start atuned
+ # systemctl start atune-engine
```
-- To query the status of the atuned service, run the following command:
+- Query the atune-engine service status.
```
- # systemctl status atuned
+ # systemctl status atune-engine
```
- If the following information is displayed, the service is started successfully:
+ If the following command output is displayed, the service is started successfully:
- 
+ 
diff --git a/docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-caution.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-caution.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-caution.gif
rename to docs/en/docs/A-Tune/public_sys-resources/icon-caution.gif
diff --git a/docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-danger.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-danger.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-danger.gif
rename to docs/en/docs/A-Tune/public_sys-resources/icon-danger.gif
diff --git a/docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-note.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-note.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-note.gif
rename to docs/en/docs/A-Tune/public_sys-resources/icon-note.gif
diff --git a/docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-notice.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-notice.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-notice.gif
rename to docs/en/docs/A-Tune/public_sys-resources/icon-notice.gif
diff --git a/docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-tip.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-tip.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-tip.gif
rename to docs/en/docs/A-Tune/public_sys-resources/icon-tip.gif
diff --git a/docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-warning.gif b/docs/en/docs/A-Tune/public_sys-resources/icon-warning.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/A-Tune/public_sys-resources/icon-warning.gif
rename to docs/en/docs/A-Tune/public_sys-resources/icon-warning.gif
diff --git a/docs/en/docs/20.09/docs/Administration/administration.md b/docs/en/docs/Administration/administration.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/administration.md
rename to docs/en/docs/Administration/administration.md
diff --git a/docs/en/docs/20.09/docs/Administration/basic-configuration.md b/docs/en/docs/Administration/basic-configuration.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/basic-configuration.md
rename to docs/en/docs/Administration/basic-configuration.md
diff --git a/docs/en/docs/20.09/docs/Administration/configuring-services.md b/docs/en/docs/Administration/configuring-services.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/configuring-services.md
rename to docs/en/docs/Administration/configuring-services.md
diff --git a/docs/en/docs/20.09/docs/Administration/configuring-the-ftp-server.md b/docs/en/docs/Administration/configuring-the-ftp-server.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/configuring-the-ftp-server.md
rename to docs/en/docs/Administration/configuring-the-ftp-server.md
diff --git a/docs/en/docs/20.09/docs/Administration/configuring-the-network.md b/docs/en/docs/Administration/configuring-the-network.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/configuring-the-network.md
rename to docs/en/docs/Administration/configuring-the-network.md
diff --git a/docs/en/docs/20.09/docs/Administration/configuring-the-repo-server.md b/docs/en/docs/Administration/configuring-the-repo-server.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/configuring-the-repo-server.md
rename to docs/en/docs/Administration/configuring-the-repo-server.md
diff --git a/docs/en/docs/20.09/docs/Administration/configuring-the-web-server.md b/docs/en/docs/Administration/configuring-the-web-server.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/configuring-the-web-server.md
rename to docs/en/docs/Administration/configuring-the-web-server.md
diff --git a/docs/en/docs/20.09/docs/Administration/faqs.md b/docs/en/docs/Administration/faqs.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/faqs.md
rename to docs/en/docs/Administration/faqs.md
diff --git a/docs/en/docs/20.09/docs/Administration/figures/creat_datadisk.png b/docs/en/docs/Administration/figures/creat_datadisk.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/creat_datadisk.png
rename to docs/en/docs/Administration/figures/creat_datadisk.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/creat_datadisk1.png b/docs/en/docs/Administration/figures/creat_datadisk1.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/creat_datadisk1.png
rename to docs/en/docs/Administration/figures/creat_datadisk1.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e-1.png b/docs/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e-1.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e-1.png
rename to docs/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e-1.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e.png b/docs/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e.png
rename to docs/en/docs/Administration/figures/d1376b2a-d036-41c4-b852-e8368f363b5e.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0229622729.png b/docs/en/docs/Administration/figures/en-us_image_0229622729.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0229622729.png
rename to docs/en/docs/Administration/figures/en-us_image_0229622729.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0229622789.png b/docs/en/docs/Administration/figures/en-us_image_0229622789.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0229622789.png
rename to docs/en/docs/Administration/figures/en-us_image_0229622789.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0230050789.png b/docs/en/docs/Administration/figures/en-us_image_0230050789.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0230050789.png
rename to docs/en/docs/Administration/figures/en-us_image_0230050789.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143189.png b/docs/en/docs/Administration/figures/en-us_image_0231143189.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143189.png
rename to docs/en/docs/Administration/figures/en-us_image_0231143189.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143191.png b/docs/en/docs/Administration/figures/en-us_image_0231143191.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143191.png
rename to docs/en/docs/Administration/figures/en-us_image_0231143191.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143193.png b/docs/en/docs/Administration/figures/en-us_image_0231143193.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143193.png
rename to docs/en/docs/Administration/figures/en-us_image_0231143193.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143195.png b/docs/en/docs/Administration/figures/en-us_image_0231143195.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143195.png
rename to docs/en/docs/Administration/figures/en-us_image_0231143195.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143196.png b/docs/en/docs/Administration/figures/en-us_image_0231143196.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143196.png
rename to docs/en/docs/Administration/figures/en-us_image_0231143196.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143197.png b/docs/en/docs/Administration/figures/en-us_image_0231143197.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143197.png
rename to docs/en/docs/Administration/figures/en-us_image_0231143197.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143198.png b/docs/en/docs/Administration/figures/en-us_image_0231143198.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231143198.png
rename to docs/en/docs/Administration/figures/en-us_image_0231143198.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231563132.png b/docs/en/docs/Administration/figures/en-us_image_0231563132.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231563132.png
rename to docs/en/docs/Administration/figures/en-us_image_0231563132.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231563134.png b/docs/en/docs/Administration/figures/en-us_image_0231563134.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231563134.png
rename to docs/en/docs/Administration/figures/en-us_image_0231563134.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231563135.png b/docs/en/docs/Administration/figures/en-us_image_0231563135.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231563135.png
rename to docs/en/docs/Administration/figures/en-us_image_0231563135.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231563136.png b/docs/en/docs/Administration/figures/en-us_image_0231563136.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/en-us_image_0231563136.png
rename to docs/en/docs/Administration/figures/en-us_image_0231563136.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/example-command-output.png b/docs/en/docs/Administration/figures/example-command-output.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/example-command-output.png
rename to docs/en/docs/Administration/figures/example-command-output.png
diff --git a/docs/zh/docs/20.09/docs/Administration/figures/ima_digest_list_update.png b/docs/en/docs/Administration/figures/ima_digest_list_update.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/Administration/figures/ima_digest_list_update.png
rename to docs/en/docs/Administration/figures/ima_digest_list_update.png
diff --git a/docs/en/docs/Administration/figures/ima_performance.png b/docs/en/docs/Administration/figures/ima_performance.png
new file mode 100644
index 0000000000000000000000000000000000000000..f5d641e8682ad2b9c0fbfad191add1819f5b2eef
Binary files /dev/null and b/docs/en/docs/Administration/figures/ima_performance.png differ
diff --git a/docs/en/docs/Administration/figures/ima_verification.png b/docs/en/docs/Administration/figures/ima_verification.png
new file mode 100644
index 0000000000000000000000000000000000000000..fc879949db5387c61ccf6176f948b9a00f4fb053
Binary files /dev/null and b/docs/en/docs/Administration/figures/ima_verification.png differ
diff --git a/docs/en/docs/20.09/docs/Administration/figures/login.png b/docs/en/docs/Administration/figures/login.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/login.png
rename to docs/en/docs/Administration/figures/login.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/mariadb-logical-architecture.png b/docs/en/docs/Administration/figures/mariadb-logical-architecture.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/mariadb-logical-architecture.png
rename to docs/en/docs/Administration/figures/mariadb-logical-architecture.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/nginx-deployment-succeeded.png b/docs/en/docs/Administration/figures/nginx-deployment-succeeded.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/nginx-deployment-succeeded.png
rename to docs/en/docs/Administration/figures/nginx-deployment-succeeded.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/nginx-startup-failure.png b/docs/en/docs/Administration/figures/nginx-startup-failure.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/nginx-startup-failure.png
rename to docs/en/docs/Administration/figures/nginx-startup-failure.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/postgres.png b/docs/en/docs/Administration/figures/postgres.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/postgres.png
rename to docs/en/docs/Administration/figures/postgres.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/postgresql-architecture.png b/docs/en/docs/Administration/figures/postgresql-architecture.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/postgresql-architecture.png
rename to docs/en/docs/Administration/figures/postgresql-architecture.png
diff --git a/docs/en/docs/20.09/docs/Administration/figures/the-nginx-service-is-successfully-started.png b/docs/en/docs/Administration/figures/the-nginx-service-is-successfully-started.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/figures/the-nginx-service-is-successfully-started.png
rename to docs/en/docs/Administration/figures/the-nginx-service-is-successfully-started.png
diff --git a/docs/zh/docs/20.09/docs/Administration/figures/trusted_chain.png b/docs/en/docs/Administration/figures/trusted_chain.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/Administration/figures/trusted_chain.png
rename to docs/en/docs/Administration/figures/trusted_chain.png
diff --git a/docs/en/docs/20.09/docs/Administration/managing-hard-disks-through-lvm.md b/docs/en/docs/Administration/managing-hard-disks-through-lvm.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/managing-hard-disks-through-lvm.md
rename to docs/en/docs/Administration/managing-hard-disks-through-lvm.md
diff --git a/docs/en/docs/20.09/docs/Administration/process-management.md b/docs/en/docs/Administration/process-management.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/process-management.md
rename to docs/en/docs/Administration/process-management.md
diff --git a/docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-caution.gif b/docs/en/docs/Administration/public_sys-resources/icon-caution.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-caution.gif
rename to docs/en/docs/Administration/public_sys-resources/icon-caution.gif
diff --git a/docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-danger.gif b/docs/en/docs/Administration/public_sys-resources/icon-danger.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-danger.gif
rename to docs/en/docs/Administration/public_sys-resources/icon-danger.gif
diff --git a/docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-note.gif b/docs/en/docs/Administration/public_sys-resources/icon-note.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-note.gif
rename to docs/en/docs/Administration/public_sys-resources/icon-note.gif
diff --git a/docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-notice.gif b/docs/en/docs/Administration/public_sys-resources/icon-notice.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-notice.gif
rename to docs/en/docs/Administration/public_sys-resources/icon-notice.gif
diff --git a/docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-tip.gif b/docs/en/docs/Administration/public_sys-resources/icon-tip.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-tip.gif
rename to docs/en/docs/Administration/public_sys-resources/icon-tip.gif
diff --git a/docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-warning.gif b/docs/en/docs/Administration/public_sys-resources/icon-warning.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/public_sys-resources/icon-warning.gif
rename to docs/en/docs/Administration/public_sys-resources/icon-warning.gif
diff --git a/docs/en/docs/20.09/docs/Administration/service-management.md b/docs/en/docs/Administration/service-management.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/service-management.md
rename to docs/en/docs/Administration/service-management.md
diff --git a/docs/en/docs/20.09/docs/Administration/setting-up-the-database-server.md b/docs/en/docs/Administration/setting-up-the-database-server.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/setting-up-the-database-server.md
rename to docs/en/docs/Administration/setting-up-the-database-server.md
diff --git a/docs/en/docs/Administration/trusted-computing.md b/docs/en/docs/Administration/trusted-computing.md
new file mode 100644
index 0000000000000000000000000000000000000000..914ab62bcd2a109e1544f440ff1bcc73d71678ba
--- /dev/null
+++ b/docs/en/docs/Administration/trusted-computing.md
@@ -0,0 +1,638 @@
+# Trusted Computing
+
+
+- [Trusted Computing](#可信计算)
+ - [Trusted Computing Basics](#可信计算基础)
+ - [Trusted Computing](#可信计算-1)
+ - [Kernel Integrity Measurement Architecture (IMA)](#内核完整性度量ima)
+ - [Overview](#概述)
+ - [Constraints](#约束限制)
+ - [Application Scenarios](#使用场景)
+ - [Procedure](#操作指导)
+ - [FAQ](#faq)
+ - [Appendix](#附录)
+
+
+## Trusted Computing Basics
+
+### Trusted Computing
+
+The definition of being trusted varies with international organizations.
+
+1. Trusted Computing Group (TCG):
+
+ An entity that is trusted always achieves the desired goal in an expected way.
+
+2. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) (1999):
+
+ The components, operations, or processes involved in computing are predictable under any conditions and are resistant to viruses and a certain degree of physical interference.
+
+3. IEEE Computer Society Technical Committee on Dependable Computing:
+
+ Being trusted means that the services provided by the computer system can be proved to be reliable, and mainly refers to the reliability and availability of the system.
+
+In short, being trusted means that the system operates according to a pre-determined design and policy.
+
+A trusted computing system consists of a root of trust, a trusted hardware platform, operating system (OS), and application. The basic idea of the system is to create a trusted computing base (TCB) first, and then establish a trust chain that covers the hardware platform, OS, and application. In the trust chain, authentication is performed from the root to the next level, extending trust level by level and building a secure and trusted computing environment.
+
+
+
+Unlike the traditional security mechanism that eliminates viruses without solving the root of the problem, trusted computing adopts the whitelist mechanism to allow only authorized kernels, kernel modules, and applications to run on the system. The system will reject the execution of a program that is unknown or has been changed.
+
+## Kernel Integrity Measurement Architecture (IMA)
+
+### Overview
+
+#### IMA
+
+The integrity measurement architecture (IMA) is a subsystem in the kernel. The IMA can measure files accessed through **execve()**, **mmap()**, and **open()** systems based on user-defined policies. The measurement result can be used for **local or remote attestation**, or can be compared with an existing reference value to **control the access to files**.
+
+According to the Wiki definition, the function of the kernel integrity subsystem include three parts:
+
+- Measure: Detects accidental or malicious modifications to files, either remotely or locally.
+- Appraise: Measures a file and compares it with a reference value stored in the extended attribute to control the integrity of the local file.
+- Audit: Writes the measurement result into system logs for auditing.
+
+Figuratively, IMA measurement is an observer that only records modification without interfering in it, and IMA appraisal is more like a strict security guard that rejects any unauthorized access to programs.
+
+#### EVM
+
+The extended verification module (EVM) is used to calculate a hash value based on the security extended attributes of a file in the system, including **security.ima** and **security.selinux**. Then this value is signed by the key stored in the TPM or other trusted environments. The signature value is stored in **security.evm** and cannot be tampered with. If the value is tampered with, the signature verification fails when the file is accessed again.
+
+In summary, the EVM is used to provide offline protection for security extended attributes by calculating the digest of the attributes and signing and storing them in **security.evm**.
+
+#### IMA Digest Lists
+
+IMA Digest Lists are an enhancement of the original kernel integrity protection mechanism provided by openEuler. It replaces the original IMA mechanism to protect file integrity.
+
+Digest lists are binary data files in a special format. Each digest list corresponds to an RPM package and records the hash values of protected files (executable files and dynamic library files) in the RPM package.
+
+After the startup parameters are correctly configured, the kernel maintains a hash table (invisible to the user space) and provides interfaces (**digest\_list\_data** and **digest\_list\_data\_del**) that update the hash table using **securityfs**. The digest lists are signed by the private key when they are built. When uploaded to the kernel through the interface, the digest lists need to be verified by the public key in the kernel.
+
+
+
+When IMA appraisal is enabled, each time an executable file or dynamic library file is accessed, the hook in the kernel is invoked to calculate the hash values of the file content and extended attributes and search in the kernel hash table. If the calculated hash values match the one in the table, the file is allowed to be executed. Otherwise, the access is denied.
+
+
+
+The IMA Digest Lists extension provided by the openEuler kernel provides higher security, performance, and usability than the native IMA mechanism of the kernel community, facilitating the implementation of the integrity protection mechanism in the production environment.
+
+- **A complete trust chain for high security**
+
+ The native IMA mechanism requires that the file extended attribute be generated and marked in advance on the live network. When the file is accessed, the file extended attribute is used as a reference value, resulting in an incomplete trust chain.
+
+ The IMA Digest Lists extension saves the reference digest value of the file in the kernel space. During the construction, the reference digest value of the file is carried in the released RPM package in the form of a digest list. When the RPM package is installed, the digest list is imported and the signature is verified, ensuring that the reference value comes from the software publisher and implementing a complete trust chain.
+
+- **Superior performance**
+
+ The trusted platform module (TPM) chip is a low-speed chip, making the PCR extension operation a performance bottleneck in the IMA measurement scenario. To shatter this bottleneck, the Digest Lists extension reduces unnecessary PCR extension operations while ensuring security, providing 65% higher performance than the native IMA mechanism.
+
+ In the IMA appraisal scenario, the Digest Lists extension performs signature verification in the startup phase to prevent signature verification from being performed each time the file is accessed. This helps deliver a 20% higher file access performance in the operation phase than that in the native IMA appraisal scenario.
+
+- **Fast deployment and smooth upgrade**
+
+ When the native IMA mechanism is deployed for the first time or the software package is updated, you need to switch to the fix mode, manually mark the extended attributes of the file, and then restart the system to enter the enforcing mode. In this way, the installed program can be accessed normally.
+
+ The Digest Lists extension can be used immediately after the installation is completed. In addition, the RPM package can be directly installed or upgraded in the enforcing mode without restarting the system or manually marking the extended attributes of the file. This minimizes user perception during the operation, allowing for quick deployment and smooth upgrade on the live network.
+
+Note: The IMA Digest Lists extension advances the signature verification of the native IMA to the startup phase. This causes the assumption that the memory in the kernel space cannot be tampered with. As a result, the IMA depends on other security mechanisms (secure startup of kernel module and dynamic memory measurement) to protect the integrity of the kernel memory.
+
+However, either the native IMA mechanism of the community or the IMA Digest Lists extension is only a link in the trust chain of trusted computing, and cannot ensure the system security alone. Security construction is always a systematic project that builds in-depth defense.
+
+### Constraints
+
+1. The current IMA appraisal mode can only protect immutable files in the system, including executable files and dynamic library files.
+2. The IMA provides integrity measurement at the application layer. The security of the IMA depends on the reliability of the previous links.
+3. Currently, the IMA does not support the import of the third-party application digest lists.
+4. The startup log may contain `Unable to open file: /etc/keys/x509_ima.der`. This error is reported from the open source community and does not affect the use of the IMA digest lists feature.
+5. In the ARM version, audit errors may occur when the log mode is enabled for the IMA. This occurs because the modprobe loads the kernel module before the digest lists are imported, but does not affect the normal functions.
+
+### Application Scenario
+
+#### IMA Measurement
+
+The purpose of IMA measurement is to detect unexpected or malicious modifications to system files. The measurement result can be used for local or remote attestation.
+
+If a TPM chip exists in the system, the measurement result is extended to a specified PCR register of the TPM chip. Due to the unidirectional PCR extension and the hardware security of the TPM chip, a user cannot modify the extended measurement result, thereby ensuring authenticity of the measurement result.
+
+The file scope and triggering conditions of IMA measurement can be configured by the user using the IMA policy.
+
+By default, IMA is disabled. However, the system searches for the **ima-policy** policy file in the `/etc/ima/` path. If the file is found, the system measures the files in the system based on the policy during startup. If you do not want to manually compile the policy file, you can configure the `ima_policy=tcb` in the startup parameters using the default policy. For details about more policy parameters, see the section *IMA Startup Parameters* in *Appendix*.
+
+You can check the currently loaded IMA policy in the `/sys/kernel/security/ima/policy` file. The IMA measurement log is located in the `/sys/kernel/security/ima/ascii_runtime_measurements` file, as shown in the following figure:
+
+```shell
+$ head /sys/kernel/security/ima/ascii_runtime_measurements
+10 ddee6004dc3bd4ee300406cd93181c5a2187b59b ima-ng sha1:9797edf8d0eed36b1cf92547816051c8af4e45ee boot_aggregate
+10 180ecafba6fadbece09b057bcd0d55d39f1a8a52 ima-ng sha1:db82919bf7d1849ae9aba01e28e9be012823cf3a /init
+10 ac792e08a7cf8de7656003125c7276968d84ea65 ima-ng sha1:f778e2082b08d21bbc59898f4775a75e8f2af4db /bin/bash
+10 0a0d9258c151356204aea2498bbca4be34d6bb05 ima-ng sha1:b0ab2e7ebd22c4d17d975de0d881f52dc14359a7 /lib64/ld-2.27.so
+10 0d6b1d90350778d58f1302d00e59493e11bc0011 ima-ng sha1:ce8204c948b9fe3ae67b94625ad620420c1dc838 /etc/ld.so.cache
+10 d69ac2c1d60d28b2da07c7f0cbd49e31e9cca277 ima-ng sha1:8526466068709356630490ff5196c95a186092b8 /lib64/libreadline.so.7.0
+10 ef3212c12d1fbb94de9534b0bbd9f0c8ea50a77b ima-ng sha1:f80ba92b8a6e390a80a7a3deef8eae921fc8ca4e /lib64/libc-2.27.so
+10 f805861177a99c61eabebe21003b3c831ccf288b ima-ng sha1:261a3cd5863de3f2421662ba5b455df09d941168 /lib64/libncurses.so.6.1
+10 52f680881893b28e6f0ce2b132d723a885333500 ima-ng sha1:b953a3fa385e64dfe9927de94c33318d3de56260 /lib64/libnss_files-2.27.so
+10 4da8ce3c51a7814d4e38be55a2a990a5ceec8b27 ima-ng sha1:99a9c095c7928ecca8c3a4bc44b06246fc5f49de /etc/passwd
+```
+
+From left to right, the content of each record indicates:
+
+1. PCR: PCR register for extending measurement results (The default value is 10. This register is valid only when the TPM chip is installed in the system.)
+2. Template hash value: hash value that is finally used for extension, combining the file content hash and the length and value of the file path
+3. Template: template of the extended measurement value, for example, **ima-ng**
+4. File content hash value: hash value of the measured file content
+5. File path: path of the measured file
+
+#### IMA Appraisal
+
+The purpose of IMA appraisal is to control access to local files by comparing the reference value with the standard reference value.
+
+IMA uses the security extension attributes **security.ima** and **security.evm** to store the reference values of file integrity measurement.
+
+- **security.ima**: stores the hash value of the file content
+- **security.evm**: stores the hash value signature of a file extended attribute
+
+When a protected file is accessed, the hook in the kernel is triggered to verify the integrity of the extended attributes and content of the file.
+
+1. Use the public key in the kernel keyring to verify the signature value in the extended attribute of the **security.evm** file, and compare this signature value with the hash value of the extended attribute of the current file. If they match, the extended attribute of the file is complete (including **security.ima**).
+2. When the extended attribute of the file is complete, the system compares the extended attribute of the file **security.ima** with the digest value of the current file content. If they match, the system allows for the access to the file.
+
+Likewise, the file scope and trigger conditions for IMA appraisal can be configured by users using IMA policies.
+
+#### IMA Digest Lists
+
+Currently, the IMA Digest Lists extension supports the following three combinations of startup parameters:
+
+* IMA measurement mode:
+
+ ```shell
+ ima_policy=exec_tcb ima_digest_list_pcr=11
+ ```
+
+* IMA appraisal log mode + IMA measurement mode:
+
+ ```shell
+ ima_template=ima-sig ima_policy="exec_tcb|appraise_exec_tcb|appraise_exec_immutable" initramtmpfs ima_hash=sha256 ima_appraise=log evm=allow_metadata_writes evm=x509 ima_digest_list_pcr=11 ima_appraise_digest_list=digest
+ ```
+
+* IMA appraisal enforcing mode + IMA measurement mode:
+
+ ```shell
+ ima_template=ima-sig ima_policy="exec_tcb|appraise_exec_tcb|appraise_exec_immutable" initramtmpfs ima_hash=sha256 ima_appraise=enforce-evm evm=allow_metadata_writes evm=x509 ima_digest_list_pcr=11 ima_appraise_digest_list=digest
+ ```
+
+### Procedure
+
+#### Initial Deployment in the Native IMA Scenario
+
+When the system is started for the first time, you need to configure the following startup parameters:
+
+```shell
+ima_appraise=fix ima_policy=appraise_tcb
+```
+
+In the `fix` mode, the system can be started when no reference value is available. `appraise_tcb` corresponds to an IMA policy. For details, see *IMA Startup Parameters* in the *Appendix*.
+
+Next, you need to access all the files that need to be verified to add IMA extended attributes to them:
+
+```shell
+$ time find / -fstype ext4 -type f -uid 0 -exec dd if='{}' of=/dev/null count=0 status=none \;
+```
+
+This process takes some time. After the command is executed, you can see the marked reference value in the extended attributes of the protected file.
+
+```shell
+$ getfattr -m - -d /sbin/init
+# file: sbin/init
+security.ima=0sAXr7Qmun5mkGDS286oZxCpdGEuKT
+security.selinux="system_u:object_r:init_exec_t"
+```
+
+Configure the following startup parameters and restart the system:
+
+```shell
+ima_appraise=enforce ima_policy=appraise_tcb
+```
+
+#### Initial Deployment in the Digest Lists Scenario
+
+1. Set kernel parameters to enter the log mode.
+
+ Add the following parameters to edit the `/boot/efi/EFI/euleros/grub.cfg` file:
+
+ ```shell
+ ima_template=ima-sig ima_policy="exec_tcb|appraise_exec_tcb|appraise_exec_immutable" initramtmpfs ima_hash=sha256 ima_appraise=log evm=allow_metadata_writes evm=x509 ima_digest_list_pcr=11 ima_appraise_digest_list=digest
+ ```
+
+ Run the `reboot` command to restart the system and enter the log mode. In this mode, integrity check has been enabled, but the system can be started even if the check fails.
+
+2. Install the dependency package.
+
+ Run the **yum** command to install **digest-list-tools** and **ima-evm-utils**. Ensure that the versions are not earlier than the following:
+
+ ```shell
+ $ yum install digest-list-tools ima-evm-utils
+ $ rpm -qa | grep digest-list-tools
+ digest-list-tools-0.3.93-1.oe1.x86_64
+ $ rpm -qa | grep ima-evm-utils
+ ima-evm-utils-1.2.1-9.oe1.x86_64
+ ```
+
+3. If the **plymouth** package is installed, you need to add `-a` to the end of the **cp** command in line 147 in the `/usr/libexec/plymouth/plymouth-populate-initrd` script file:
+
+ ```shell
+ ...
+ ddebug "Installing $_src"
+ cp -a --sparse=always -pfL "$PLYMOUTH_SYSROOT$_src" "${initdir}/$target"
+ }
+ ```
+
+4. Run `dracut` to generate **initrd** again:
+
+ ```shell
+ $ dracut -f -e xattr
+ ```
+
+ Edit the `/boot/efi/EFI/euleros/grub.cfg` file by changing **ima\_appraise=log** to **ima\_appraise=enforce-evm**.
+
+ ```shell
+ ima_template=ima-sig ima_policy="exec_tcb|appraise_exec_tcb|appraise_exec_immutable" initramtmpfs ima_hash=sha256 ima_appraise=enforce-evm evm=allow_metadata_writes evm=x509 ima_digest_list_pcr=11 ima_appraise_digest_list=digest
+ ```
+
+ Run the **reboot** command to complete the initial deployment.
+
+#### Building Digest Lists on OBS
+
+Open Build Service (OBS) is a compilation system that was first used for building software packages in openSUSE and supports distributed compilation of multiple architectures.
+
+Before building a digest list, ensure that your project contains the following RPM packages from openEuler:
+
+* digest-list-tools
+* pesign-obs-integration
+* selinux-policy
+* rpm
+* openEuler-rpm-config
+
+Add **Project Config** in the deliverable project:
+
+```shell
+Preinstall: pesign-obs-integration digest-list-tools selinux-policy-targeted
+Macros:
+%__brp_digest_list /usr/lib/rpm/openEuler/brp-digest-list %{buildroot}
+:Macros
+```
+
+* The following content is added to **Preinstall**: **digest-list-tools** for generating the digest list; **pesign-obs-integration** for generating the digest list signature; **selinux-policy-targeted**, ensuring that the SELinux label in the environment is correct when the digest list is generated.
+* Define the macro **%\_\_brp\_digest\_list** in Macros. The RPM runs this macro to generate a digest list for the compiled binary file in the build phase. This macro can be used as a switch to control whether the digest list is generated in the project.
+
+After the configuration is completed, OBS automatically performs full build. In normal cases, the following two files are added to the software package:
+
+* **/etc/ima/digest\_lists/0-metadata\_list-compact-\[package name]-\[version number]**
+* **/etc/ima/digest\_lists.tlv/0-metadata\_list-compact\_tlv-\[package name]-\[version number]**
+
+#### Building Digest Lists on Koji
+
+Koji is a compilation system of the Fedora community. The openEuler community will support Koji in the future.
+
+### FAQ
+
+1. Why does the system fail to be started, or commands fail to be executed, or services are abnormal after the system is started in enforcing mode?
+
+ In enforcing mode, IMA controls file access. If the content or extended attributes of a file to be accessed are incomplete, the access will be denied. If key commands that affect system startup cannot be executed, the system cannot be started.
+
+ Check whether the following problems exist:
+
+ * **Check whether the digest list is added to initrd.**
+
+ Check whether the **dracut** command is executed to add the digest list to the kernel during the initial deployment. If the digest list is not added to **initrd**, the digest list cannot be imported during startup. As a result, the startup fails.
+
+ * **Check whether the official RPM package is used.**
+
+ If a non-official openEuler RPM package is used, the RPM package may not carry the digest list, or the private key for signing the digest list does not match the public key for signature verification in the kernel. As a result, the digest list is not imported to the kernel.
+
+ If the cause is not clear, enter the log mode and find the cause from the error log:
+
+ ```shell
+ $ dmesg | grep appraise
+ ```
+
+2. Why access control is not performed on system files in enforcing mode?
+
+ When the system does not perform access control on the file as expected, check whether the IMA policy in the startup parameters is correctly configured:
+
+ ```shell
+ $ cat /proc/cmdline
+ ...ima_policy=exec_tcb|appraise_exec_tcb|appraise_exec_immutable...
+ ```
+
+ Run the following command to check whether the IMA policy in the current kernel has taken effect:
+
+ ```shell
+ $ cat /sys/kernel/security/ima/policy
+ ```
+
+ If the policy file is empty, it indicates that the policy fails to be set. In this case, the system does not perform access control.
+
+3. After the initial deployment is completed, do I need to manually run the **dracut** command to generate **initrd** after installing, upgrading, or uninstalling the software package?
+
+ No. The **digest\_list.so** plug-in provided by the RPM package can automatically update the digest list at the RPM package granularity, allowing users to be unaware of the digest list.
+
+### Appendix
+
+#### Description of the IMA securityfs Interface
+
+The native IMA provides the following **securityfs** interfaces:
+
+> Note: The following interface paths are in the `/sys/kernel/security/` directory.
+
+| Path | Permission | Description |
+| ------------------------------ | ---------- | ------------------------------------------------------------ |
+| ima/policy | 600 | IMA policy interface |
+| ima/ascii_runtime_measurement | 440 | IMA measurement result in ASCII code format |
+| ima/binary_runtime_measurement | 440 | IMA measurement result in binary format |
+| ima/runtime_measurement_count | 440 | Measurement result statistics |
+| ima/violations | 440 | Number of IMA measurement result conflicts |
+| evm | 660 | EVM mode, that is, the mode for verifying the integrity of extended attributes of files |
+
+The values of `/sys/kernel/security/evm` are as follows:
+
+* 0: EVM uninitialized.
+* 1: Uses HMAC (symmetric encryption) to verify the integrity of extended attributes.
+* 2: Uses the public key signature (asymmetric encryption) to verify the integrity of extended attributes.
+* 6: Disables the integrity check of extended attributes (This mode is used for openEuler).
+
+The additional **securityfs** interfaces provided by the IMA Digest Lists extension are as follows:
+
+| Path | Permission | Description |
+| ------------------------ | ---------- | ---------------------------------------------------------- |
+| ima/digests_count | 440 | Total number of digests (IMA+EVM) in the system hash table |
+| ima/digest_list_data | 200 | New interfaces in the digest list |
+| ima/digest_list_data_del | 200 | Interfaces deleted from the digest list |
+
+#### IMA Policy Syntax
+
+Each IMA policy statement must start with an **action** represented by the keyword action and be followed by a **filtering condition**:
+
+- **action**: indicates the action of a policy. Only one **action** can be selected for a policy.
+
+ > Note: You can **ignore the word action** and directly write **dont\_measure** instead of **action=dont\_measure**.
+
+- **func**: indicates the type of the file to be measured or authenticated. It is often used together with **mask**. Only one **func** can be selected for a policy.
+
+ - **FILE\_CHECK** can be used only with **MAY\_EXEC**, **MAY\_WRITE**, and **MAY\_READ**.
+ - **MODULE\_CHECK**, **MMAP\_CHECK**, and **BPRM\_CHECK** can be used only with **MAY\_EXEC**.
+ - A combination without the preceding matching relationships does not take effect.
+
+- **mask**: indicates the operation upon which files will be measured or appraised. Only one **mask** can be selected for a policy.
+
+- **fsmagic**: indicates the hexadecimal magic number of the file system type, which is defined in the `/usr/include/linux/magic.h` file.
+
+ > Note: By default, all file systems are measured unless you use the **dont\_measure/dont\_appraise** to mark a file system not to be measured.
+
+- **fsuid**: indicates the UUID of a system device. The value is a hexadecimal string of 16 characters.
+
+- **objtype**: indicates the file type. Only one file type can be selected for a policy.
+
+ > Note: **objtype** has a finer granularity than **func**. For example, **obj\_type=nova\_log\_t** indicates the nova log file.
+
+- **uid**: indicates the user (represented by the user ID) who performs operations on the file. Only one **uid** can be selected for a policy.
+
+- **fowner**: indicates the owner (represented by the user ID) of the file. Only one **fowner** can be selected for a policy.
+
+The values and description of the keywords are as follows:
+
+| Keyword | Value | Description |
+| ------------- | ------------------ | ------------------------------------------------------------ |
+| action | measure | Enables IMA measurement |
+| | dont_measure | Disables IMA measurement |
+| | appraise | Enables IMA appraisal |
+| | dont_appraise | Disables IMA appraisal |
+| | audit | Enables audit |
+| func | FILE_CHECK | File to be opened |
+| | MODULE_CHECK | Kernel module file to be loaded |
+| | MMAP_CHECK | Dynamic library file to be mapped to the memory space of the process |
+| | BRPM_CHECK | File to be executed (excluding script files opened by programs such as `/bin/hash`) |
+| | POLICY_CHECK | File to be loaded as a supplement to the IMA policy |
+| | FIRMWARE_CHECK | Firmware to be loaded into memory |
+| | DIGEST_LIST_CHECK | Digest list file to be loaded into the kernel |
+| | KEXEC_KERNEL_CHECK | kexec kernel to be switched to |
+| mask | MAY_EXEC | Executes a file |
+| | MAY_WRITE | Writes data to a file This operation is not recommended because it is restricted by open source mechanisms such as echo and vim (the essence of modification is to create a temporary file and then rename it). The IMA measurement of **MAY\_WRITE** is not triggered each time the file is modified. |
+| | MAY_READ | Reads a file |
+| | MAY_APPEND | Extends file attributes |
+| fsmagic | fsmagic=xxx | Hexadecimal magic number of the file system type |
+| fsuuid | fsuuid=xxx | UUID of a system device. The value is a hexadecimal string of 16 characters. |
+| fowner | fowner=xxx | User ID of the file owner |
+| uid | uid=xxx | ID of the user who operates the file |
+| obj_type | obj_type=xxx_t | File type (based on the SELinux tag) |
+| pcr | pcr= | Selects the PCR used to extend the measurement values in the TPM. The default value is 10. |
+| appraise_type | imasig | Signature-based IMA appraisal |
+| | meta_immutable | Evaluates the extended attributes of the file based on signatures (supporting the digest list). |
+
+> Note: **PATH\_CHECK** is equivalent to **FILE\_CHECK**, and **FILE\_MMAP** is equivalent to **MMAP\_CHECK**. They are not mentioned in this table.
+
+#### IMA Native Startup Parameters
+
+The following table lists the kernel startup parameters of the native IMA.
+
+| Parameter | Value | Description |
+| ---------------- | ------------ | ------------------------------------------------------------ |
+| ima_appraise | off | Disables the IMA appraisal mode. The integrity check is not performed when the file is accessed and no new reference value is generated for the file. |
+| | enforce | Enables the IMA appraisal enforcing mode to perform the integrity check when the file is accessed. That is, the file digest value is calculated and compared with the reference value. If the comparison fails, the file access is rejected. In this case, the IMA generates a new reference value for the new file. |
+| | fix | Enables the IMA repair mode. In this mode, the reference value of a protected file can be updated. |
+| | log | Enables the IMA appraisal log mode to perform the integrity check when the file is accessed. However, commands can be executed even if the check fails, and only logs are recorded. |
+| ima_policy | tcb | Measures all file execution, dynamic library mapping, kernel module import, and device driver loading. The file read behavior of the root user is also measured. |
+| | appraise_tcb | Evaluates all files whose owner is the root user. |
+| | secure_boot | Evaluates the kernel module import, hardware driver loading, kexec kernel switchover, and IMA policies. The prerequisite is that these files have IMA signatures. |
+| ima_tcb | None | Equivalent to **ima\_policy=tcb**. |
+| ima_appraise_tcb | None | Equivalent to **ima\_policy=appraise\_tcb**. |
+| ima_hash | sha1/md5/... | IMA digest algorithm. The default value is sha1. |
+| ima_template | ima | IMA measurement extension template |
+| | ima-ng | IMA measurement extension template |
+| | ima-sig | IMA measurement extension template |
+| integrity_audit | 0 | Basic integrity audit information (default) |
+| | 1 | Additional integrity audit information |
+
+> Note: The **ima\_policy** parameter can specify multiple values at the same time, for example, **ima\_policy=tcb\|appraise\_tcb**. After the system is started, the IMA policy of the system is the sum of the policies for the two parameters.
+
+The IMA policy for the `ima_policy=tcb` startup parameter is as follows:
+
+```
+# PROC_SUPER_MAGIC = 0x9fa0
+dont_measure fsmagic=0x9fa0
+# SYSFS_MAGIC = 0x62656572
+dont_measure fsmagic=0x62656572
+# DEBUGFS_MAGIC = 0x64626720
+dont_measure fsmagic=0x64626720
+# TMPFS_MAGIC = 0x01021994
+dont_measure fsmagic=0x1021994
+# DEVPTS_SUPER_MAGIC=0x1cd1
+dont_measure fsmagic=0x1cd1
+# BINFMTFS_MAGIC=0x42494e4d
+dont_measure fsmagic=0x42494e4d
+# SECURITYFS_MAGIC=0x73636673
+dont_measure fsmagic=0x73636673
+# SELINUX_MAGIC=0xf97cff8c
+dont_measure fsmagic=0xf97cff8c
+# SMACK_MAGIC=0x43415d53
+dont_measure fsmagic=0x43415d53
+# CGROUP_SUPER_MAGIC=0x27e0eb
+dont_measure fsmagic=0x27e0eb
+# CGROUP2_SUPER_MAGIC=0x63677270
+dont_measure fsmagic=0x63677270
+# NSFS_MAGIC=0x6e736673
+dont_measure fsmagic=0x6e736673
+measure func=MMAP_CHECK mask=MAY_EXEC
+measure func=BPRM_CHECK mask=MAY_EXEC
+measure func=FILE_CHECK mask=MAY_READ uid=0
+measure func=MODULE_CHECK
+measure func=FIRMWARE_CHECK
+```
+
+The IMA policy for the `ima_policy=tcb_appraise` startup parameter is as follows:
+
+```
+# PROC_SUPER_MAGIC = 0x9fa0
+dont_appraise fsmagic=0x9fa0
+# SYSFS_MAGIC = 0x62656572
+dont_appraise fsmagic=0x62656572
+# DEBUGFS_MAGIC = 0x64626720
+dont_appraise fsmagic=0x64626720
+# TMPFS_MAGIC = 0x01021994
+dont_appraise fsmagic=0x1021994
+# RAMFS_MAGIC
+dont_appraise fsmagic=0x858458f6
+# DEVPTS_SUPER_MAGIC=0x1cd1
+dont_appraise fsmagic=0x1cd1
+# BINFMTFS_MAGIC=0x42494e4d
+dont_appraise fsmagic=0x42494e4d
+# SECURITYFS_MAGIC=0x73636673
+dont_appraise fsmagic=0x73636673
+# SELINUX_MAGIC=0xf97cff8c
+dont_appraise fsmagic=0xf97cff8c
+# SMACK_MAGIC=0x43415d53
+dont_appraise fsmagic=0x43415d53
+# NSFS_MAGIC=0x6e736673
+dont_appraise fsmagic=0x6e736673
+# CGROUP_SUPER_MAGIC=0x27e0eb
+dont_appraise fsmagic=0x27e0eb
+# CGROUP2_SUPER_MAGIC=0x63677270
+dont_appraise fsmagic=0x63677270
+appraise fowner=0
+```
+
+The IMA policy for the `ima_policy=secure_boot` startup parameter is as follows:
+
+```
+appraise func=MODULE_CHECK appraise_type=imasig
+appraise func=FIRMWARE_CHECK appraise_type=imasig
+appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig
+appraise func=POLICY_CHECK appraise_type=imasig
+```
+
+#### IMA Digest List Startup Parameters
+
+The kernel startup parameters added to the IMA digest list feature are as follows:
+
+| Parameter | Value | Description |
+| ------------------------ | ----------------------- | ------------------------------------------------------------ |
+| integrity | 0 | Disables the IMA feature (by default) |
+| | 1 | Enables the IMA feature |
+| ima_appraise | off | Disables the IMA appraisal mode |
+| | enforce-evm | Enables the IMA appraisal forced mode to perform the integrity check when the file is accessed and control the access. |
+| ima_appraise_digest_list | digest | When the EVM is disabled, the abstract list is used for IMA appraise. The abstract list protects both the content and extended attributes of the file. |
+| | digest-nometadata | If the EVM digest value does not exist, the integrity check is performed only based on the IMA digest value (the file extended attribute is not protected). |
+| evm | fix | Allows for any modification to the extended attribute (even if the modification causes the failure to verify the integrity of the extended attribute). |
+| | ignore | Allowed to modify the extended attribute only when it does not exist or is incorrect. |
+| ima_policy | exec_tcb | IMA measurement policy. For details, see the following policy description. |
+| | appraise_exec_tcb | IMA appraisal policy. For details, see the following policy description. |
+| | appraise_exec_immutable | IMA appraisal policy. For details, see the following policy description. |
+| ima_digest_list_pcr | 11 | Uses PCR 11 instead of PCR 10, and uses only the digest list for measurement. |
+| | +11 | The PCR 10 measurement is reserved. When the TPM chip is available, the measurement result is written to the TPM chip. |
+| initramtmpfs | None | Adds the support for **tmpfs**. |
+
+
+
+The IMA policy for the `ima_policy=exec_tcb` startup parameter is as follows:
+
+```
+dont_measure fsmagic=0x9fa0
+dont_measure fsmagic=0x62656572
+dont_measure fsmagic=0x64626720
+dont_measure fsmagic=0x1cd1
+dont_measure fsmagic=0x42494e4d
+dont_measure fsmagic=0x73636673
+dont_measure fsmagic=0xf97cff8c
+dont_measure fsmagic=0x43415d53
+dont_measure fsmagic=0x27e0eb
+dont_measure fsmagic=0x63677270
+dont_measure fsmagic=0x6e736673
+measure func=MMAP_CHECK mask=MAY_EXEC
+measure func=BPRM_CHECK mask=MAY_EXEC
+measure func=MODULE_CHECK
+measure func=FIRMWARE_CHECK
+measure func=POLICY_CHECK
+measure func=DIGEST_LIST_CHECK
+measure parser
+```
+
+The IMA policy for the `ima_policy=appraise_exec_tcb` startup parameter is as follows:
+
+```
+appraise func=MODULE_CHECK appraise_type=imasig
+appraise func=FIRMWARE_CHECK appraise_type=imasig
+appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig
+appraise func=POLICY_CHECK appraise_type=imasig
+appraise func=DIGEST_LIST_CHECK appraise_type=imasig
+dont_appraise fsmagic=0x9fa0
+dont_appraise fsmagic=0x62656572
+dont_appraise fsmagic=0x64626720
+dont_appraise fsmagic=0x858458f6
+dont_appraise fsmagic=0x1cd1
+dont_appraise fsmagic=0x42494e4d
+dont_appraise fsmagic=0x73636673
+dont_appraise fsmagic=0xf97cff8c
+dont_appraise fsmagic=0x43415d53
+dont_appraise fsmagic=0x6e736673
+dont_appraise fsmagic=0x27e0eb
+dont_appraise fsmagic=0x63677270
+```
+
+The IMA policy for the `ima_policy=appraise_exec_immutable` startup parameter is as follows:
+
+```
+appraise func=BPRM_CHECK appraise_type=imasig appraise_type=meta_immutable
+appraise func=MMAP_CHECK
+appraise parser appraise_type=imasig
+```
+
+#### IMA Kernel Compilation Options
+
+The native IMA provides the following compilation options:
+
+| Compilation Option | Description |
+| -------------------------------- | ------------------------------------------------------- |
+| CONFIG_INTEGRITY | IMA/EVM compilation switch |
+| CONFIG_INTEGRITY_SIGNATURE | Enables IMA signature verification |
+| CONFIG_INTEGRITY_ASYMMETRIC_KEYS | Enables IMA asymmetric signature verification |
+| CONFIG_INTEGRITY_TRUSTED_KEYRING | Enables IMA/EVM key ring |
+| CONFIG_INTEGRITY_AUDIT | Compiles the IMA audit module |
+| CONFIG_IMA | IMA compilation switch |
+| CONFIG_IMA_WRITE_POLICY | Allows updating the IMA policy in the running phase |
+| CONFIG_IMA_MEASURE_PCR_IDX | Allows specifying the PCR number of the IMA measurement |
+| CONFIG_IMA_LSM_RULES | Allows configuring LSM rules |
+| CONFIG_IMA_APPRAISE | IMA appraisal compilation switch |
+| IMA_APPRAISE_BOOTPARAM | Enables IMA appraisal startup parameters |
+| CONFIG_EVM | EVM compilation switch |
+
+The additional compilation options provided by the IMA Digest Lists extension are as follows:
+
+| Compilation Option | Description |
+| ------------------ | ----------------------------------- |
+| CONFIG_DIGEST_LIST | Enables the IMA Digest List feature |
+
+#### IMA Performance Reference Data
+
+The following figure compares the performance when IMA is disabled, native IMA is enabled, and IMA digest list is enabled.
+
+
\ No newline at end of file
diff --git a/docs/en/docs/20.09/docs/Administration/user-and-user-group-management.md b/docs/en/docs/Administration/user-and-user-group-management.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/user-and-user-group-management.md
rename to docs/en/docs/Administration/user-and-user-group-management.md
diff --git a/docs/en/docs/20.09/docs/Administration/using-the-dnf-to-manage-software-packages.md b/docs/en/docs/Administration/using-the-dnf-to-manage-software-packages.md
similarity index 97%
rename from docs/en/docs/20.09/docs/Administration/using-the-dnf-to-manage-software-packages.md
rename to docs/en/docs/Administration/using-the-dnf-to-manage-software-packages.md
index 13e22d658218035a9ac656dfdf56cc3fb31c69c4..f29581d9fb787a9a0f263dfbf8102679bbde96de 100644
--- a/docs/en/docs/20.09/docs/Administration/using-the-dnf-to-manage-software-packages.md
+++ b/docs/en/docs/Administration/using-the-dnf-to-manage-software-packages.md
@@ -39,12 +39,12 @@ DNF is a Linux software package management tool used to manage RPM software pack
The main configuration file of the DNF is /etc/dnf/dnf.conf which consists of two parts:
-- The **main** part in the file stores the global settings of the DNF.
+- The **main** part in the file stores the global settings of the DNF.
-- The **repository** part in the file stores the settings of the software source. You can add one or more **repository** sections to the file.
+- The **repository** part in the file stores the settings of the software source. You can add one or more **repository** sections to the file.
+
+In addition, the /etc/yum.repos.d directory stores one or more repo source files, which define different repositories.
-In addition, the /etc/yum.repos.d directory stores one or more repo source files, which define different repositories.
-
You can configure a software source by either directly configuring the /etc/dnf/dnf.conf file or configuring the .repo file in the /etc/yum.repos.d directory.
#### Configuring the main Part
@@ -160,22 +160,21 @@ The repository part allows you to customize openEuler software source repositori
- Configuring the .repo file in the /etc/yum.repos.d directory
- openEuler provides multiple repo sources for users online. For details about the repo sources, see [System Installation](./../Releasenotes/installing-the-os.md.html). This section uses the OS repo source of the AArch64 architecture as an example.
+ openEuler provides multiple repo sources for users online. For details about the repo sources, see [System Installation](./../Releasenotes/installing-the-os.md.html).
- For example, run the following command as the **root** user to add the openeuler repo source to the openEuler_aarch64.repo file.
+ For example, run the following command as the **root** user to add the openeuler repo source to the openEuler.repo file.
```
- # vi /etc/yum.repos.d/openEuler_aarch64.repo
+ # vi /etc/yum.repos.d/openEuler.repo
```
```
- [osrepo]
- name=osrepo
- baseurl=https://repo.openeuler.org/openEuler-20.09/OS/aarch64/
+ [OS]
+ name=openEuler-$releasever - OS
+ baseurl=https://repo.openeuler.org/openEuler-20.09/OS/$basearch/
enabled=1
gpgcheck=1
- gpgkey=https://repo.openeuler.org/openEuler-20.09/OS/aarch64/RPM-GPG-KEY-openEuler
-
+ gpgkey=https://repo.openeuler.org/openEuler-20.09/OS/$basearch/RPM-GPG-KEY-openEuler
```
> **NOTE:**
@@ -327,7 +326,7 @@ Available Packages
Name : httpd
Version : 2.4.34
Release : 8.h5.oe1
-Arch : aarch64
+Arch : aarch64
Size : 1.2 M
Repo : Local
Summary : Apache HTTP Server
@@ -480,7 +479,7 @@ dnf group install groupid
For example, to install the software package group of Development Tools, run the following command:
```
-# dnf group install "Development Tools"
+# dnf group install "Development Tools"
```
```
@@ -501,7 +500,7 @@ dnf group remove groupid
For example, to delete the software package group of Development Tools, run the following command:
```
-# dnf group remove "Development Tools"
+# dnf group remove "Development Tools"
```
```
diff --git a/docs/en/docs/20.09/docs/Administration/using-the-kae.md b/docs/en/docs/Administration/using-the-kae.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/using-the-kae.md
rename to docs/en/docs/Administration/using-the-kae.md
diff --git a/docs/en/docs/20.09/docs/Administration/viewing-system-information.md b/docs/en/docs/Administration/viewing-system-information.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Administration/viewing-system-information.md
rename to docs/en/docs/Administration/viewing-system-information.md
diff --git a/docs/en/docs/ApplicationDev/FAQ.md b/docs/en/docs/ApplicationDev/FAQ.md
new file mode 100644
index 0000000000000000000000000000000000000000..8b355eeed2a4e1db834a8383829dfebc77752f89
--- /dev/null
+++ b/docs/en/docs/ApplicationDev/FAQ.md
@@ -0,0 +1,27 @@
+# FAQ
+
+
+
+- [FAQ](#faq)
+ - [The self-compilation of some applications that depend on the **java-devel** package fails.](#部分依赖java-devel的应用程序自编译失败)
+
+
+
+## The self-compilation of some applications that depend on the **java-devel** package fails.
+
+### Symptom
+
+The self-compilation of some applications that depend on java-devel fails when the rpmbuild command is executed.
+
+### Cause Analysis
+
+To provide OpenJDK features that are updated and compatible with Java applications, the openEuler provides OpenJDK of multiple versions, such as OpenJDK 1.8.0 and OpenJDK 11. The compilation of some applications depends on the **java-devel** package. When the **java-devel** package is installed, the system installs java-11-openjdk of a later version by default. As a result, the compilation of these applications fails.
+
+### Solution
+
+You need to run the following command to install java-1.8.0-openjdk and then run the **rpmbuild** command to perform self-compilation:
+
+```
+# yum install java-1.8.0-openjdk
+
+```
\ No newline at end of file
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/application-development.md b/docs/en/docs/ApplicationDev/application-development.md
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/application-development.md
rename to docs/en/docs/ApplicationDev/application-development.md
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/building-an-rpm-package.md b/docs/en/docs/ApplicationDev/building-an-rpm-package.md
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/building-an-rpm-package.md
rename to docs/en/docs/ApplicationDev/building-an-rpm-package.md
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/add-file-page.png b/docs/en/docs/ApplicationDev/figures/add-file-page.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/add-file-page.png
rename to docs/en/docs/ApplicationDev/figures/add-file-page.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/branch-confirmation-page.png b/docs/en/docs/ApplicationDev/figures/branch-confirmation-page.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/branch-confirmation-page.png
rename to docs/en/docs/ApplicationDev/figures/branch-confirmation-page.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/create-package-page.png b/docs/en/docs/ApplicationDev/figures/create-package-page.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/create-package-page.png
rename to docs/en/docs/ApplicationDev/figures/create-package-page.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/creating-a-software-package.png b/docs/en/docs/ApplicationDev/figures/creating-a-software-package.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/creating-a-software-package.png
rename to docs/en/docs/ApplicationDev/figures/creating-a-software-package.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/deleting-a-software-package-from-a-subproject.png b/docs/en/docs/ApplicationDev/figures/deleting-a-software-package-from-a-subproject.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/deleting-a-software-package-from-a-subproject.png
rename to docs/en/docs/ApplicationDev/figures/deleting-a-software-package-from-a-subproject.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/en-us_image_0229243671.png b/docs/en/docs/ApplicationDev/figures/en-us_image_0229243671.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/en-us_image_0229243671.png
rename to docs/en/docs/ApplicationDev/figures/en-us_image_0229243671.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/en-us_image_0229243702.png b/docs/en/docs/ApplicationDev/figures/en-us_image_0229243702.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/en-us_image_0229243702.png
rename to docs/en/docs/ApplicationDev/figures/en-us_image_0229243702.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/en-us_image_0229243704.png b/docs/en/docs/ApplicationDev/figures/en-us_image_0229243704.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/en-us_image_0229243704.png
rename to docs/en/docs/ApplicationDev/figures/en-us_image_0229243704.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/en-us_image_0229243712.png b/docs/en/docs/ApplicationDev/figures/en-us_image_0229243712.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/en-us_image_0229243712.png
rename to docs/en/docs/ApplicationDev/figures/en-us_image_0229243712.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/repositories-page.png b/docs/en/docs/ApplicationDev/figures/repositories-page.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/repositories-page.png
rename to docs/en/docs/ApplicationDev/figures/repositories-page.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/rpm-software-package-download-page.png b/docs/en/docs/ApplicationDev/figures/rpm-software-package-download-page.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/rpm-software-package-download-page.png
rename to docs/en/docs/ApplicationDev/figures/rpm-software-package-download-page.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/figures/succeeded-page.png b/docs/en/docs/ApplicationDev/figures/succeeded-page.png
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/figures/succeeded-page.png
rename to docs/en/docs/ApplicationDev/figures/succeeded-page.png
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/preparation.md b/docs/en/docs/ApplicationDev/preparation.md
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/preparation.md
rename to docs/en/docs/ApplicationDev/preparation.md
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-caution.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-caution.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-caution.gif
rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-caution.gif
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-danger.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-danger.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-danger.gif
rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-danger.gif
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-note.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-note.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-note.gif
rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-note.gif
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-notice.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-notice.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-notice.gif
rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-notice.gif
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-tip.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-tip.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-tip.gif
rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-tip.gif
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-warning.gif b/docs/en/docs/ApplicationDev/public_sys-resources/icon-warning.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/public_sys-resources/icon-warning.gif
rename to docs/en/docs/ApplicationDev/public_sys-resources/icon-warning.gif
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/using-gcc-for-compilation.md b/docs/en/docs/ApplicationDev/using-gcc-for-compilation.md
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/using-gcc-for-compilation.md
rename to docs/en/docs/ApplicationDev/using-gcc-for-compilation.md
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/using-jdk-for-compilation.md b/docs/en/docs/ApplicationDev/using-jdk-for-compilation.md
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/using-jdk-for-compilation.md
rename to docs/en/docs/ApplicationDev/using-jdk-for-compilation.md
diff --git a/docs/en/docs/20.09/docs/ApplicationDev/using-make-for-compilation.md b/docs/en/docs/ApplicationDev/using-make-for-compilation.md
similarity index 100%
rename from docs/en/docs/20.09/docs/ApplicationDev/using-make-for-compilation.md
rename to docs/en/docs/ApplicationDev/using-make-for-compilation.md
diff --git a/docs/en/docs/20.09/docs/Container/appendix-1.md b/docs/en/docs/Container/appendix-1.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/appendix-1.md
rename to docs/en/docs/Container/appendix-1.md
diff --git a/docs/en/docs/20.09/docs/Container/appendix-2.md b/docs/en/docs/Container/appendix-2.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/appendix-2.md
rename to docs/en/docs/Container/appendix-2.md
diff --git a/docs/en/docs/20.09/docs/Container/appendix.md b/docs/en/docs/Container/appendix.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/appendix.md
rename to docs/en/docs/Container/appendix.md
diff --git a/docs/en/docs/20.09/docs/Container/application-scenarios-2.md b/docs/en/docs/Container/application-scenarios-2.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/application-scenarios-2.md
rename to docs/en/docs/Container/application-scenarios-2.md
diff --git a/docs/en/docs/20.09/docs/Container/application-scenarios.md b/docs/en/docs/Container/application-scenarios.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/application-scenarios.md
rename to docs/en/docs/Container/application-scenarios.md
diff --git a/docs/en/docs/20.09/docs/Container/checking-the-container-health-status.md b/docs/en/docs/Container/checking-the-container-health-status.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/checking-the-container-health-status.md
rename to docs/en/docs/Container/checking-the-container-health-status.md
diff --git a/docs/en/docs/20.09/docs/Container/command-reference.md b/docs/en/docs/Container/command-reference.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/command-reference.md
rename to docs/en/docs/Container/command-reference.md
diff --git a/docs/en/docs/20.09/docs/Container/configurable-cgroup-path.md b/docs/en/docs/Container/configurable-cgroup-path.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/configurable-cgroup-path.md
rename to docs/en/docs/Container/configurable-cgroup-path.md
diff --git a/docs/en/docs/20.09/docs/Container/configuring-networking-for-a-secure-container.md b/docs/en/docs/Container/configuring-networking-for-a-secure-container.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/configuring-networking-for-a-secure-container.md
rename to docs/en/docs/Container/configuring-networking-for-a-secure-container.md
diff --git a/docs/en/docs/20.09/docs/Container/configuring-resources-for-a-secure-container.md b/docs/en/docs/Container/configuring-resources-for-a-secure-container.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/configuring-resources-for-a-secure-container.md
rename to docs/en/docs/Container/configuring-resources-for-a-secure-container.md
diff --git a/docs/en/docs/20.09/docs/Container/container-engine.md b/docs/en/docs/Container/container-engine.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/container-engine.md
rename to docs/en/docs/Container/container-engine.md
diff --git a/docs/en/docs/20.09/docs/Container/container-management-1.md b/docs/en/docs/Container/container-management-1.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/container-management-1.md
rename to docs/en/docs/Container/container-management-1.md
diff --git a/docs/en/docs/20.09/docs/Container/container-management-2.md b/docs/en/docs/Container/container-management-2.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/container-management-2.md
rename to docs/en/docs/Container/container-management-2.md
diff --git a/docs/en/docs/20.09/docs/Container/container-management.md b/docs/en/docs/Container/container-management.md
similarity index 99%
rename from docs/en/docs/20.09/docs/Container/container-management.md
rename to docs/en/docs/Container/container-management.md
index cc81d13b9c691fb1efc0253043f442eedf07bfe6..ef6dc65d475f8680e1908be5eb7c62a718944d89 100644
--- a/docs/en/docs/20.09/docs/Container/container-management.md
+++ b/docs/en/docs/Container/container-management.md
@@ -51,7 +51,7 @@ The following table lists the parameters supported by the **create** command.
Description
-
create
+
create
--annotation
@@ -234,7 +234,7 @@ The following table lists the parameters supported by the **create** command.
--mount
-
Mounts a host directory to a container.
+
Mounts the host directory, volume, or file system to the container.
--no-healthcheck
@@ -303,6 +303,11 @@ The following table lists the parameters supported by the **create** command.
Mounts a volume.
+
--volumes-from=[]
+
+
Uses the mounting configuration of the specified container.
+
+
diff --git a/docs/en/docs/20.09/docs/Container/container-resource-management.md b/docs/en/docs/Container/container-resource-management.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/container-resource-management.md
rename to docs/en/docs/Container/container-resource-management.md
diff --git a/docs/en/docs/20.09/docs/Container/container.md b/docs/en/docs/Container/container.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/container.md
rename to docs/en/docs/Container/container.md
diff --git a/docs/en/docs/20.09/docs/Container/cri.md b/docs/en/docs/Container/cri.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/cri.md
rename to docs/en/docs/Container/cri.md
diff --git a/docs/en/docs/20.09/docs/Container/docker-container.md b/docs/en/docs/Container/docker-container.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/docker-container.md
rename to docs/en/docs/Container/docker-container.md
diff --git a/docs/en/docs/20.09/docs/Container/dynamically-loading-the-kernel-module.md b/docs/en/docs/Container/dynamically-loading-the-kernel-module.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/dynamically-loading-the-kernel-module.md
rename to docs/en/docs/Container/dynamically-loading-the-kernel-module.md
diff --git a/docs/en/docs/20.09/docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md b/docs/en/docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md
rename to docs/en/docs/Container/dynamically-managing-container-resources-(syscontainer-tools).md
diff --git a/docs/en/docs/20.09/docs/Container/environment-variable-persisting.md b/docs/en/docs/Container/environment-variable-persisting.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/environment-variable-persisting.md
rename to docs/en/docs/Container/environment-variable-persisting.md
diff --git a/docs/en/docs/20.09/docs/Container/figures/en-us_image_0183048952.png b/docs/en/docs/Container/figures/en-us_image_0183048952.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/figures/en-us_image_0183048952.png
rename to docs/en/docs/Container/figures/en-us_image_0183048952.png
diff --git a/docs/en/docs/20.09/docs/Container/figures/en-us_image_0221924926.png b/docs/en/docs/Container/figures/en-us_image_0221924926.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/figures/en-us_image_0221924926.png
rename to docs/en/docs/Container/figures/en-us_image_0221924926.png
diff --git a/docs/en/docs/20.09/docs/Container/figures/en-us_image_0221924927.png b/docs/en/docs/Container/figures/en-us_image_0221924927.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/figures/en-us_image_0221924927.png
rename to docs/en/docs/Container/figures/en-us_image_0221924927.png
diff --git a/docs/en/docs/20.09/docs/Container/figures/isula-build_arch.png b/docs/en/docs/Container/figures/isula-build_arch.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/figures/isula-build_arch.png
rename to docs/en/docs/Container/figures/isula-build_arch.png
diff --git a/docs/en/docs/20.09/docs/Container/figures/relationship-between-the-secure-container-and-peripheral-components.png b/docs/en/docs/Container/figures/relationship-between-the-secure-container-and-peripheral-components.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/figures/relationship-between-the-secure-container-and-peripheral-components.png
rename to docs/en/docs/Container/figures/relationship-between-the-secure-container-and-peripheral-components.png
diff --git a/docs/en/docs/20.09/docs/Container/figures/secure-container.png b/docs/en/docs/Container/figures/secure-container.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/figures/secure-container.png
rename to docs/en/docs/Container/figures/secure-container.png
diff --git a/docs/en/docs/20.09/docs/Container/image-management-1.md b/docs/en/docs/Container/image-management-1.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/image-management-1.md
rename to docs/en/docs/Container/image-management-1.md
diff --git a/docs/en/docs/20.09/docs/Container/image-management-2.md b/docs/en/docs/Container/image-management-2.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/image-management-2.md
rename to docs/en/docs/Container/image-management-2.md
diff --git a/docs/en/docs/20.09/docs/Container/image-management.md b/docs/en/docs/Container/image-management.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/image-management.md
rename to docs/en/docs/Container/image-management.md
diff --git a/docs/en/docs/20.09/docs/Container/installation-and-deployment-1.md b/docs/en/docs/Container/installation-and-deployment-1.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/installation-and-deployment-1.md
rename to docs/en/docs/Container/installation-and-deployment-1.md
diff --git a/docs/en/docs/20.09/docs/Container/installation-and-deployment-2.md b/docs/en/docs/Container/installation-and-deployment-2.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/installation-and-deployment-2.md
rename to docs/en/docs/Container/installation-and-deployment-2.md
diff --git a/docs/en/docs/20.09/docs/Container/installation-configuration.md b/docs/en/docs/Container/installation-configuration.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/installation-configuration.md
rename to docs/en/docs/Container/installation-configuration.md
diff --git a/docs/en/docs/20.09/docs/Container/installation-guideline.md b/docs/en/docs/Container/installation-guideline.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/installation-guideline.md
rename to docs/en/docs/Container/installation-guideline.md
diff --git a/docs/en/docs/20.09/docs/Container/installation-upgrade-Uninstallation.md b/docs/en/docs/Container/installation-upgrade-Uninstallation.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/installation-upgrade-Uninstallation.md
rename to docs/en/docs/Container/installation-upgrade-Uninstallation.md
diff --git a/docs/en/docs/20.09/docs/Container/interconnection-with-the-cni-network.md b/docs/en/docs/Container/interconnection-with-the-cni-network.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/interconnection-with-the-cni-network.md
rename to docs/en/docs/Container/interconnection-with-the-cni-network.md
diff --git a/docs/en/docs/20.09/docs/Container/isula-build.md b/docs/en/docs/Container/isula-build.md
similarity index 96%
rename from docs/en/docs/20.09/docs/Container/isula-build.md
rename to docs/en/docs/Container/isula-build.md
index 986f85259b05df8d61d1b94b1ba416f8f89a0ff3..5b168754501bc7c896e8bc4d96786179e297c8c5 100644
--- a/docs/en/docs/20.09/docs/Container/isula-build.md
+++ b/docs/en/docs/Container/isula-build.md
@@ -1,3 +1,5 @@
+# Container Image Building
+
@@ -35,6 +37,7 @@
+## Overview
isula-build is a container image build tool developed by the iSula container team. It allows you to quickly build container images using Dockerfiles.
@@ -46,9 +49,9 @@ Note:
- Currently, isula-build supports only Docker images.
-# Installation
+## Installation
-## Preparations
+### Preparations
To ensure that isula-build can be successfully installed, the following software and hardware requirements must be met:
@@ -56,7 +59,7 @@ To ensure that isula-build can be successfully installed, the following software
- Supported OS: openEuler
- You have the permissions of the root user.
-### Installing isula-build
+#### Installing isula-build
Before using isula-build to build a container image, you need to install the following software packages:
@@ -89,9 +92,9 @@ Before using isula-build to build a container image, you need to install the fol
> **Note:**
After the installation is complete, you need to manually start the isula-build service. For details about how to start the service, see "Managing the isula-build Service."
-# Configuring and Managing the isula-build Service
+## Configuring and Managing the isula-build Service
-## Configuring the isula-build Service
+### Configuring the isula-build Service
After the isula-build software package is installed, the systemd starts the isula-build service based on the default configuration contained in the isula-build software package on the isula-build server. If the default configuration file on the isula-build server cannot meet your requirements, perform the following operations to customize the configuration file: After the default configuration is modified, restart the isula-build server for the new configuration to take effect. For details, see "Managing the isula-build Service."
@@ -136,14 +139,14 @@ Currently, the isula-build server contains the following configuration file:
-## Managing the isula-build Service
+### Managing the isula-build Service
Currently, openEuler uses systemd to manage the isula-build service. The isula-build software package contains the systemd service file. After installing the isula-build software package, you can use the systemd tool to start or stop the isula-build service. You can also manually start the isula-builder software. Note that only one isula-builder process can be started on a node at a time.
> **Note:**
> Only one isula-builder process can be started on a node at a time.
-### (Recommended) Using systemd for Management
+#### (Recommended) Using systemd for Management
You can run the following systemd commands to start, stop, and restart the isula-build service:
@@ -171,7 +174,7 @@ The systemd service file of the isula-build software installation package is sto
sudo systemctl daemon-reload
```
-### Directly Running isula-builder
+#### Directly Running isula-builder
You can also run the isula-builder command on the server to start the service. The isula-builder command can contain flags for service startup. The following flags are supported:
@@ -191,9 +194,9 @@ Start the isula-build service. For example, to specify the local persistency dir
sudo isula-builder --dataroot "/var/lib/isula-build" --debug=false
```
-# Usage Guidelines
+## Usage Guidelines
-## Prerequisites
+### Prerequisites
isula-build depends on the executable file runc to build the RUN command in the Dockerfile. Therefore, the runc must be pre-installed in the running environment of isula-build. The installation method depends on the application scenario. If you do not need to use the complete docker-engine tool chain, you can install only the docker-runc RPM package.
@@ -212,7 +215,7 @@ sudo yum install -y docker-engine
-## Overview
+### Overview
The isula-build client provides a series of commands for building and managing container images. Currently, the isula-build client provides the following command lines:
@@ -239,7 +242,7 @@ The following describes how to use these commands in detail.
-## ctr-img: Container Image Management
+### ctr-img: Container Image Management
The isula-build command groups all container image management commands into the `ctr-img` command. The command is as follows:
@@ -247,7 +250,7 @@ The isula-build command groups all container image management commands into the
isula-build ctr-img [command]
```
-### build: Container Image Build
+#### build: Container Image Build
The subcommand build of the ctr-img command is used to build container images. The command is as follows:
@@ -413,7 +416,7 @@ $ sudo isula-build ctr-img build --cap-add CAP_SYS_ADMIN --cap-add CAP_SYS_PTRAC
-### image: Viewing Local Persistent Build Images
+#### image: Viewing Local Persistent Build Images
You can run the images command to view the images in the local persistent storage.
@@ -431,7 +434,7 @@ localhost:5000/library/alpine latest a24bb4013296
-### import: Importing a Basic Container Image
+#### import: Importing a Basic Container Image
openEuler releases a basic container image, for example, openEuler-docker.x86_64.tar.xz, with the version. You can run the `ctr-img import` command to import the image to isula-build.
@@ -444,13 +447,13 @@ isula-build ctr-img import [flags]
Example:
```sh
-$ sudo isula-build ctr-img import ./openEuler-docker.x86_64.tar.xz openeuler:20.03
+$ sudo isula-build ctr-img import ./openEuler-docker.x86_64.tar.xz openeuler:20.09
Import success with image id: 7317851cd2ab33263eb293f68efee9d724780251e4e92c0fb76bf5d3c5585e37
$ sudo isula-build ctr-img images
---------------------------------------------- -------------------- ----------------- ------------------------ ------------
REPOSITORY TAG IMAGE ID CREATED SIZE
---------------------------------------------- -------------------- ----------------- ------------------------ ------------
-openeuler 20.03 7317851cd2ab 2020-08-01 06:25:34 500 MB
+openeuler 20.09 7317851cd2ab 2020-08-01 06:25:34 500 MB
---------------------------------------------- -------------------- ----------------- ------------------------ ------------
```
@@ -459,7 +462,7 @@ openeuler 20.03 7317851cd2
-### load: Importing Cascade Images
+#### load: Importing Cascade Images
Cascade images are images that are saved to the local computer by running the docker save or isula-build ctr-img save command. The compressed image package contains a layer-by-layer image package named layer.tar. You can run the ctr-img load command to import the image to isula-build.
@@ -505,7 +508,7 @@ Loaded image as c07ddb44daa97e9e8d2d68316b296cc9343ab5f3d2babc5e6e03b80cd580478e
-### rm: Deleting a Local Persistent Image
+#### rm: Deleting a Local Persistent Image
You can run the rm command to delete an image from the local persistent storage. The command is as follows:
@@ -528,7 +531,7 @@ Deleted: sha256:eeba1bfe9fca569a894d525ed291bdaef389d28a88c288914c1a9db7261ad12c
-### save: Exporting Cascade Images
+#### save: Exporting Cascade Images
You can run the save command to export the cascade images to the local disk. The command is as follows:
@@ -566,7 +569,7 @@ Save success with image: 21c3e96ac411
-### tag: Tagging Local Persistent Images
+#### tag: Tagging Local Persistent Images
You can run the tag command to add a tag to a local persistent container image. The command is as follows:
@@ -595,7 +598,7 @@ alpine v1 a24bb4013296
-## info: Viewing the Operating Environment and System Information
+### info: Viewing the Operating Environment and System Information
You can run the isula-build info command to view the running environment and system information of isula-build. The command is as follows:
@@ -632,7 +635,7 @@ $ sudo isula-build info -H
oepkgs.net
```
-## login: Logging In to the Remote Image Repository
+### login: Logging In to the Remote Image Repository
You can run the login command to log in to the remote image repository. The command is as follows:
@@ -663,7 +666,7 @@ Enter the password in interactive mode.
Login Succeeded
```
-## logout: Logging Out of the Remote Image Repository
+### logout: Logging Out of the Remote Image Repository
You can run the logout command to log out of the remote image repository. The command is as follows:
@@ -685,7 +688,7 @@ Example:
Removed authentications
```
-## version: Querying the isula-build Version
+### version: Querying the isula-build Version
You can run the version command to view the current version information.
@@ -707,11 +710,11 @@ You can run the version command to view the current version information.
```
-# Directly Integrating a Container Engine
+## Directly Integrating a Container Engine
isula-build can be integrated with iSulad or Docker to import the built container image to the local storage of the container engine.
-## Integration with iSulad
+### Integration with iSulad
Images that are successfully built can be directly exported to the iSulad.
@@ -734,7 +737,7 @@ busybox 2.0 2d414a5cad6d 2020-08-01 06:41:
> - It is required that isula-build and iSulad be on the same node.
> - When an image is directly exported to the iSulad, the isula-build client needs to temporarily store the successfully built image as `/var/tmp/isula-build-tmp-%v.tar` and then import it to the iSulad. Ensure that the /var/tmp/ directory has sufficient disk space. If the isula-build client process is killed or Ctrl+C is pressed during the export, you need to manually clear the `/var/tmp/isula-build-tmp-%v.tar` file.
-## Integration with Docker
+### Integration with Docker
Images that are successfully built can be directly exported to the Docker daemon.
@@ -756,10 +759,10 @@ busybox 2.0 2d414a5c
>
> - The isula-build and Docker must be on the same node.
-# \Appendix
+## \Appendix
-## Command Line Parameters
+### Command Line Parameters
**Table 1** Parameters in the ctr-img build command
@@ -806,11 +809,11 @@ busybox 2.0 2d414a5c
| -------- | --------- | ------------------------------------ |
| logout | -a, --all | Boolean, which indicates whether to log out of all logged-in image repositories. |
-## Communication Matrix
+### Communication Matrix
The isula-build component processes communicate with each other through the Unix socket file. No port is used for communication.
-## File and Permission
+### File and Permission
- All isula-build operations must be performed by the root user.
diff --git a/docs/en/docs/20.09/docs/Container/isulad-container-engine.md b/docs/en/docs/Container/isulad-container-engine.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/isulad-container-engine.md
rename to docs/en/docs/Container/isulad-container-engine.md
diff --git a/docs/en/docs/Container/local-volume-management.md b/docs/en/docs/Container/local-volume-management.md
new file mode 100644
index 0000000000000000000000000000000000000000..df43aed406db776f03cf7e8d620267c2166cd85a
--- /dev/null
+++ b/docs/en/docs/Container/local-volume-management.md
@@ -0,0 +1,206 @@
+#Local Volume Management
+
+
+
+- [Local Volume Management](#local-volume-management)
+ - [Overview](#overview)
+ - [Precautions](#precautions)
+ - [Usage](#usage)
+ - [Using the -v Option to Mount Data](#using-the--v-option-to-mount-data)
+ - [**Format**](#format)
+ - [**Functions**](#functions)
+ - [**Parameter Description**](#parameter-description)
+ - [**Examples**](#examples)
+ - [Using the --mount Option to Mount Data](#using-the---mount-option-to-mount-data)
+ - [**Format**](#format-1)
+ - [**Functions**](#functions-1)
+ - [**Parameter Description**](#parameter-description-1)
+ - [**Examples**](#examples-1)
+ - [Reusing the Mounting Configuration in Other Containers](#reusing-the-mounting-configuration-in-other-containers)
+ - [**Format**](#format-2)
+ - [**Functions**](#functions-2)
+ - [**Parameter Description**](#parameter-description-2)
+ - [**Examples**](#examples-2)
+ - [Using the Anonymous Volume in an Image](#using-the-anonymous-volume-in-an-image)
+ - [Querying a Volume](#querying-a-volume)
+ - [**Format**](#format-3)
+ - [**Functions**](#functions-3)
+ - [**Parameter Description**](#parameter-description-3)
+ - [**Examples**](#examples-3)
+ - [Deleting a Volume](#deleting-a-volume)
+ - [**Format**](#format-4)
+ - [**Functions**](#functions-4)
+ - [**Parameter Description**](#parameter-description-4)
+ - [**Examples**](#examples-4)
+ - [Precautions](#precautions-1)
+ - [Conflict Combination Rules](#conflict-combination-rules)
+ - [Differences Between iSula and Docker](#differences-between-isula-and-docker)
+
+
+
+## Overview
+
+After a container managed by iSula is destroyed, all data in the container is destroyed. If you want to retain data after the container is destroyed, a data persistence mechanism is required. iSula allows files, directories, or volumes on a host to be mounted to a container at runtime. You can write the data to be persisted to the mount point in the container. After the container is destroyed, the files, directories, and volumes on the host are retained. If you need to delete a file, directory, or volume on the host, you can manually delete the file or directory, or run the iSula command to delete the volume. Currently, the iSula supports only local volume management. Local volumes are classified into named volumes and anonymous volumes. A volume whose name is specified by a user is called a named volume. If a user does not specify a name for a volume, iSula automatically generates a name (a 64-bit random number) for the volume, that is, an anonymous volume.
+
+The following describes how to use iSula to manage local volumes.
+
+## Precautions
+
+- The volume name contains 2 to 64 characters and complies with the regular expression ^[a-zA-Z0-9][a-zA-Z0-9_.-]{1,63}$. That is, the first character of the volume name must be a letter or digit, and other characters can be letters, digits, underscores (_), periods (.), and hyphens (-).
+- During container creation, if data exists at the mount point of the container corresponding to the volume, the data is copied to the volume by default. If the iSula breaks down or restarts or the system is powered off during the copy process, the data in the volume may be incomplete. In this case, you need to manually delete the volume or the data in the volume to ensure that the data is correct and complete.
+
+## Usage
+
+### Using the -v Option to Mount Data
+
+#### **Format**
+
+```shell
+isula run -v [SRC:]DST[:MODE,MODE...] IMAGE
+```
+
+#### **Functions**
+
+When you create and run a container, use the -v/--volume option to mount the files, directories, or volumes on the host to the container for data persistence.
+
+#### **Parameter Description**
+- SRC: Path of the file, directory, or volume to be mounted on the host. If the value is an absolute path, a file or folder on the host is mounted. If the value is a volume name, a volume is mounted. If this parameter is not specified, an anonymous volume is mounted. If a folder or volume does not exist, iSula creates a folder or volume and then mounts it.
+- DST: Mount path in the container. The value must be an absolute path.
+- MODE: When the source to be mounted is a directory or file, the valid parameters are ro, rw, z, Z, private, rprivate, slave, rslave, shared, and rshared. Only one parameter of the same type can be configured. If the source is a volume, the valid parameters are ro, rw, z, Z, and nocopy. Only one parameter of the same type can be configured. Use commas (,) to separate multiple attributes. The parameters are described as follows:
+
+| Parameter | Description |
+| -------- | -----------------------------------------------|
+| ro | The mount point in the container is mounted in read-only mode. |
+| rw | The mount point in the container is mounted in read/write mode. |
+| z | If SELinux is enabled, add the SELinux share label during mounting. |
+| Z | If SELinux is enabled, add the SELinux private label during mounting. |
+| private | The mount point in the container is mounted in private propagation mode. |
+| rprivate | The mount point in the container is recursively mounted in private propagation mode. |
+| slave | The mount point in the container is mounted in subordinate propagation mode. |
+| rslave | The mount point in the container is recursively mounted in subordinate propagation mode. |
+| shared | The mount point in the container is mounted in shared propagation mode. |
+| rshared | The mount point in the container is recursively mounted in shared propagation mode. |
+| nocopy | Data at the mount point is not copied. If this parameter is not set, data is copied by default. In addition, if data already exists in the volume, the data will not be copied. |
+
+
+#### **Examples**
+Run the container based on BusyBox, create or mount a volume named vol to the /vol directory of the container, and set the mount point to read-only. In addition, if data exists at the mount point in the container, the data is not copied.
+```shell
+isula run -v vol:/vol:ro,nocopy busybox
+```
+
+### Using the --mount Option to Mount Data
+
+#### **Format**
+```shell
+isula run --mount [type=TYPE,][src=SRC,]dst=DST[,KEY=VALUE] busybox
+```
+
+#### **Functions**
+When you create and run a container, use the --mount option to mount the files, directories, or volumes on the host to the container for data persistence.
+
+#### **Parameter Description**
+- type: Type of data mounted to the container. The value can be bind, volume, or squashfs. If this parameter is not specified, the default value is volume.
+- src: Path of the file, directory, or volume to be mounted on the host. If the value is an absolute path, the file or directory on the host is mounted. If the value is a volume name, a volume is mounted. If this parameter is not specified, the volume is an anonymous volume. If a folder or volume does not exist, iSula creates a file or volume and then mounts it. The keyword src is also called source.
+- dst: Mount path in the container. The value must be an absolute path. The keyword dst is also called destination or target.
+- KEY=VALUE: Parameter of --mount. The values are as follows:
+
+| KEY | VALUE |
+| ------------------------------ | --------------------------------------------------------------------------- |
+| selinux-opts/bind-selinux-opts | z or Z. z indicates that if SELinux is enabled, the SELinux share label is added during mounting. Z indicates that if SELinux is enabled, the SELinux private label is added during mounting.
+| ro/readonly | 0/false indicates that the mount is read/write. 1/true indicates that the mount is read-only. If this parameter is not specified, the mount is read-only. The parameter is supported only when type is set to bind. |
+| volume-nocopy | Data at the mount point is not copied. If this parameter is not specified, data is copied by default. In addition, if data already exists in the volume, the data will not be copied. This parameter is supported only when type is set to volume. |
+
+#### **Examples**
+Run the container based on BusyBox, create or mount a volume named vol to the /vol directory of the container, and set the mount point to read-only. In addition, if data exists at the mount point in the container, the data is not copied.
+```shell
+isula run --mount type=volume,src=vol,dst=/vol,ro=true,volume-nocopy=true busybox
+```
+
+### Reusing the Mounting Configuration in Other Containers
+
+#### **Format**
+```shell
+isula run --volumes-from CON1[:MODE] busybox
+```
+
+#### **Functions**
+When you create and run a container, use the --volumes-from option to indicate that the mount point configuration includes that of the CON1 container. You can set multiple --volumes-from options.
+
+#### **Parameter Description**
+- CON1: Name or ID of the container whose mount point is reused.
+- MODE: If the value is ro, the mount point is read-only. If the value is rw, the mount point is read/write.
+
+#### **Examples**
+Assume that a container named container1 has been configured with a volume vol1 to the container directory /vol1, and a container named container2 has been configured with a volume vol2 to the container directory /vol2. Run a new container to reuse the mounting configuration of container1 and container2. That is, volume vol1 is mounted to the /vol1 directory of the container, and volume vol2 is mounted to the /vol2 directory of the container.
+```shell
+isula run --volumes-from container1 --volumes-from container2 busbyox
+```
+
+### Using the Anonymous Volume in an Image
+
+You do not need to perform any configuration to use the anonymous volume in the image. If an anonymous volume is configured in the image, iSula automatically creates an anonymous volume and mounts it to the specified path in the image at container runtime. You can write data to the mount point of an anonymous volume in a container for data persistence.
+
+### Querying a Volume
+
+#### **Format**
+```shell
+isula volume ls [OPTIONS]
+```
+
+#### **Functions**
+This command is used to query all volumes managed by iSula.
+
+#### **Parameter Description**
+Option:
+- -q,--quit: If this parameter is not specified, only the volume driver information and volume name are queried by default. If this parameter is specified, only the volume name is queried.
+
+#### **Examples**
+This command is used to query all volumes managed by iSula and return only the volume name.
+```shell
+isula volume ls -q
+```
+
+### Deleting a Volume
+
+#### **Format**
+```
+isula volume rm [OPTIONS] VOLUME [VOLUME...]
+isula volume prune [OPTIONS]
+```
+
+#### **Functions**
+- rm: deletes a specified volume. If the volume is used by a container, the volume fails to be deleted.
+- prune: deletes all volumes that are not used by containers.
+
+#### **Parameter Description**
+OPTIONS in the prune command:
+- -f,--force: specifies that the system does not display a message asking you whether to delete the volume. By default, a risk message is displayed. You need to enter y to continue the operation.
+
+#### **Examples**
+Delete volumes vol1 and vol2.
+```shell
+isula volume rm vol1 vol2
+```
+Delete all unused volumes in the following format. No risk message is displayed.
+```shell
+isula volume prune -f
+```
+
+### Precautions
+
+#### Conflict Combination Rules
+If a volume mount point conflict occurs, perform the following operations:
+- If configurations of -v and --mount conflict, a failure message is returned.
+- If the configuration obtained from --volumes-from conflicts with the -v or --mount configuration, the configuration is discarded.
+- If the anonymous volume configuration in the image conflicts with the -v, --mount, or --volumes-from configuration, the configuration is discarded.
+
+#### Differences Between iSula and Docker
+| iSula Behavior | Docker Behavior |
+| ------------------------------------------- | ------------------------------------------- |
+| The volume name can contain a maximum of 64 characters. | The length of the volume name is not limited. |
+| If the source to be mounted does not exist, the --mount parameter is created. | If the source to be mounted does not exist, an error is reported. |
+| The --mount parameter supports the z or Z parameter configuration in bind-selinux-opts and selinux-opts. | The --mount parameter does not support the parameter configuration in the bind-selinux-opts and selinux-opts. |
+| Rules for combining mount point conflicts are not processed. | The anonymous volume specified by -v is processed as the anonymous volume in the image. |
+| The volume prune command displays the space that has been reclaimed. | The volume prune command does not display the space that has been reclaimed. |
+| -v, --mount, and --volumes-from are configured in hostconfig, and the anonymous volume is configured in config. | The anonymous volume specified by -v is configured in config, and other configurations are configured in hostconfig. |
diff --git a/docs/en/docs/20.09/docs/Container/managing-the-lifecycle-of-a-secure-container.md b/docs/en/docs/Container/managing-the-lifecycle-of-a-secure-container.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/managing-the-lifecycle-of-a-secure-container.md
rename to docs/en/docs/Container/managing-the-lifecycle-of-a-secure-container.md
diff --git a/docs/en/docs/20.09/docs/Container/maximum-number-of-handles.md b/docs/en/docs/Container/maximum-number-of-handles.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/maximum-number-of-handles.md
rename to docs/en/docs/Container/maximum-number-of-handles.md
diff --git a/docs/en/docs/20.09/docs/Container/monitoring-secure-containers.md b/docs/en/docs/Container/monitoring-secure-containers.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/monitoring-secure-containers.md
rename to docs/en/docs/Container/monitoring-secure-containers.md
diff --git a/docs/en/docs/20.09/docs/Container/privileged-container.md b/docs/en/docs/Container/privileged-container.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/privileged-container.md
rename to docs/en/docs/Container/privileged-container.md
diff --git a/docs/en/docs/20.09/docs/Container/public_sys-resources/icon-caution.gif b/docs/en/docs/Container/public_sys-resources/icon-caution.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/public_sys-resources/icon-caution.gif
rename to docs/en/docs/Container/public_sys-resources/icon-caution.gif
diff --git a/docs/en/docs/20.09/docs/Container/public_sys-resources/icon-danger.gif b/docs/en/docs/Container/public_sys-resources/icon-danger.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/public_sys-resources/icon-danger.gif
rename to docs/en/docs/Container/public_sys-resources/icon-danger.gif
diff --git a/docs/en/docs/20.09/docs/Container/public_sys-resources/icon-note.gif b/docs/en/docs/Container/public_sys-resources/icon-note.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/public_sys-resources/icon-note.gif
rename to docs/en/docs/Container/public_sys-resources/icon-note.gif
diff --git a/docs/en/docs/20.09/docs/Container/public_sys-resources/icon-notice.gif b/docs/en/docs/Container/public_sys-resources/icon-notice.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/public_sys-resources/icon-notice.gif
rename to docs/en/docs/Container/public_sys-resources/icon-notice.gif
diff --git a/docs/en/docs/20.09/docs/Container/public_sys-resources/icon-tip.gif b/docs/en/docs/Container/public_sys-resources/icon-tip.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/public_sys-resources/icon-tip.gif
rename to docs/en/docs/Container/public_sys-resources/icon-tip.gif
diff --git a/docs/en/docs/20.09/docs/Container/public_sys-resources/icon-warning.gif b/docs/en/docs/Container/public_sys-resources/icon-warning.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/public_sys-resources/icon-warning.gif
rename to docs/en/docs/Container/public_sys-resources/icon-warning.gif
diff --git a/docs/en/docs/20.09/docs/Container/querying-information.md b/docs/en/docs/Container/querying-information.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/querying-information.md
rename to docs/en/docs/Container/querying-information.md
diff --git a/docs/en/docs/20.09/docs/Container/reboot-or-shutdown-in-a-container.md b/docs/en/docs/Container/reboot-or-shutdown-in-a-container.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/reboot-or-shutdown-in-a-container.md
rename to docs/en/docs/Container/reboot-or-shutdown-in-a-container.md
diff --git a/docs/en/docs/20.09/docs/Container/secure-container.md b/docs/en/docs/Container/secure-container.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/secure-container.md
rename to docs/en/docs/Container/secure-container.md
diff --git a/docs/en/docs/20.09/docs/Container/security-and-isolation.md b/docs/en/docs/Container/security-and-isolation.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/security-and-isolation.md
rename to docs/en/docs/Container/security-and-isolation.md
diff --git a/docs/en/docs/20.09/docs/Container/security-features.md b/docs/en/docs/Container/security-features.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/security-features.md
rename to docs/en/docs/Container/security-features.md
diff --git a/docs/en/docs/20.09/docs/Container/shared-memory-channels.md b/docs/en/docs/Container/shared-memory-channels.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/shared-memory-channels.md
rename to docs/en/docs/Container/shared-memory-channels.md
diff --git a/docs/en/docs/20.09/docs/Container/specifying-rootfs-to-create-a-container.md b/docs/en/docs/Container/specifying-rootfs-to-create-a-container.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/specifying-rootfs-to-create-a-container.md
rename to docs/en/docs/Container/specifying-rootfs-to-create-a-container.md
diff --git a/docs/en/docs/20.09/docs/Container/statistics.md b/docs/en/docs/Container/statistics.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/statistics.md
rename to docs/en/docs/Container/statistics.md
diff --git a/docs/en/docs/20.09/docs/Container/supporting-oci-hooks.md b/docs/en/docs/Container/supporting-oci-hooks.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/supporting-oci-hooks.md
rename to docs/en/docs/Container/supporting-oci-hooks.md
diff --git a/docs/en/docs/20.09/docs/Container/system-container.md b/docs/en/docs/Container/system-container.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/system-container.md
rename to docs/en/docs/Container/system-container.md
diff --git a/docs/en/docs/20.09/docs/Container/uninstallation.md b/docs/en/docs/Container/uninstallation.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/uninstallation.md
rename to docs/en/docs/Container/uninstallation.md
diff --git a/docs/en/docs/20.09/docs/Container/upgrade-methods.md b/docs/en/docs/Container/upgrade-methods.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/upgrade-methods.md
rename to docs/en/docs/Container/upgrade-methods.md
diff --git a/docs/en/docs/20.09/docs/Container/usage-guide.md b/docs/en/docs/Container/usage-guide.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/usage-guide.md
rename to docs/en/docs/Container/usage-guide.md
diff --git a/docs/en/docs/20.09/docs/Container/using-systemd-to-start-a-container.md b/docs/en/docs/Container/using-systemd-to-start-a-container.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/using-systemd-to-start-a-container.md
rename to docs/en/docs/Container/using-systemd-to-start-a-container.md
diff --git a/docs/en/docs/20.09/docs/Container/writable-namespace-kernel-parameters.md b/docs/en/docs/Container/writable-namespace-kernel-parameters.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Container/writable-namespace-kernel-parameters.md
rename to docs/en/docs/Container/writable-namespace-kernel-parameters.md
diff --git a/docs/en/docs/20.09/docs/Installation/FAQ1.md b/docs/en/docs/Installation/FAQ1.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/FAQ1.md
rename to docs/en/docs/Installation/FAQ1.md
diff --git a/docs/en/docs/20.09/docs/Installation/Installation-Guide1.md b/docs/en/docs/Installation/Installation-Guide1.md
similarity index 98%
rename from docs/en/docs/20.09/docs/Installation/Installation-Guide1.md
rename to docs/en/docs/Installation/Installation-Guide1.md
index 8635903bf32c5430eb7f311ee485b3ec6de60780..fb04710969679e2d92578dfcfbf9ce32373c4226 100644
--- a/docs/en/docs/20.09/docs/Installation/Installation-Guide1.md
+++ b/docs/en/docs/Installation/Installation-Guide1.md
@@ -23,7 +23,7 @@ You can log in to the Raspberry Pi in either of the following ways:
1. Local login
- Connect the Raspberry Pi to the monitor (the Raspberry Pi video output interface is Micro HDMI), keyboard, and mouse, and start the Raspberry Pi. The Raspberry Pi startup log is displayed on the monitor. After Raspberry Pi is started, enter the user name **root** and password **openEuler12#$** to log in.
+ Connect the Raspberry Pi to the monitor (the Raspberry Pi video output interface is Micro HDMI), keyboard, and mouse, and start the Raspberry Pi. The Raspberry Pi startup log is displayed on the monitor. After Raspberry Pi is started, enter the user name **root** and password **openeuler** to log in.
2. SSH remote login
@@ -32,7 +32,7 @@ You can log in to the Raspberry Pi in either of the following ways:
**Figure 1** Obtain the IP address
- According to the preceding figure, the IP address of the Raspberry Pi is **192.168.31.109**. You can run the `ssh root@192.168.1.109` command and enter the password `openEuler12#$` to remotely log in to the Raspberry Pi.
+ According to the preceding figure, the IP address of the Raspberry Pi is **192.168.31.109**. You can run the `ssh root@192.168.1.109` command and enter the password `openeuler` to remotely log in to the Raspberry Pi.
## Configuring the System
diff --git a/docs/en/docs/20.09/docs/Installation/Installation-Modes1.md b/docs/en/docs/Installation/Installation-Modes1.md
similarity index 86%
rename from docs/en/docs/20.09/docs/Installation/Installation-Modes1.md
rename to docs/en/docs/Installation/Installation-Modes1.md
index 03b6bc1b1cfa74e862c3211b1df212207e4dc9a7..9460054cfaf3b9441a55d6d0635b2168aa52867b 100644
--- a/docs/en/docs/20.09/docs/Installation/Installation-Modes1.md
+++ b/docs/en/docs/Installation/Installation-Modes1.md
@@ -50,9 +50,9 @@ To format the SD card, perform the following procedure:
### Writing Images to the SD Card
>  **NOTE:**
-If the compressed image file **openEuler-20.09-RaspberryPi.aarch64.img.xz** is obtained, decompress the file to obtain the **openEuler-20.09-RaspberryPi.aarch64.img** image file.
+If the compressed image file **openEuler-20.09-raspi-aarch64.img.xz** is obtained, decompress the file to obtain the **openEuler-20.09-raspi-aarch64.img** image file.
-To write the **openEuler-20.09-RaspberryPi.aarch64.img** image file to the SD card, perform the following procedure:
+To write the **openEuler-20.09-raspi-aarch64.img** image file to the SD card, perform the following procedure:
1. Download and install the tool for writing images. The following operations use the Win32 Disk Imager as an example.
2. Start the Win32 Disk Imager and right-click **Run as administrator**.
@@ -81,11 +81,11 @@ Run the `fdisk -l` command as the root user to obtain the information of the SD
### Writing Images to the SD Card
-1. If the image obtained is compressed, run the `xz -d openEuler-20.09-RaspberryPi.aarch64.img.xz` command to decompress the compressed file to obtain the **openEuler-20.09-RaspberryPi.aarch64.img** image file. Otherwise, skip this step.
+1. If the image obtained is compressed, run the `xz -d openEuler-20.09-raspi-aarch64.img.xz` command to decompress the compressed file to obtain the **openEuler-20.09-raspi-aarch64.img** image file. Otherwise, skip this step.
-2. Run the following command as the root user to write the `openEuler-20.09-RaspberryPi.aarch64.img` image to the SD card:
+2. Run the following command as the root user to write the `openEuler-20.09-raspi-aarch64.img` image to the SD card:
- `dd bs=4M if=openEuler-20.09-RaspberryPi.aarch64.img of=/dev/sdb`
+ `dd bs=4M if=openEuler-20.09-raspi-aarch64.img of=/dev/sdb`
>  **NOTE:** Generally, the block size is set to 4 MB. If the write operation fails or the written image cannot be used, you can set the block size to 1 MB and try again. However, the write operation is time-consuming when the block size is set to 1 MB.
@@ -109,11 +109,11 @@ Run the `diskutil list` command as user root to obtain the information of SD car
### Writing Images to the SD Card
-1. If the image obtained is compressed, run the `xz -d openEuler-20.09-RaspberryPi.aarch64.img.xz` command to decompress the compressed file to obtain the **openEuler-20.09-RaspberryPi.aarch64.img** image file. Otherwise, skip this step.
+1. If the image obtained is compressed, run the `xz -d openEuler-20.09-raspi-aarch64.img.xz` command to decompress the compressed file to obtain the **openEuler-20.09-raspi-aarch64.img** image file. Otherwise, skip this step.
-2. Run the following command as the root user to write the image `openEuler-20.09-RaspberryPi.aarch64.img` to the SD card:
+2. Run the following command as the root user to write the image `openEuler-20.09-raspi-aarch64.img` to the SD card:
- `dd bs=4m if=openEuler-20.09-RaspberryPi.aarch64.img of=/dev/sdb`
+ `dd bs=4m if=openEuler-20.09-raspi-aarch64.img of=/dev/sdb`
>  **NOTE:**
>
diff --git a/docs/en/docs/20.09/docs/Installation/Installation-Preparations1.md b/docs/en/docs/Installation/Installation-Preparations1.md
similarity index 93%
rename from docs/en/docs/20.09/docs/Installation/Installation-Preparations1.md
rename to docs/en/docs/Installation/Installation-Preparations1.md
index ae727558f3ae6a1acef9022f7b023c29030ed270..d7659a1e2ba2834105ce6c1e86bd38373c1c64e5 100644
--- a/docs/en/docs/20.09/docs/Installation/Installation-Preparations1.md
+++ b/docs/en/docs/Installation/Installation-Preparations1.md
@@ -32,9 +32,9 @@ Before installation, obtain the openEuler Raspberry Pi image and its verificatio
6. Click **aarch64** to download the Raspberry Pi AArch64 image download list.
-7. Click **openEuler-20.09-RaspberryPi.aarch64.img.xz** to download the openEuler Raspberry Pi image to the local PC.
+7. Click **openEuler-20.09-raspi-aarch64.img.xz** to download the openEuler Raspberry Pi image to the local PC.
-8. Click **openEuler-20.09-RaspberryPi.aarch64.img.xz.sha256sum** to download the verification file of the openEuler Raspberry Pi image to the local PC.
+8. Click **openEuler-20.09-raspi-aarch64.img.xz.sha256sum** to download the verification file of the openEuler Raspberry Pi image to the local PC.
## Verifying the Image Integrity
@@ -48,9 +48,9 @@ Compare the verification value recorded in the verification file with the verifi
Before verifying the integrity of the image file, ensure that the following files are available:
-Image file: **openEuler-20.09-RaspberryPi.aarch64.img.xz**
+Image file: **openEuler-20.09-raspi-aarch64.img.xz**
-Verification file: **openEuler-20.09-RaspberryPi.aarch64.img.xz.sha256sum**
+Verification file: **openEuler-20.09-raspi-aarch64.img.xz.sha256sum**
### Procedure
@@ -59,13 +59,13 @@ To verify the file integrity, perform the following procedure:
1. Obtain the verification value from the verification file. Run the following command:
```
- $ cat openEuler-20.09-RaspberryPi.aarch64.img.xz.sha256sum
+ $ cat openEuler-20.09-raspi-aarch64.img.xz.sha256sum
```
2. Calculate the SHA256 verification value of the file. Run the following command:
```
- $ sha256sum openEuler-20.09-RaspberryPi.aarch64.img.xz
+ $ sha256sum openEuler-20.09-raspi-aarch64.img.xz
```
After the command is executed, the verification value is displayed.
diff --git a/docs/en/docs/20.09/docs/Installation/Installation.md b/docs/en/docs/Installation/Installation.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/Installation.md
rename to docs/en/docs/Installation/Installation.md
diff --git a/docs/en/docs/20.09/docs/Installation/More-Resources.md b/docs/en/docs/Installation/More-Resources.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/More-Resources.md
rename to docs/en/docs/Installation/More-Resources.md
diff --git a/docs/en/docs/20.09/docs/Installation/faqs.md b/docs/en/docs/Installation/faqs.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/faqs.md
rename to docs/en/docs/Installation/faqs.md
diff --git a/docs/en/docs/20.09/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png b/docs/en/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png
rename to docs/en/docs/Installation/figures/adding-the-inst-noverifyssl-parameter.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/advanced-user-configuration.png b/docs/en/docs/Installation/figures/advanced-user-configuration.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/advanced-user-configuration.png
rename to docs/en/docs/Installation/figures/advanced-user-configuration.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/bios.png b/docs/en/docs/Installation/figures/bios.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/bios.png
rename to docs/en/docs/Installation/figures/bios.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/change.png b/docs/en/docs/Installation/figures/change.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/change.png
rename to docs/en/docs/Installation/figures/change.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/completing-the-automatic-installation.png b/docs/en/docs/Installation/figures/completing-the-automatic-installation.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/completing-the-automatic-installation.png
rename to docs/en/docs/Installation/figures/completing-the-automatic-installation.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/completing-the-installation.png b/docs/en/docs/Installation/figures/completing-the-installation.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/completing-the-installation.png
rename to docs/en/docs/Installation/figures/completing-the-installation.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/creating-a-user.png b/docs/en/docs/Installation/figures/creating-a-user.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/creating-a-user.png
rename to docs/en/docs/Installation/figures/creating-a-user.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/dateandtime.png b/docs/en/docs/Installation/figures/dateandtime.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/dateandtime.png
rename to docs/en/docs/Installation/figures/dateandtime.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/dialog-box-showing-no-bootable-device.png b/docs/en/docs/Installation/figures/dialog-box-showing-no-bootable-device.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/dialog-box-showing-no-bootable-device.png
rename to docs/en/docs/Installation/figures/dialog-box-showing-no-bootable-device.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/disk-encryption-password.png b/docs/en/docs/Installation/figures/disk-encryption-password.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/disk-encryption-password.png
rename to docs/en/docs/Installation/figures/disk-encryption-password.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/drive-icon.png b/docs/en/docs/Installation/figures/drive-icon.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/drive-icon.png
rename to docs/en/docs/Installation/figures/drive-icon.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291229.png b/docs/en/docs/Installation/figures/en-us_image_0229291229.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291229.png
rename to docs/en/docs/Installation/figures/en-us_image_0229291229.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291236.png b/docs/en/docs/Installation/figures/en-us_image_0229291236.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291236.png
rename to docs/en/docs/Installation/figures/en-us_image_0229291236.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291243.png b/docs/en/docs/Installation/figures/en-us_image_0229291243.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291243.png
rename to docs/en/docs/Installation/figures/en-us_image_0229291243.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291247.png b/docs/en/docs/Installation/figures/en-us_image_0229291247.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291247.png
rename to docs/en/docs/Installation/figures/en-us_image_0229291247.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291264.jpg b/docs/en/docs/Installation/figures/en-us_image_0229291264.jpg
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291264.jpg
rename to docs/en/docs/Installation/figures/en-us_image_0229291264.jpg
diff --git a/docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291270.png b/docs/en/docs/Installation/figures/en-us_image_0229291270.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291270.png
rename to docs/en/docs/Installation/figures/en-us_image_0229291270.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291272.png b/docs/en/docs/Installation/figures/en-us_image_0229291272.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291272.png
rename to docs/en/docs/Installation/figures/en-us_image_0229291272.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291280.png b/docs/en/docs/Installation/figures/en-us_image_0229291280.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291280.png
rename to docs/en/docs/Installation/figures/en-us_image_0229291280.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291286.png b/docs/en/docs/Installation/figures/en-us_image_0229291286.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229291286.png
rename to docs/en/docs/Installation/figures/en-us_image_0229291286.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229420473.png b/docs/en/docs/Installation/figures/en-us_image_0229420473.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/en-us_image_0229420473.png
rename to docs/en/docs/Installation/figures/en-us_image_0229420473.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/en-us_image_0231657950.png b/docs/en/docs/Installation/figures/en-us_image_0231657950.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/en-us_image_0231657950.png
rename to docs/en/docs/Installation/figures/en-us_image_0231657950.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/enforce-secure-boot.png b/docs/en/docs/Installation/figures/enforce-secure-boot.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/enforce-secure-boot.png
rename to docs/en/docs/Installation/figures/enforce-secure-boot.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/error-message.png b/docs/en/docs/Installation/figures/error-message.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/error-message.png
rename to docs/en/docs/Installation/figures/error-message.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/image-dialog-box.png b/docs/en/docs/Installation/figures/image-dialog-box.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/image-dialog-box.png
rename to docs/en/docs/Installation/figures/image-dialog-box.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/installation-process.png b/docs/en/docs/Installation/figures/installation-process.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/installation-process.png
rename to docs/en/docs/Installation/figures/installation-process.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/installation-summary.png b/docs/en/docs/Installation/figures/installation-summary.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/installation-summary.png
rename to docs/en/docs/Installation/figures/installation-summary.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/installation-wizard.png b/docs/en/docs/Installation/figures/installation-wizard.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/installation-wizard.png
rename to docs/en/docs/Installation/figures/installation-wizard.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/languagesupport.png b/docs/en/docs/Installation/figures/languagesupport.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/languagesupport.png
rename to docs/en/docs/Installation/figures/languagesupport.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/manual-partitioning-page.png b/docs/en/docs/Installation/figures/manual-partitioning-page.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/manual-partitioning-page.png
rename to docs/en/docs/Installation/figures/manual-partitioning-page.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/password-of-the-root-account.png b/docs/en/docs/Installation/figures/password-of-the-root-account.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/password-of-the-root-account.png
rename to docs/en/docs/Installation/figures/password-of-the-root-account.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/restart-icon.png b/docs/en/docs/Installation/figures/restart-icon.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/restart-icon.png
rename to docs/en/docs/Installation/figures/restart-icon.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/security.png b/docs/en/docs/Installation/figures/security.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/security.png
rename to docs/en/docs/Installation/figures/security.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/selecting-a-language.png b/docs/en/docs/Installation/figures/selecting-a-language.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/selecting-a-language.png
rename to docs/en/docs/Installation/figures/selecting-a-language.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/selecting-installation-software.png b/docs/en/docs/Installation/figures/selecting-installation-software.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/selecting-installation-software.png
rename to docs/en/docs/Installation/figures/selecting-installation-software.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/semi-automatic-installation.png b/docs/en/docs/Installation/figures/semi-automatic-installation.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/semi-automatic-installation.png
rename to docs/en/docs/Installation/figures/semi-automatic-installation.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/setting-a-system-language.png b/docs/en/docs/Installation/figures/setting-a-system-language.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/setting-a-system-language.png
rename to docs/en/docs/Installation/figures/setting-a-system-language.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/setting-date-and-time.png b/docs/en/docs/Installation/figures/setting-date-and-time.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/setting-date-and-time.png
rename to docs/en/docs/Installation/figures/setting-date-and-time.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/setting-the-installation-destination.png b/docs/en/docs/Installation/figures/setting-the-installation-destination.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/setting-the-installation-destination.png
rename to docs/en/docs/Installation/figures/setting-the-installation-destination.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/setting-the-installation-source.png b/docs/en/docs/Installation/figures/setting-the-installation-source.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/setting-the-installation-source.png
rename to docs/en/docs/Installation/figures/setting-the-installation-source.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/setting-the-keyboard-layout.png b/docs/en/docs/Installation/figures/setting-the-keyboard-layout.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/setting-the-keyboard-layout.png
rename to docs/en/docs/Installation/figures/setting-the-keyboard-layout.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/setting-the-network-and-host-name.png b/docs/en/docs/Installation/figures/setting-the-network-and-host-name.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/setting-the-network-and-host-name.png
rename to docs/en/docs/Installation/figures/setting-the-network-and-host-name.png
diff --git a/docs/en/docs/20.09/docs/Installation/figures/starting-installation.png b/docs/en/docs/Installation/figures/starting-installation.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/figures/starting-installation.png
rename to docs/en/docs/Installation/figures/starting-installation.png
diff --git a/docs/en/docs/Installation/install-UKUI.md b/docs/en/docs/Installation/install-UKUI.md
new file mode 100644
index 0000000000000000000000000000000000000000..47cb91109d4d80e8440a449b76c33e95e679a166
--- /dev/null
+++ b/docs/en/docs/Installation/install-UKUI.md
@@ -0,0 +1,29 @@
+# UKUI installation
+UKUI is a Linux desktop built by the KylinSoft software team over the years, primarily based on GTK and QT. Compared to other UI interfaces, UKUI is easy to use. The components of UKUI are small and low coupling, can run alone without relying on other suites. It can provide user a friendly and efficient experience.
+
+UKUI supports both x86_64 and aarch64 architectures.
+
+We recommend you create a new administrator user before install UKUI.
+
+1. [download](https://openeuler.org/zh/download/) openEuler ISO and update the software source.
+```
+sudo dnf update
+```
+2. install UKUI
+```
+sudo dnf install ukui
+```
+Note: In order to install UKUI, we need libdbusmenu package. This package requires python2 which conflicts with package python3-unversioned-command(this package provides a symlink to /usr/bin/python3). Use `rpm -e --nodeps python3-unversioned-command` to uninstall python3-unversioned-command. After installation complete, you can restore the settings of the package with the following command.
+```
+ln -s /usr/bin/python3 /usr/bin/python
+```
+3. install fonts
+```
+sudo dnf groupinstall fonts
+```
+4. If you want to start with graphical interface after confirming the installation, please run this code and reboot.
+
+```
+systemctl set-default graphical.target
+```
+At present, UKUI version is still constantly updated. Please check the latest installation method: [https://gitee.com/openkylin/ukui-issues](https://gitee.com/openkylin/ukui-issues).
\ No newline at end of file
diff --git a/docs/en/docs/20.09/docs/Installation/install-pi.md b/docs/en/docs/Installation/install-pi.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/install-pi.md
rename to docs/en/docs/Installation/install-pi.md
diff --git a/docs/en/docs/20.09/docs/Installation/install-server.md b/docs/en/docs/Installation/install-server.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/install-server.md
rename to docs/en/docs/Installation/install-server.md
diff --git a/docs/en/docs/20.09/docs/Installation/installation-guideline.md b/docs/en/docs/Installation/installation-guideline.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/installation-guideline.md
rename to docs/en/docs/Installation/installation-guideline.md
diff --git a/docs/en/docs/20.09/docs/Installation/installation-mode.md b/docs/en/docs/Installation/installation-mode.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/installation-mode.md
rename to docs/en/docs/Installation/installation-mode.md
diff --git a/docs/en/docs/20.09/docs/Installation/installation-preparations.md b/docs/en/docs/Installation/installation-preparations.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/installation-preparations.md
rename to docs/en/docs/Installation/installation-preparations.md
diff --git a/docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-caution.gif b/docs/en/docs/Installation/public_sys-resources/icon-caution.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-caution.gif
rename to docs/en/docs/Installation/public_sys-resources/icon-caution.gif
diff --git a/docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-danger.gif b/docs/en/docs/Installation/public_sys-resources/icon-danger.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-danger.gif
rename to docs/en/docs/Installation/public_sys-resources/icon-danger.gif
diff --git a/docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-note.gif b/docs/en/docs/Installation/public_sys-resources/icon-note.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-note.gif
rename to docs/en/docs/Installation/public_sys-resources/icon-note.gif
diff --git a/docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-notice.gif b/docs/en/docs/Installation/public_sys-resources/icon-notice.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-notice.gif
rename to docs/en/docs/Installation/public_sys-resources/icon-notice.gif
diff --git a/docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-tip.gif b/docs/en/docs/Installation/public_sys-resources/icon-tip.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-tip.gif
rename to docs/en/docs/Installation/public_sys-resources/icon-tip.gif
diff --git a/docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-warning.gif b/docs/en/docs/Installation/public_sys-resources/icon-warning.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/public_sys-resources/icon-warning.gif
rename to docs/en/docs/Installation/public_sys-resources/icon-warning.gif
diff --git a/docs/en/docs/20.09/docs/Installation/using-kickstart-for-automatic-installation.md b/docs/en/docs/Installation/using-kickstart-for-automatic-installation.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Installation/using-kickstart-for-automatic-installation.md
rename to docs/en/docs/Installation/using-kickstart-for-automatic-installation.md
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/adding-the-inst-noverifyssl-parameter.png b/docs/en/docs/Quickstart/figures/adding-the-inst-noverifyssl-parameter.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/adding-the-inst-noverifyssl-parameter.png
rename to docs/en/docs/Quickstart/figures/adding-the-inst-noverifyssl-parameter.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/advanced-user-configuration.png b/docs/en/docs/Quickstart/figures/advanced-user-configuration.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/advanced-user-configuration.png
rename to docs/en/docs/Quickstart/figures/advanced-user-configuration.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/change.png b/docs/en/docs/Quickstart/figures/change.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/change.png
rename to docs/en/docs/Quickstart/figures/change.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/completing-the-installation.png b/docs/en/docs/Quickstart/figures/completing-the-installation.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/completing-the-installation.png
rename to docs/en/docs/Quickstart/figures/completing-the-installation.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/creating-a-user.png b/docs/en/docs/Quickstart/figures/creating-a-user.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/creating-a-user.png
rename to docs/en/docs/Quickstart/figures/creating-a-user.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/dateandtime.png b/docs/en/docs/Quickstart/figures/dateandtime.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/dateandtime.png
rename to docs/en/docs/Quickstart/figures/dateandtime.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/drive-icon.png b/docs/en/docs/Quickstart/figures/drive-icon.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/drive-icon.png
rename to docs/en/docs/Quickstart/figures/drive-icon.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/en-us_image_0229420473.png b/docs/en/docs/Quickstart/figures/en-us_image_0229420473.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/en-us_image_0229420473.png
rename to docs/en/docs/Quickstart/figures/en-us_image_0229420473.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/image-dialog-box.png b/docs/en/docs/Quickstart/figures/image-dialog-box.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/image-dialog-box.png
rename to docs/en/docs/Quickstart/figures/image-dialog-box.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/installation-process.png b/docs/en/docs/Quickstart/figures/installation-process.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/installation-process.png
rename to docs/en/docs/Quickstart/figures/installation-process.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/installation-summary.png b/docs/en/docs/Quickstart/figures/installation-summary.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/installation-summary.png
rename to docs/en/docs/Quickstart/figures/installation-summary.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/installation-wizard.png b/docs/en/docs/Quickstart/figures/installation-wizard.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/installation-wizard.png
rename to docs/en/docs/Quickstart/figures/installation-wizard.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/languagesupport.png b/docs/en/docs/Quickstart/figures/languagesupport.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/languagesupport.png
rename to docs/en/docs/Quickstart/figures/languagesupport.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/manual-partitioning-page.png b/docs/en/docs/Quickstart/figures/manual-partitioning-page.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/manual-partitioning-page.png
rename to docs/en/docs/Quickstart/figures/manual-partitioning-page.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/password-of-the-root-account.png b/docs/en/docs/Quickstart/figures/password-of-the-root-account.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/password-of-the-root-account.png
rename to docs/en/docs/Quickstart/figures/password-of-the-root-account.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/restart-icon.png b/docs/en/docs/Quickstart/figures/restart-icon.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/restart-icon.png
rename to docs/en/docs/Quickstart/figures/restart-icon.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/selecting-a-language.png b/docs/en/docs/Quickstart/figures/selecting-a-language.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/selecting-a-language.png
rename to docs/en/docs/Quickstart/figures/selecting-a-language.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/selecting-installation-software.png b/docs/en/docs/Quickstart/figures/selecting-installation-software.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/selecting-installation-software.png
rename to docs/en/docs/Quickstart/figures/selecting-installation-software.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/setting-the-boot-device.png b/docs/en/docs/Quickstart/figures/setting-the-boot-device.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/setting-the-boot-device.png
rename to docs/en/docs/Quickstart/figures/setting-the-boot-device.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/setting-the-installation-destination.png b/docs/en/docs/Quickstart/figures/setting-the-installation-destination.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/setting-the-installation-destination.png
rename to docs/en/docs/Quickstart/figures/setting-the-installation-destination.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/setting-the-installation-source.png b/docs/en/docs/Quickstart/figures/setting-the-installation-source.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/setting-the-installation-source.png
rename to docs/en/docs/Quickstart/figures/setting-the-installation-source.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/setting-the-keyboard-layout.png b/docs/en/docs/Quickstart/figures/setting-the-keyboard-layout.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/setting-the-keyboard-layout.png
rename to docs/en/docs/Quickstart/figures/setting-the-keyboard-layout.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/setting-the-network-and-host-name.png b/docs/en/docs/Quickstart/figures/setting-the-network-and-host-name.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/setting-the-network-and-host-name.png
rename to docs/en/docs/Quickstart/figures/setting-the-network-and-host-name.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/figures/starting-installation.png b/docs/en/docs/Quickstart/figures/starting-installation.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/figures/starting-installation.png
rename to docs/en/docs/Quickstart/figures/starting-installation.png
diff --git a/docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-caution.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-caution.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-caution.gif
rename to docs/en/docs/Quickstart/public_sys-resources/icon-caution.gif
diff --git a/docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-danger.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-danger.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-danger.gif
rename to docs/en/docs/Quickstart/public_sys-resources/icon-danger.gif
diff --git a/docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-note.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-note.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-note.gif
rename to docs/en/docs/Quickstart/public_sys-resources/icon-note.gif
diff --git a/docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-notice.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-notice.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-notice.gif
rename to docs/en/docs/Quickstart/public_sys-resources/icon-notice.gif
diff --git a/docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-tip.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-tip.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-tip.gif
rename to docs/en/docs/Quickstart/public_sys-resources/icon-tip.gif
diff --git a/docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-warning.gif b/docs/en/docs/Quickstart/public_sys-resources/icon-warning.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/public_sys-resources/icon-warning.gif
rename to docs/en/docs/Quickstart/public_sys-resources/icon-warning.gif
diff --git a/docs/en/docs/20.09/docs/Quickstart/quick-start.md b/docs/en/docs/Quickstart/quick-start.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Quickstart/quick-start.md
rename to docs/en/docs/Quickstart/quick-start.md
diff --git a/docs/en/docs/20.09/docs/Releasenotes/acknowledgement.md b/docs/en/docs/Releasenotes/acknowledgement.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Releasenotes/acknowledgement.md
rename to docs/en/docs/Releasenotes/acknowledgement.md
diff --git a/docs/en/docs/20.09/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md b/docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md
similarity index 100%
rename from docs/en/docs/20.09/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md
rename to docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md
diff --git a/docs/en/docs/20.09/docs/Releasenotes/contribution.md b/docs/en/docs/Releasenotes/contribution.md
similarity index 62%
rename from docs/en/docs/20.09/docs/Releasenotes/contribution.md
rename to docs/en/docs/Releasenotes/contribution.md
index cdac896b9a5b0634beec67586d09cdd93403958f..5ac221e1384a2093fdbb6effa314b17f5f896add 100644
--- a/docs/en/docs/20.09/docs/Releasenotes/contribution.md
+++ b/docs/en/docs/Releasenotes/contribution.md
@@ -1,22 +1,22 @@
# Contribution
-As an openEuler user, you can contribute to the openEuler community in multiple ways. For details about how to contribute to the community, see [Contributions to the Community](https://openeuler.org/en/developer.html). Here, some methods are listed for reference.
+As an openEuler user, you can contribute to the openEuler community in multiple ways. For details about how to contribute to the community, see [How to Contribute](https://openeuler.org/en/community/contribution/). Here, some methods are listed for reference.
## Special Interest Groups \(SIGs\)
-openEuler brings together people of common interest to form different special interest groups \(SIGs\). For details about existing SIGs, see the [SIG list](https://openeuler.org/en/sig.html).
+openEuler brings together people of common interest to form different special interest groups \(SIGs\). For details about existing SIGs, see the [SIG list](https://openeuler.org/en/sig/sig-list/).
-You are welcome to join an existing SIG or create a SIG. For details about how to create a SIG, see the [SIG Management Procedure](https://gitee.com/openeuler/community/blob/master/zh/technical-committee/governance/README.md).
+You are welcome to join an existing SIG or create a SIG. For details about how to create a SIG, see the [SIG Management Procedure](https://gitee.com/openeuler/community/blob/master/en/technical-committee/governance/README.md).
## Mail List and Tasks
-You are welcome to actively help users solve problems raised in the [mail list](https://openeuler.org/en/community/mails.html) and issues \(including [code repository issues](https://gitee.com/organizations/openeuler/issues) and [software package repository issues](https://gitee.com/organizations/src-openeuler/issues)\). In addition, you can submit an issue. All these will help the openEuler community to develop better.
+You are welcome to actively help users solve problems raised in the [mail list](https://openeuler.org/en/community/mailing-list/) and issues \(including [code repository issues](https://gitee.com/organizations/openeuler/issues) and [software package repository issues](https://gitee.com/organizations/src-openeuler/issues)\). In addition, you can submit an issue. All these will help the openEuler community to develop better.
## Documents
-You can contribute to the community by submitting code. We also welcome your feedback on problems and difficulties, or suggestions on improving the usability and integrity of documents. For example, problems in obtaining software or documents and difficulties in using the system. Welcome to pay attention to and improve the documentation module of the [openEuler community](https://openeuler.org/zh/).
+You can contribute to the community by submitting code. We also welcome your feedback on problems and difficulties, or suggestions on improving the usability and integrity of documents. For example, problems in obtaining software or documents and difficulties in using the system. Welcome to pay attention to and improve the documentation module of the [openEuler community](https://openeuler.org/en/).
## IRC
-openEuler has also opened a channel in IRC as an additional channel to provide community support and interaction. For details, see [openEuler IRC](https://openeuler.org/zh/community/irc.html).
+openEuler has also opened a channel in IRC as an additional channel to provide community support and interaction. For details, see [openEuler IRC](https://gitee.com/openeuler/community/blob/master/en/communication/IRCs.md).
diff --git a/docs/en/docs/20.09/docs/Releasenotes/installing-the-os.md b/docs/en/docs/Releasenotes/installing-the-os.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Releasenotes/installing-the-os.md
rename to docs/en/docs/Releasenotes/installing-the-os.md
diff --git a/docs/en/docs/20.09/docs/Releasenotes/introduction.md b/docs/en/docs/Releasenotes/introduction.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Releasenotes/introduction.md
rename to docs/en/docs/Releasenotes/introduction.md
diff --git a/docs/en/docs/Releasenotes/key-features.md b/docs/en/docs/Releasenotes/key-features.md
new file mode 100644
index 0000000000000000000000000000000000000000..53df363b8522c681741d1df7d0fdc41a6ce5383a
--- /dev/null
+++ b/docs/en/docs/Releasenotes/key-features.md
@@ -0,0 +1,49 @@
+# Key Features
+
+- StratoVirt: Combines high security and performance with lightweight loads, low power consumption, and flexible component splitting for trusted virtualization platform in all scenarios.
+
+ - Uses the Rust language, supports **seccomp** and multi-tenant isolation, providing a secure and trusted operating environment.
+ - Supports startup within 50 ms and memory noise floor of less than 4 MB, achieving the ultimate performance and lightweight deployment in various scenarios across-device-edge-cloud.
+ - Supports multiple hardware acceleration virtualized engines, such as x86 VT and Kunpeng-V.
+ - Supports device scaling within milliseconds, providing flexible resource scaling capabilities for lightweight loads.
+ - Scalable device models, supports complex device specifications such as PCI, and compatible with the QEMU software ecosystem.
+ - Supports multiple computing, network, and storage acceleration solutions, and flexible collaboration of heterogeneous computing power.
+
+- iSula: A lightweight container solution that unifies IoT, edge, and cloud computing.
+
+ - Optimized operation performance for the startup and container lifecycle.
+ - **isula-build**, a container image build tool that provides secure and fast container image build capabilities.
+ - Secure and trusted VM startup for enhanced VM security.
+
+- Enhanced virtualization features
+
+ - Optimizes VM lock preemption with dual-layer scheduling and Hypervisor-aware VM scheduling, delivering higher performance in the multi-core overcommitment scenario.
+ - Optimizes the IPI interruption performance using the Guest-Idle-Haltpoll mechanism, improving the database service performance.
+ - For the virtualization feature of the ARM platform, supports the CPU/memory hot plug and the custom mode for the KVM CPU, making resource configuration more flexible.
+ - Quickly collects performance indicators of a VM using the O\&M tool VMTOP.
+ - Enables hardlockup detection using the PMU NMI watchdog feature.
+
+- Kernel feature enhancement
+
+ - Enhancement for IMA commercial use: Based on the open source IMA solution, improves security, performance, and usability to facilitate commercial use.
+ - NUMA Aware Qspinlock: Improves system performance by reducing cross-NUMA cache synchronization and ping-pong operations caused by lock competition.
+ - Ktask parallelism: A kernel task parallelism framework that supports the parallel operation of kernel tasks.
+ - MPAM resource control: Supports Cache QoS and memory bandwidth control technology for the ARM64 architecture.
+ - Memory system lock optimization: Optimizes vmalloc allocation lock and Pagecache lock.
+
+- Programming languages and compilers
+
+ - JDK8 enhancement: Supports the APPCDS feature and crc32 hardware acceleration instruction.
+ - GCC optimization: Supports cyclic optimization, automatic vectorization, and global optimization.
+
+- Hardware and chip enablement
+
+ - Raspberry Pi: Supports the Raspberry series boards.
+
+- Desktop support
+
+ - UKUI: Default desktop environment of the Kylin OS. Its layout, style, and usage habits are similar to those of the traditional Windows OS.
+
+- Intelligent O\&M
+
+ - A-Tune: An intelligent system performance optimization engine that infers service features and configures the optimal system parameter set for the optimal service operations.
\ No newline at end of file
diff --git "a/docs/zh/docs/20.09/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" b/docs/en/docs/Releasenotes/known-issues.md
similarity index 66%
rename from "docs/zh/docs/20.09/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md"
rename to docs/en/docs/Releasenotes/known-issues.md
index 3099acb599425b392e73513e8f6d5628d882e1ca..16ada9132ac580ad434b59d9b922e73649597fbb 100644
--- "a/docs/zh/docs/20.09/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md"
+++ b/docs/en/docs/Releasenotes/known-issues.md
@@ -1,28 +1,29 @@
-# 已知问题
+# Known Issues
-
An error message is displayed when the x86 QCOW2 image is used for VM creation or the ISO image is used for physical machine installation. The error message is output as expected. For details, see the issue response.
arm 物理机使用已写入文件系统的磁盘进行自定义分区,分区失败,特殊路径触发可规避,措施见ISSUE回复内容
+
The ARM-based physical machine uses the drive that has been written into the file system for customized partitioning, but the partitioning fails. A special path can be used to prevent this issue. For details, see the issue response.
In the pressure test in the overcommitment scenario, frame freezing occurs to vmtop -H page turning when the number of vCPUs is greater than 1,000. The impact scope is controllable. For details, see the issue response.
Among the CPU usage data collected by vmtop, the single core whose usage exceeds 100% exists. The impact scope is controllable. For details, see the issue response.
+
diff --git a/docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-caution.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-caution.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-caution.gif
rename to docs/en/docs/Releasenotes/public_sys-resources/icon-caution.gif
diff --git a/docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-danger.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-danger.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-danger.gif
rename to docs/en/docs/Releasenotes/public_sys-resources/icon-danger.gif
diff --git a/docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-note.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-note.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-note.gif
rename to docs/en/docs/Releasenotes/public_sys-resources/icon-note.gif
diff --git a/docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-notice.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-notice.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-notice.gif
rename to docs/en/docs/Releasenotes/public_sys-resources/icon-notice.gif
diff --git a/docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-tip.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-tip.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-tip.gif
rename to docs/en/docs/Releasenotes/public_sys-resources/icon-tip.gif
diff --git a/docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-warning.gif b/docs/en/docs/Releasenotes/public_sys-resources/icon-warning.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Releasenotes/public_sys-resources/icon-warning.gif
rename to docs/en/docs/Releasenotes/public_sys-resources/icon-warning.gif
diff --git a/docs/en/docs/20.09/docs/Releasenotes/release_notes.md b/docs/en/docs/Releasenotes/release_notes.md
similarity index 81%
rename from docs/en/docs/20.09/docs/Releasenotes/release_notes.md
rename to docs/en/docs/Releasenotes/release_notes.md
index b00a4cadbb2c88de39f4a2f8c33e73a80c2ec89e..10fb5d9d2ca4b03c7a0e654932d9f1f93b3641d7 100644
--- a/docs/en/docs/20.09/docs/Releasenotes/release_notes.md
+++ b/docs/en/docs/Releasenotes/release_notes.md
@@ -1 +1,3 @@
+# Release Notes
+
This document is the release notes for the openEuler 20.09 release version.
\ No newline at end of file
diff --git a/docs/en/docs/Releasenotes/resolved-issues.md b/docs/en/docs/Releasenotes/resolved-issues.md
new file mode 100644
index 0000000000000000000000000000000000000000..01107f9b33cb9d4ebeb2f23e7e52130dd9a42951
--- /dev/null
+++ b/docs/en/docs/Releasenotes/resolved-issues.md
@@ -0,0 +1,226 @@
+# Resolved Issues
+
+For the complete issue list, see [Complete Issue List](https://gitee.com/organizations/src-openeuler/issues).
+
+For details about the complete kernel submission records, see [Record Submission](https://gitee.com/openeuler/kernel/commits/openEuler-1.0-LTS).
+
+**Applications and basic services**
+
+
The rule does not take effect when the destination port is 80 and the data packages from the source IP address of a host are added to the x86-based server.
During x86 PXE installation, the %packages file in the .ks file is used to install minimal, @core, and @base. After the installation is successful, the startup is suspended.
diff --git a/docs/en/docs/StratoVirt/Install_StratoVirt.md b/docs/en/docs/StratoVirt/Install_StratoVirt.md
new file mode 100644
index 0000000000000000000000000000000000000000..1e68680fa30f7beec6b25b946fdff48fc5dd0e1b
--- /dev/null
+++ b/docs/en/docs/StratoVirt/Install_StratoVirt.md
@@ -0,0 +1,39 @@
+# Installing StratoVirt
+
+[[toc]]
+
+## Software and Hardware Requirements
+
+### Minimum Hardware Requirements
+
+- Processor architecture: Only the AArch64 and x86_64 processor architectures are supported. AArch64 requires ARMv8 or a later version and supports virtualization extension. x86_64 supports VT-x.
+
+- 2-core CPU
+- 4 GiB memory
+- 16 GiB available disk space
+
+### Software Requirements
+
+Operating system: openEuler 20.09 or later
+
+
+
+## Installing Components
+
+To use StratoVirt virtualization, it is necessary to install StratoVirt. Before the installation, ensure that the openEuler yum source has been configured.
+
+1. Run the following command as user root to install the StratoVirt components:
+
+ ```
+ # yum install stratovirt
+ ```
+
+
+2. Check whether the installation is successful.
+
+ ```
+ $ stratovirt -version
+ StratoVirt 0.1.0
+ ```
+
+
diff --git a/docs/en/docs/StratoVirt/Interconnect_isula.md b/docs/en/docs/StratoVirt/Interconnect_isula.md
new file mode 100644
index 0000000000000000000000000000000000000000..f31b342bf085391f80da976fae9a10ba37c3ccb5
--- /dev/null
+++ b/docs/en/docs/StratoVirt/Interconnect_isula.md
@@ -0,0 +1,40 @@
+# Interconnecting with the iSula Secure Container
+
+[[toc]]
+
+## Overview
+
+To provide a better isolation environment for containers and improve system security, it is necessary to connect Kata to StratoVirt in the iSula secure container scenario.
+
+## Interconnection with an iSula Secure Container
+
+**Prerequisites**
+
+iSulad and Kata containers have been installed.
+
+**Operations**
+
+
+
+The default path of the Kata configuration file is /usr/share/defaults/kata-containers/configuration.toml.
+
+1. Modify the configuration file to set the hypervisor type of the secure sandbox to stratovirt.
+
+ ```
+ [hypervisor.stratovirt]
+ ```
+
+2. Set the execution file path of the secure sandbox to the absolute path of stratovirt.sh. The content of the stratovirt.sh script is as follows:
+
+ ```
+ #!/bin/bash
+ export STRATOVIRT_LOG_LEVEL=info # set log level which includes trace, debug, info, warn and error.
+ /usr/bin/stratovirt $@
+ ```
+
+3. Run iSulad to connect Kata to StratoVirt.
+
+ ```
+ $ isula run -tid --runtime=kata-runtime --name test busybox:latest sh
+ ```
+
diff --git a/docs/en/docs/StratoVirt/Manage_life_cycle.md b/docs/en/docs/StratoVirt/Manage_life_cycle.md
new file mode 100644
index 0000000000000000000000000000000000000000..a859b7471175bba9f9a2d4d4e855b3e4df898ce2
--- /dev/null
+++ b/docs/en/docs/StratoVirt/Manage_life_cycle.md
@@ -0,0 +1,124 @@
+# Managing the VM Lifecycle
+
+[[toc]]
+
+## Overview
+
+This section describes how to use StratoVirt to manage the lifecycle of a VM, namely starting, pausing, resuming, and exiting a VM.
+
+
+
+## Creating and Starting a VM
+
+As described in the section "Configuring a VM", users can specify the VM configuration by using command line parameters or the JSON file, and run the stratovirt command on the host to create and start a VM.
+
+- Run the following command to create and start a VM:
+
+```
+$/path/to/stratovirt - [Parameter 1] [Parameter Option] - [Parameter 2] [Parameter Option]...
+```
+
+
+
+- Use the JSON file to provide the VM configuration. The command for creating and starting a VM is as follows:
+
+```
+$ /path/to/stratovirt \
+ -config /path/to/json \
+ -api-channel unix:/path/to/socket
+```
+
+Where, /path/to/json indicates the path of the JSON configuration file. /path/to/socket is the socket file specified by the user (for example, /tmp/stratovirt.socket). After the command is executed, the socket file is automatically created. Ensure that the socket file does not exist before executing the command, so that the VM can be started properly.
+
+
+
+> 
+>
+> After the VM is started, there are two NICs: eth0 and eth1. The two NICs are reserved for hot plugging: eth0 first, and then eth1. Currently, only two virtio-net NICs can be hot-plugged.
+
+
+
+## Connecting a VM
+
+StratoVirt uses QMP to manage VMs. To pause, resume, and exit a VM, connect it to StratoVirt through QMP first.
+
+Open a new CLI (CLI B) on the host and run the following command to perform the api-channel connection:
+
+```
+$ ncat -U /path/to/socket
+```
+
+After the connection is set up, a greeting message will be received from StratoVirt, as shown in the following figure.
+
+```
+{"QMP":{"version":{"qemu":{"micro":1,"minor":0,"major":4},"package":""},"capabilities":[]}}
+```
+
+Now, manage the VM by entering QMP commands in CLI B.
+
+
+
+> 
+>
+> QMP provides stop, cont, quit, and query-status to manage and query the VM status.
+>
+> All QMP commands for managing VMs are entered in CLI B. `<-` indicates the command input, and `->` indicates the QMP returned result.
+
+
+
+
+
+## Pausing a VM
+
+QMP provides the stop command for pausing a VM, that is, pausing all vCPUs of the VM. Command format:
+
+**{"execute":"stop"}**
+
+**Example:**
+
+Run the stop command to pause the VM. The command output is as follows:
+
+```
+<- {"execute":"stop"}
+-> {"event":"STOP","data":{},"timestamp":{"seconds":1583908726,"microseconds":162739}}
+-> {"return":{}}
+```
+
+
+
+
+
+## Resuming a VM
+
+QMP provides the cont command to resume a VM, that is, to resume all vCPUs of the VM. Command format:
+
+**{"execute":"cont"}**
+
+**Example:**
+
+Run the cont command to resume the VM. The command output is as follows:
+
+```
+<- {"execute":"cont"}
+-> {"event":"RESUME","data":{},"timestamp":{"seconds":1583908853,"microseconds":411394}}
+-> {"return":{}}
+```
+
+
+
+
+
+## Exiting a VM
+
+QMP provides the quit command to exit a VM, that is, to exit the StratoVirt process. Command format:
+
+**{"execute":"quit"}**
+
+**Example:**
+
+```
+<- {"execute":"quit"}
+-> {"event":"SHUTDOWN","data":{"guest":false,"reason":"host-qmp-quit"},"timestamp":{"ds":1590563776,"microseconds":519808}}
+-> {"return":{}}
+```
+
diff --git a/docs/en/docs/StratoVirt/Manage_resource.md b/docs/en/docs/StratoVirt/Manage_resource.md
new file mode 100644
index 0000000000000000000000000000000000000000..cff9f660a8e73991e44787820ca73b259bb55f70
--- /dev/null
+++ b/docs/en/docs/StratoVirt/Manage_resource.md
@@ -0,0 +1,114 @@
+#Managing VM resources
+
+[[toc]]
+
+## Overview
+
+This section describes how to use QMP commands to manage disks and NICs.
+
+
+
+> 
+>
+> StratoVirt uses QMP to manage VMs. Before using QMP to manage VM resources, use it to connect StratoVirt to the VM. For details, see "Managing the VM Life Cycle".
+
+
+
+## Hot-Pluggable Hard Disks
+
+StratoVirt supports adjusting the number of disks during VM running. That is, you can add or delete VM disks without interrupting services.
+
+### Hot Plugged-in Disk
+
+**Usage**
+
+```
+{"execute": "blockdev-add", "arguments": {"node-name": "drive-0", "file": {"driver": "file", "filename": "/path/to/block"}, "cache": {"direct": true}, "read-only": false}}
+{"execute": "device_add", "arguments": {"id": "drive-0", "driver": "virtio-blk-mmio", "addr": "0x1"}}
+```
+
+**Parameter**
+
+- The value of node-name in blockdev-add must be the same as the value of id in device_add. They are both drive-0.
+
+- /path/to/block is the mirror path of the hot plugged-in disk. It cannot be the path of the disk image that boots the rootfs.
+- For addr, 0x0 is mapped to vda of the VM, 0x1 is mapped to vdb, and so on. To be compatible with the QMP protocol, "addr" can be replaced by "lun", but lun=0 is mapped to the vdb of the client. Only six virtio-blk disks can be hot added.
+
+**Example**
+
+```
+<- {"execute": "blockdev-add", "arguments": {"node-name": "drive-0", "file": {"driver": "file", "filename": "/path/to/block"}, "cache": {"direct": true}, "read-only": false}}
+-> {"return": {}}
+<- {"execute": "device_add", "arguments": {"id": "drive-0", "driver": "virtio-blk-mmio", "addr": "0x1"}}
+-> {"return": {}}
+```
+
+
+
+### Hot Plugged-out Disk
+
+**Usage**
+
+**{"execute": "device_del", "arguments": {"id":"drive-0"}}**
+
+**Parameter**
+
+id indicates the ID of the hot plugged-out disk.
+
+**Example**
+
+```
+<- {"execute": "device_del", "arguments": {"id": "drive-0"}}
+-> {"event":"DEVICE_DELETED","data":{"device":"drive-0","path":"drive-0"},"timestamp":{"seconds":1598513162,"microseconds":367129}}
+-> {"return": {}}
+```
+
+
+
+## Hot-Pluggable NIC
+
+StratoVirt allows users to adjust the number of NICs during VM running. That is, users can add or delete NICs for VMs without interrupting services.
+
+### Hot Plugged-in NIC
+
+**Usage**
+
+```
+{"execute":"netdev_add", "arguments":{"id":"net-0", "ifname":"tap0"}}
+{"execute":"device_add", "arguments":{"id":"net-0", "driver":"virtio-net-mmio", "addr":"0x0"}}
+```
+
+**Parameter**
+
+- The ID in netdev_add must be the same as that in device_add. Ifname indicates the name of the TAP device.
+
+- For addr, 0x0 is mapped to eth0 of the VM, and 0x1 to eth1. Only two virtio-net NICs can be hot plugged in.
+
+
+**Example**
+
+```
+<- {"execute":"netdev_add", "arguments":{"id":"net-0", "ifname":"tap0"}}
+<- {"execute":"device_add", "arguments":{"id":"net-0", "driver":"virtio-net-mmio", "addr":"0x0"}}
+```
+
+Where, addr:0x0 corresponds to eth0 in the VM.
+
+### Hot Plugged-out NIC
+
+**Usage**
+
+**{"execute": "device_del", "arguments": {"id": "net-0"}}**
+
+**Parameter**
+
+id: specifies the NIC ID, for example, net-0.
+
+**Example**
+
+```
+<- {"execute": "device_del", "arguments": {"id": "net-0"}}
+-> {"event":"DEVICE_DELETED","data":{"device":"net-0","path":"net-0"},"timestamp":{"seconds":1598513339,"microseconds":97310}}
+-> {"return": {}}
+```
+
diff --git a/docs/en/docs/StratoVirt/Prepare_env.md b/docs/en/docs/StratoVirt/Prepare_env.md
new file mode 100644
index 0000000000000000000000000000000000000000..c18473bc33180d3fad61600d4166fa2bb34f9d69
--- /dev/null
+++ b/docs/en/docs/StratoVirt/Prepare_env.md
@@ -0,0 +1,148 @@
+# Preparing the Environment
+
+[[toc]]
+
+## Usage
+
+- StratoVirt supports only Linux VMs that use the x86_64 or AArch64 processor architecture and start the VM with same architecture.
+- StratoVirt can be compiled, commissioned, and deployed only on openEuler 20.09 and later versions.
+- StratoVirt can run with non-root permissions.
+
+## Environment Requirements
+
+The following environment is required for running StratoVirt:
+
+- /dev/vhost-vsock device (for implementing the MMIO)
+- Nmap tool
+- Kernel image and rootfs image
+
+
+
+## Preparing Devices and Tools
+
+- StratoVirt needs to implement the MMIO device. Therefore, before running StratoVirt, ensure that the `/dev/vhost-vsock` device exists.
+
+ Check whether the device exists.
+
+ ```
+ $ ls /dev/vhost-vsock
+ /dev/vhost-vsock
+ ```
+
+ If the device does not exist, run the following command to generate the /dev/vhost-vsock device:
+
+ ```
+ $ modprobe vhost_vsock
+ ```
+
+
+- To use QMP commands, install the nmap tool. After configuring the yum source, run the following command to install the nmap tool:
+
+ ```
+ $ yum install nmap
+ ```
+
+## Preparing Images
+
+### Creating the Kernel Image
+
+The StratoVirt of the current version supports only the PE kernel image of the x86_64 and AArch64 platforms. The kernel image in PE format can be generated by using the following method:
+
+1. Run the following command to obtain the kernel source code of the openEuler:
+
+ ```
+ $ git clone https://gitee.com/openeuler/kernel
+ $ cd kernel
+ ```
+
+2. Run the following command to check and switch the kernel version to 4.19:
+
+ ```
+ $ git checkout kernel-4.19
+ ```
+
+3. Configure and compile the Linux kernel. It is better to use the recommended configuration file ([Obtain configuration file](https://gitee.com/openeuler/stratovirt/tree/master/docs/kernel_config)). Copy it to the kernel directory, and rename it as `.config`. You can also run the following command to configure the kernel as prompted:
+
+ ```
+ $ make menuconfig
+ ```
+
+4. Run the following command to create and convert the kernel image to the PE format. The converted image is vmlinux.bin.
+
+ ```
+ $ make -j vmlinux && objcopy -O binary vmlinux vmlinux.bin
+ ```
+
+ After the compilation is complete, the kernel image vmlinux.bin is generated in the current directory.
+
+
+
+## Creating the Rootfs Image
+
+The rootfs image is a file system image. When the StratoVirt is started, the ext4 image with init can be loaded. To create an ext4 rootfs image, perform the following steps:
+
+1. Prepare a file with a proper size (for example, create a file with the size of 10 GiB in /home).
+
+ ```
+ $ cd /home
+ $ dd if=/dev/zero of=./rootfs.ext4 bs=1G count=10
+ ```
+
+2. Create an empty ext4 file system on this file.
+
+ ```
+ $ mkfs.ext4 ./rootfs.ext4
+ ```
+
+3. Mount the file image. Create the /mnt/rootfs directory and mount rootfs.ext4 to the /mnt/rootfs directory as user root.
+
+ ```
+ $ mkdir /mnt/rootfs
+ $ cd /home
+ $ sudo mount ./rootfs.ext4 /mnt/rootfs && cd /mnt/rootfs
+ ```
+
+4. Obtain the latest alpine-mini rootfs of the corresponding processor architecture.
+
+ - If the AArch64 processor architecture is used, run the following command:
+
+ ```
+ $ wget http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/aarch64/alpine-minirootfs-3.12.0-aarch64.tar.gz
+ $ tar -zxvf alpine-minirootfs-3.12.0-aarch64.tar.gz
+ $ rm alpine-minirootfs-3.12.0-aarch64.tar.gz
+ ```
+
+
+ - For the x86_64 processor architecture, run the following command:
+
+ ```
+ $ wget http://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/x86_64/alpine-minirootfs-3.12.0-x86_64.tar.gz
+ $ tar -zxvf alpine-minirootfs-3.12.0-x86_64.tar.gz
+ $ rm alpine-minirootfs-3.12.0-x86_64.tar.gz
+ ```
+
+
+5. Run the following command to create a simple /sbin/init for the ext4 file image:
+
+ ```
+ $ rm sbin/init; touch sbin/init && cat > sbin/init < { "return": { "running": true,"singlestep": false,"status": "running" }
+```
+
+
+
+## Querying Topology Information
+
+Run the query-cpus command to query the topology of all CPUs.
+
+- Usage:
+
+**{ "execute": "query-cpus" }**
+
+- Example:
+
+```
+<- { "execute": "query-cpus" }
+-> {"return":[{"CPU":0,"arch":"x86","current":true,"halted":false,"props":{"core-id":0,"socket-id":0,"thread-id":0},"qom_path":"/machine/unattached/device[0]","thread_id":8439},{"CPU":1,"arch":"x86","current":true,"halted":false,"props":{"core-id":0,"socket-id":1,"thread-id":0},"qom_path":"/machine/unattached/device[1]","thread_id":8440}]}
+```
+
+## Querying vCPU Online Status
+
+Run the query-hotpluggable-cpus command to query the online or offline status of all vCPUs.
+
+- Usage:
+
+**{ "execute": "query-hotpluggable-cpus" }**
+
+- Example:
+
+```
+<- { "execute": "query-hotpluggable-cpus" }
+-> {"return":[{"props":{"core-id":0,"socket-id":0,"thread-id":0},"qom-path":"/machine/unattached/device[0]","type":"host-x86-cpu","vcpus-count":1},{"props":{"core-id":0,"socket-id":1,"thread-id":0},"qom-path":"/machine/unattached/device[1]","type":"host-x86-cpu","vcpus-count":1}]}
+```
+
+Where, online vCPUs have the `qom-path` item, while offline vCPUs do not.
diff --git a/docs/en/docs/StratoVirt/StratoVirt_Intoduction.md b/docs/en/docs/StratoVirt/StratoVirt_Intoduction.md
new file mode 100644
index 0000000000000000000000000000000000000000..685ddd668f4faf7dba5102bf3f97f240a5697bf8
--- /dev/null
+++ b/docs/en/docs/StratoVirt/StratoVirt_Intoduction.md
@@ -0,0 +1,25 @@
+# Introduction to StratoVirt
+
+[[toc]]
+
+## Overview
+
+StratoVirt is an enterprise-class virtualization platform for cloud data centers in the computing industry, enabling a unified architecture that supports virtual machines, containers and Serverless scenarios. On top of that, StratoVirt has a key technology competitive advantage in terms of lightweight, low noise, hard and soft collaboration, Rust language-level security, and more. StratoVirt reserves the capabilities and interfaces for component assembly in architectural design and interfaces. More importantly, StratoVirt has the flexibility to assemble advanced features on demand until it evolves to support standard virtualization, finding the best balance between feature requirements, applications scenarios, and light flexibility.
+
+
+
+## Architecture Description
+
+The StratoVirt core architecture is divided into three layers from top to bottom:
+
+- OCI: compatible with the QEMU Machine Protocol (QMP), which has complete OCI compatibility capabilities.
+- BootLoader: discards the traditional BIOS+GRUB boot mode and implements a lighter and faster bootloader.
+- MicroVM: virtualization layer, which fully leverages the capability of software and hardware collaboration to simplify the device model and the capability of low-latency resource scaling.
+
+The overall architecture is shown in **Figure 1**.
+
+**Figure 1** Overall architecture of StratoVirt
+
+
+
+
diff --git a/docs/en/docs/StratoVirt/StratoVrit_guidence.md b/docs/en/docs/StratoVirt/StratoVrit_guidence.md
new file mode 100644
index 0000000000000000000000000000000000000000..461f0bf0490f0a18176972f10c4ea8f7edee1491
--- /dev/null
+++ b/docs/en/docs/StratoVirt/StratoVrit_guidence.md
@@ -0,0 +1,4 @@
+# StratoVirt Virtualization User Guide
+
+This document describes Stratovirt virtualization, providing instructions on how to install Stratovirt based on openEuler and how to use Stratovirt virtualization. The purpose is to help users learn about Stratovirt and guide users and administrators to install and use StratoVirt.
+
diff --git a/docs/en/docs/StratoVirt/VM_configuration.md b/docs/en/docs/StratoVirt/VM_configuration.md
new file mode 100644
index 0000000000000000000000000000000000000000..96e762589519c50709ed2a40805f044daa84b963
--- /dev/null
+++ b/docs/en/docs/StratoVirt/VM_configuration.md
@@ -0,0 +1,235 @@
+# Configuring a VM
+
+## Overview
+
+Different from Libvirt that uses XML files to configure VMs, StratoVirt can use command line parameters or the JSON file to configure the VM CPU, memory, and disk information. This section describes the two configuration methods.
+
+> 
+>
+> If both methods can be used, incline to the command line configuration.
+>
+> In this document, /path/to/socket is the socket file in the user-defined path.
+
+
+
+
+
+## Specifications
+
+- Number of VM CPUs: [1,254]
+- VM memory size: [128MiB,512GiB]
+- Number of VM disks (including hot swap disks): [0,6]
+- Number of VM NICs (including hot swap NICs): [0,2]
+- The VM console device supports only single way connection.
+- On the x86_64 platform, a maximum of two other devices except disks and NICs can be configured. On the AArch64 platform, the maximum of other devices is 12, also excluding disks and NICs.
+
+## Minimum Configuration
+
+The minimum configuration of the StratoVirt is as follows:
+
+- There is a Linux kernel file in PE format.
+- Set the rootfs image as the virtio-blk device and add it to kernel parameters.
+- Use api-channel to control StratoVirt.
+- If you want to use ttyS0 for login, add a serial port to the startup command line and add ttyS0 to kernel parameters.
+
+
+
+## Command Line Configuration
+
+**Overview**
+
+Command line configuration directly specifies the VM configuration content using command line parameters.
+
+**Command Format**
+
+The format of the command configured by running the cmdline command is as follows:
+
+**$ /path/to/stratovirt** *-[Parameter 1] [Parameter Option] -[Parameter 2] [Parameter Option] ...*
+
+**Usage**
+
+1. To ensure that the socket required by api-channel can be created, run the following command to clear the environment:
+
+ ```
+ $rm [parameter] [user-defined socket file path]
+ ```
+
+
+
+2. Run the cmdline command.
+
+ ```
+ $ /path/to/stratovirt -[Parameter 1] [Parameter Option] -[Parameter 2] [Parameter Option] ...
+ ```
+
+
+
+**Parameter Description**
+
+The following table lists the parameters of the cmdline command.
+
+**Table 1** Description of command line configuration parameters
+
+| Parameter | Value | Description |
+| ---------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
+| -name | *VMName* | Configures the VM name (a string of 1 to 255 characters).|
+| -kernel | /path/to/vmlinux.bin | Configures the kernel image.|
+| -append | console=ttyS0 root=/dev/vda reboot=k panic=1 | Configures kernel command line parameters.|
+| -initrd | /path/to/initrd.img | Configures the initrd file.|
+| -smp | [cpus=] Number of CPUs | Configures the number of CPUs. The value range is [1,254].|
+| -m | Byte/MiB/GiB | Configures the memory size. The value range is [128MiB,512GiB]. |
+| -drive | id=rootfs,file=/path/to/rootfs[,readonly=false,direct=true,serial=serial_num] | Configures the virtio-blk device.|
+| -netdev | id=iface_id,netdev=tap0[,mac=mac_address] | Configures the virtio-net device.|
+| -chardev | id=console_id,path=/path/to/socket | Configures virtio-console. Ensure that the socket file does not exist before running the command.|
+| -device | vsock,id=vsock_id,guest-cid=3 | Configures vhost-vsock.|
+| -api-channel | unix:/path/to/socket | Configures api-channel. Before running this command, ensure that the socket file does not exist.|
+| -serial | stdio | Configures a serial port device.|
+| -D | /path/to/logfile | Configures log files.|
+| -pidfile | /path/to/pidfile | Configures the PID file. This parameter must be used together with -daemonize.|
+| -disable-seccomp | N/A | Disables the Seccomp, which is enabled by default.|
+| -omit_vm_memory | N/A | Do not dump the VM memory when the process enters the panic state.|
+| -daemonize | N/A | Enables the daemon process.|
+
+
+
+**Example**
+
+1. Delete the socket file to ensure that the api-channel can be created.
+
+ ```
+ $ rm -f /tmp/stratovirt.socket
+ ```
+
+
+
+2. Run StratoVirt.
+
+ ```
+ $ /path/to/stratovirt \
+ -kernel /path/to/vmlinux.bin \
+ -append console=ttyS0 root=/dev/vda reboot=k panic=1 \
+ -drive file=/home/rootfs.ext4,id=rootfs,readonly=false \
+ -api-channel unix:/tmp/stratovirt.socket \
+ -serial stdio
+ ```
+
+ After the running is successful, the VM is created and started based on the specified configuration parameters.
+
+
+
+## JSON Configuration
+
+
+
+**Overview**
+
+Configuration using the JSON file indicates that when running StratoVirt to create a VM, the system reads the specified JSON file that contains the VM configuration.
+
+**Command Format**
+
+The format of the command for configuring a VM using the JSON file is as follows. In this command, /path/to/json indicates the path of the corresponding file.
+
+**$ /path/to/stratovirt -config** */path/to/json -[Parameter] [Parameter Option]*
+
+**Usage**
+
+1. Create a JSON file and write the VM configuration to the file.
+
+2. Run the StratoVirt command to create a VM.
+
+ ```
+ $ /path/to/stratovirt -config /path/to/json - [Parameter] [Parameter Option]
+ ```
+
+**Parameter Description**
+
+The following table describes the configurable parameters in the JSON file.
+
+**Table 2** Parameters in the configuration file
+
+| Parameter | Value | Description |
+| -------------- | ------------------------------------------------------------ | ---------------------------------------------------- |
+| boot-source | "kernel_image_path": "/path/to/vmlinux.bin","boot_args": "console=ttyS0 reboot=k panic=1 pci=off tsc=reliable ipv6.disable=1 root=/dev/vda quiet","initrd_fs_path": "/path/to/initrd.img" | Configures the kernel image and kernel parameters. The `initrd_fs_path` parameter is optional. |
+| machine-config | "name": "abc","vcpu_count": 4,"mem_size": 805306368,"omit_vm_memory": true | Configures the virtual CPU and memory size. The `omit_vm_memory` parameter is optional. |
+| drive | "drive_id": "rootfs","path_on_host": "/path/to/rootfs.ext4","read_only": false,"direct": true,"serial_num": "xxxxx" | Configures the virtio-blk disk. The `serial_num` parameter is optional. |
+| net | "iface_id": "net0","host_dev_name": "tap0","mac": "xx:xx:xx:xx:xx:xx" | Configures the virtio-net NIC. The `mac` parameter is optional. |
+| console | "console_id": "charconsole0","socket_path": "/path/to/socket" | Configures the virtio-console serial port. Before running the serial port, ensure that the socket file does not exist. |
+| vsock | "vsock_id": "vsock0","guest_cid": 3 | Configures the virtio-vsock device. |
+| serial | "stdio": true | Configures a serial port device.|
+
+
+
+The following table lists the parameters running in JSON.
+
+**Table 3** Parameters running in JSON
+
+| Parameter | Value | Description |
+| ---------------- | -------------------- | ------------------------------------------------------------ |
+| -config | /path/to/json | Configures the file path.|
+| -api-channel | unix:/path/to/socket | Configures api-channel. Before running this command, ensure that the socket file does not exist. |
+| -D | /path/to/logfile | Configures log files.|
+| -pidfile | /path/to/pidfile | Configures the PID file, which must be used together with daemonize. Before running the command, make sure that the PID file does not exist. |
+| -disable-seccomp | N/A | Disables the Seccomp, which is enabled by default. |
+| -daemonize | N/A | Enables the daemon process.|
+
+
+
+**Example**
+
+1. Create a JSON file, for example, /home/config.json. The file content is as follows:
+
+```
+{
+ "boot-source": {
+ "kernel_image_path": "/path/to/vmlinux.bin",
+ "boot_args": "console=ttyS0 reboot=k panic=1 pci=off tsc=reliable ipv6.disable=1 root=/dev/vda quiet"
+ },
+ "machine-config": {
+ "name": "abc",
+ "vcpu_count": 2,
+ "mem_size": 268435456,
+ "omit_vm_memory": false
+ },
+ "drive": [
+ {
+ "drive_id": "rootfs",
+ "path_on_host": "/path/to/rootfs.ext4",
+ "direct": true,
+ "read_only": false,
+ "serial_num": "abcd"
+ }
+ ],
+ "net": [
+ {
+ "iface_id": "net0",
+ "host_dev_name": "tap0",
+ "mac": "0e:90:df:9f:a8:88"
+ }
+ ],
+ "console": {
+ "console_id": "charconsole0",
+ "socket_path": "/path/to/console.socket"
+ },
+ "serial": {
+ "stdio": true
+ },
+ "vsock": {
+ "vsock_id": "vsock-123321132",
+ "guest_cid": 4
+ }
+}
+
+```
+
+
+
+2. Run StratoVirt to read the JSON file and create and start the VM.
+
+```
+$ /path/to/stratovirt \
+ -config /home/config.json \
+ -api-channel unix:/tmp/stratovirt.socket
+```
+
+Successful execution of the command indicates that the VM is successfully created and started.
+
diff --git a/docs/zh/docs/20.09/docs/StratoVirt/figures/StratoVirt_architecture.png b/docs/en/docs/StratoVirt/figures/arc.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/StratoVirt/figures/StratoVirt_architecture.png
rename to docs/en/docs/StratoVirt/figures/arc.png
diff --git a/docs/en/docs/StratoVirt/figures/en-05.png b/docs/en/docs/StratoVirt/figures/en-05.png
new file mode 100644
index 0000000000000000000000000000000000000000..ad5ed3f7beeb01e6a48707c4806606b41d687e22
Binary files /dev/null and b/docs/en/docs/StratoVirt/figures/en-05.png differ
diff --git a/docs/en/docs/20.09/docs/Virtualization/appendix.md b/docs/en/docs/Virtualization/appendix.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/appendix.md
rename to docs/en/docs/Virtualization/appendix.md
diff --git a/docs/en/docs/20.09/docs/Virtualization/best-practices.md b/docs/en/docs/Virtualization/best-practices.md
similarity index 83%
rename from docs/en/docs/20.09/docs/Virtualization/best-practices.md
rename to docs/en/docs/Virtualization/best-practices.md
index 94069b02437a6829e448580b20fe05cc886eaeb3..7e1de24b147c0372de155fc71af80ec973fcd480 100644
--- a/docs/en/docs/20.09/docs/Virtualization/best-practices.md
+++ b/docs/en/docs/Virtualization/best-practices.md
@@ -1,18 +1,6 @@
# Best Practices
-- [Best Practices](#best-practices)
- - [Performance Best Practices](#performance-best-practices)
- - [Halt-Polling](#halt-polling)
- - [I/O Thread Configuration](#i-o-thread-configuration)
- - [Raw Device Mapping](#raw-device-mapping)
- - [kworker Isolation and Binding](#kworker-isolation-and-binding)
- - [HugePage Memory](#hugepage-memory)
- - [PV-qspinlock](#pv-qspinlock)
- - [Security Best Practices](#security-best-practices)
- - [Libvirt Authentication](#libvirt-authentication)
- - [qemu-ga](#qemu-ga)
- - [sVirt Protection](#svirt-protection)
- - [VM Trusted Boot](#VM-Trusted-Boot)
+[[toc]]
## Performance Best Practices
@@ -238,6 +226,73 @@ Modify the /boot/efi/EFI/openEuler/grub.cfg configuration file of the VM, add ar
> **Note:**
>PV-qspinlock is supported only when the operating systems of the host machine and VM are both openEuler-20.09 or later and the VM kernel compilation option CONFIG_PARAVIRT_SPINLOCKS is set to y (default value for openEuler).
+### Guest-Idle-Haltpoll
+
+#### Overview
+
+To ensure fairness and reduce power consumption, when the vCPU of the VM is idle, the VM executes the WFx/HLT instruction to exit to the host machine and triggers context switchover. The host machine determines whether to schedule other processes or vCPUs on the physical CPU or enter the energy saving mode. However, overheads of switching between a virtual machine and a host machine, additional context switching, and IPI wakeup are relatively high, and this problem is particularly prominent in services where sleep and wakeup are frequently performed. The Guest-Idle-Haltpoll technology indicates that when the vCPU of a VM is idle, the WFx/HLT is not executed immediately and VM-exit occurs. Instead, polling is performed on the VM for a period of time. During this period, the tasks of other vCPUs that share the LLC on the vCPU are woken up without sending IPI interrupts. This reduces the overhead of sending and receiving IPI interrupts and the overhead of VM-exit, thereby reducing the task wakeup latency.
+
+> **Note:**
+ The execution of the idle-haltpoll command by the vCPU on the VM increases the CPU overhead of the vCPU on the host machine. Therefore, it is recommended that the vCPU exclusively occupy physical cores on the host machine when this feature is enabled.
+
+#### Procedure
+
+The Guest-Idle-Haltpoll feature is disabled by default. The following describes how to enable this feature.
+
+1. Enable the Guest-Idle-Haltpoll feature.
+ - If the processor architecture of the host machine is x86, you can configure hint-dedicated in the XML file of the VM on the host machine to enable this feature. In this way, the status that the vCPU exclusively occupies the physical core can be transferred to the VM through the VM XML configuration. The host machine ensures the status of the physical core exclusively occupied by the vCPU.
+
+ ```
+
+ ...
+
+
+ ...
+
+
+
+ ...
+
+ ```
+
+ Alternatively, set cpuidle\_haltpoll.force to Y in the kernel startup parameters of the VM to forcibly enable the function. This method does not require the host machine to configure the vCPU to exclusively occupy the physical core.
+ ```
+ cpuidle_haltpoll.force=Y
+ ```
+
+ - If the processor architecture of the host machine is AArch64, this feature can be enabled only by configuring cpuidle\_haltpoll.force=Y haltpoll.enable=Y in the VM kernel startup parameters.
+
+ ```
+ cpuidle_haltpoll.force=Y haltpoll.enable=Y
+ ```
+
+2. Check whether the Guest-Idle-Haltpoll feature takes effect. Run the following command on the VM. If haltpoll is returned, the feature has taken effect.
+
+ ```
+ # cat /sys/devices/system/cpu/cpuidle/current_driver
+ ```
+
+3. (Optional) Set the Guest-Idle-Haltpoll parameter.
+
+ The following configuration files are provided in the /sys/module/haltpoll/parameters/ directory of the VM. You can adjust the configuration parameters based on service characteristics.
+
+ - guest\_halt\_poll\_ns: a global parameter that specifies the maximum polling duration after the vCPU is idle. The default value is 200000 (unit: ns).
+ - guest\_halt\_poll\_shrink: a divisor that is used to shrink the current vCPU guest\_halt\_poll\_ns when the wakeup event occurs after the global guest\_halt\_poll\_ns time. The default value is 2.
+ - guest\_halt\_poll\_grow: a multiplier that is used to extend the current vCPU guest\_halt\_poll\_ns when the wakeup event occurs after the current vCPU guest\_halt\_poll\_ns and before the global guest\_halt\_poll\_ns. The default value is 2.
+ - guest\_halt\_poll\_grow\_start: When the system is idle, the guest\_halt\_poll\_ns of each vCPU reaches 0. This parameter is used to set the initial value of the current vCPU guest\_halt\_poll\_ns to facilitate scaling in and scaling out of the vCPU polling duration. The default value is 50000 (unit: ns).
+ - guest\_halt\_poll\_allow\_shrink: a switch that is used to enable vCPU guest\_halt\_poll\_ns scale-in. The default value is Y. (Y indicates enabling the scale-in; N indicates disabling the scale-in.)
+
+ You can run the following command as the user root to change the parameter values: In the preceding command, _value_ indicates the parameter value to be set, and _configFile_ indicates the corresponding configuration file.
+
+ ```
+ # echo value > /sys/module/haltpoll/parameters/configFile
+ ```
+
+ For example, to set the global guest\_halt\_poll\_ns to 200000 ns, run the following command:
+
+ ```
+ # echo 200000 > /sys/module/haltpoll/parameters/guest_halt_poll_ns
+ ```
## security Best Practices
@@ -510,6 +565,8 @@ Currently, openEuler20.09 provides the libtpms and swtpm sources. You can run th
...
```
+ > **NOTE:**
+ > Currently, the VM trusted boot feature of openEuler20.09 AArch64 version does not support the ACPI feature. Therefore, do not configure the ACPI feature for VMs. Otherwise, the vTPM device cannot be identified after the VM is started.
2. Create the VM.
diff --git a/docs/en/docs/20.09/docs/Virtualization/environment-preparation.md b/docs/en/docs/Virtualization/environment-preparation.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/environment-preparation.md
rename to docs/en/docs/Virtualization/environment-preparation.md
diff --git a/docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP1.png b/docs/en/docs/Virtualization/figures/CertEnrollP1.png
similarity index 100%
rename from docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP1.png
rename to docs/en/docs/Virtualization/figures/CertEnrollP1.png
diff --git a/docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP2.png b/docs/en/docs/Virtualization/figures/CertEnrollP2.png
similarity index 100%
rename from docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP2.png
rename to docs/en/docs/Virtualization/figures/CertEnrollP2.png
diff --git a/docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP3.png b/docs/en/docs/Virtualization/figures/CertEnrollP3.png
similarity index 100%
rename from docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP3.png
rename to docs/en/docs/Virtualization/figures/CertEnrollP3.png
diff --git a/docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP4.png b/docs/en/docs/Virtualization/figures/CertEnrollP4.png
similarity index 100%
rename from docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP4.png
rename to docs/en/docs/Virtualization/figures/CertEnrollP4.png
diff --git a/docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP5.png b/docs/en/docs/Virtualization/figures/CertEnrollP5.png
similarity index 100%
rename from docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP5.png
rename to docs/en/docs/Virtualization/figures/CertEnrollP5.png
diff --git a/docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP6.png b/docs/en/docs/Virtualization/figures/CertEnrollP6.png
similarity index 100%
rename from docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP6.png
rename to docs/en/docs/Virtualization/figures/CertEnrollP6.png
diff --git a/docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP7.png b/docs/en/docs/Virtualization/figures/CertEnrollP7.png
similarity index 100%
rename from docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP7.png
rename to docs/en/docs/Virtualization/figures/CertEnrollP7.png
diff --git a/docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP8.png b/docs/en/docs/Virtualization/figures/CertEnrollP8.png
similarity index 100%
rename from docs/en/docs/20.09_LTS/docs/Virtualization/figures/CertEnrollP8.png
rename to docs/en/docs/Virtualization/figures/CertEnrollP8.png
diff --git a/docs/en/docs/20.09_LTS/docs/Virtualization/figures/OSBootFlow.png b/docs/en/docs/Virtualization/figures/OSBootFlow.png
similarity index 100%
rename from docs/en/docs/20.09_LTS/docs/Virtualization/figures/OSBootFlow.png
rename to docs/en/docs/Virtualization/figures/OSBootFlow.png
diff --git a/docs/en/docs/20.09_LTS/docs/Virtualization/figures/SecureBootFlow.png b/docs/en/docs/Virtualization/figures/SecureBootFlow.png
similarity index 100%
rename from docs/en/docs/20.09_LTS/docs/Virtualization/figures/SecureBootFlow.png
rename to docs/en/docs/Virtualization/figures/SecureBootFlow.png
diff --git a/docs/en/docs/20.09/docs/Virtualization/figures/en-us_image_0218587435.png b/docs/en/docs/Virtualization/figures/en-us_image_0218587435.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/figures/en-us_image_0218587435.png
rename to docs/en/docs/Virtualization/figures/en-us_image_0218587435.png
diff --git a/docs/en/docs/20.09/docs/Virtualization/figures/en-us_image_0218587436.png b/docs/en/docs/Virtualization/figures/en-us_image_0218587436.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/figures/en-us_image_0218587436.png
rename to docs/en/docs/Virtualization/figures/en-us_image_0218587436.png
diff --git a/docs/en/docs/20.09/docs/Virtualization/figures/kvm-architecture.png b/docs/en/docs/Virtualization/figures/kvm-architecture.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/figures/kvm-architecture.png
rename to docs/en/docs/Virtualization/figures/kvm-architecture.png
diff --git a/docs/en/docs/20.09/docs/Virtualization/figures/status-transition-diagram.png b/docs/en/docs/Virtualization/figures/status-transition-diagram.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/figures/status-transition-diagram.png
rename to docs/en/docs/Virtualization/figures/status-transition-diagram.png
diff --git a/docs/en/docs/20.09/docs/Virtualization/figures/virtual-network-structure.png b/docs/en/docs/Virtualization/figures/virtual-network-structure.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/figures/virtual-network-structure.png
rename to docs/en/docs/Virtualization/figures/virtual-network-structure.png
diff --git a/docs/en/docs/20.09/docs/Virtualization/figures/virtualized-architecture.png b/docs/en/docs/Virtualization/figures/virtualized-architecture.png
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/figures/virtualized-architecture.png
rename to docs/en/docs/Virtualization/figures/virtualized-architecture.png
diff --git a/docs/en/docs/20.09/docs/Virtualization/installation-to-virtualization.md b/docs/en/docs/Virtualization/installation-to-virtualization.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/installation-to-virtualization.md
rename to docs/en/docs/Virtualization/installation-to-virtualization.md
diff --git a/docs/en/docs/20.09/docs/Virtualization/introduction-to-virtualization.md b/docs/en/docs/Virtualization/introduction-to-virtualization.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/introduction-to-virtualization.md
rename to docs/en/docs/Virtualization/introduction-to-virtualization.md
diff --git a/docs/en/docs/20.09/docs/Virtualization/managing-devices.md b/docs/en/docs/Virtualization/managing-devices.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/managing-devices.md
rename to docs/en/docs/Virtualization/managing-devices.md
diff --git a/docs/en/docs/20.09/docs/Virtualization/managing-vms.md b/docs/en/docs/Virtualization/managing-vms.md
similarity index 97%
rename from docs/en/docs/20.09/docs/Virtualization/managing-vms.md
rename to docs/en/docs/Virtualization/managing-vms.md
index 5a5b1ae8995c833cc8193744388426d4c9586892..6634e7840e95319dba40d6958e613870b8786adf 100644
--- a/docs/en/docs/20.09/docs/Virtualization/managing-vms.md
+++ b/docs/en/docs/Virtualization/managing-vms.md
@@ -650,153 +650,153 @@ To enable the TLS encryption authentication mode for the VNC, perform the follow
>- For details about how to configure the VNC client certificate, see the usage description of each client.
>- For details about how to log in to the VM, see Logging In Using VNC Passwords.
-### VM Secure Boot
-
-#### General Introduction
-
-##### Overview
-
-Secure boot uses public and private key pairs to sign and validate boot components. During the startup, the previous component validates the digital signature of the next component. If the validation is successful, the next component starts. If the validation fails, the startup fails. Secure boot is used to detect whether the firmware and software during startup of the device are tampered with to prevent malware from intrusion and modification. Secure boot ensures the integrity of each component during system startup and prevents unauthorized components from being loaded and running, thereby preventing security threats to the system and user data. Secure boot is implemented based on the UEFI boot mode. It is not supported by the legacy boot mode. According to UEFI specifications, some reliable public keys can be built in the mainboard before delivery. Any operating system or hardware drivers that you want to load on this mainboard must be authenticated by these public keys. The secure boot of a physical machine is implemented by the physical BIOS, while the secure boot of a VM is simulated by software. The process of the VM secure boot is the same as that of the host secure boot, both complying with the open-source UEFI specifications. The UEFI on the virtualization platform is provided by the edk component. When a VM starts, QEMU maps the UEFI image to the memory to simulate the firmware startup process for the VM. Secure boot is a security protection capability provided by edk during the VM startup to protect the OS kernel of the VM from being tampered with. The sequence of signature validation for the secure boot is as follows: UEFI BIOS->shim->GRUB->vmlinuz (signature validation is passed and loaded in sequence).
-
-| English | Acronyms and Abbreviations | Description |
-| :----- | :----- | :----- |
-| Secure boot | - | Secure boot indicates that a component validates the digital signature of the next component during startup. If the validation is successful, the component runs. If the validation fails, the component stops running. It ensures the integrity of each component during system startup. |
-| Platform key | PK | Platform key is owned by the OEM vendor and must be RSA2048 or stronger. The PK establishes a trusted relationship between the platform owner and the platform firmware. The platform owner registers the PKpub, public key of the PK, with the platform firmware. The platform owner can use the PKpriv, private part of the PK, to change the ownership of the platform or register the KEK key. |
-| Key exchange key | KEK | Key exchange key creates a trusted relationship between the platform firmware and the OS. Each OS and third-party application that communicates with the platform firmware register the KEKpub, public part of the KEK key, in the platform firmware. |
-| Database trustlist | DB | Database trustlist stores and validates the keys of components such as shim, GRUB, and vmlinuz. |
-| Database blocklist | DBx | Database blocklist stores revoked keys. |
-
-##### Function Description
-
-The VM secure boot feature is implemented based on the edk open-source project. In non-secure boot mode, the basic Linux process is as follows:
-
-**Figure 1** System startup process
-
-
-
-In secure boot mode, the first component loaded after UEFI BIOS starts is shim in the system image. By interacting with UEFI BIOS, shim obtains the key stored in the variable DB of UEFI BIOS to validate GRUB. After GRUB is loaded, the key and the authentication API are also called to validate the kernel. The Linux boot process is as follows:
-
-**Figure 2** Secure boot process
-
-
-
-The secure boot feature involves multiple key scenarios. Based on the scenario analysis and system breakdown, the secure boot feature involves the following subsystems: UEFI BIOS validating shim, shim validating GRUB, and GRUB validating kernel. When UEFI BIOS validates shim, if the validation is successful, shim is started. If the validation fails, an error message is displayed and shim fails to start. Shim needs to use the private key for signature during image compilation and creation, and the public key certificate needs to be imported to the variable area DB of UEFI BIOS. After shim is started, validate the startup of GRUB. If the validation is successful, GRUB is started. If the validation fails, an error message is displayed and GRUB fails to start. GRUB needs to be signed during image compilation and creation. The public and private key pairs are the same as those of shim. After GRUB is started, it calls the key and the authentication API key registered in UEFI BIOS to validate the kernel. If the validation is successful, GRUB starts the kernel. If the validation fails, an error message is displayed. GRUB needs to sign the image during compilation and creation and uses the public and private key pair that is the same as that of shim.
-
-##### Constraints
-
-* Running on the UEFI BIOS that does not support secure boot does not affect existing functions and services.
-* The secure boot feature depends on the UEFI BIOS and takes effect only when the UEFI supports this feature.
-* When secure boot is enabled in the UEFI BIOS, the system cannot be started if the related components have no signature or the signature is incorrect.
-* If secure boot is disabled in the UEFI BIOS, the validation function during the boot process is disabled.
-* The second half of the secure boot validation chain, that is, shim->GRUB->kernel, guides the kernel to start. This part of the validation chain is implemented by the OS image. If the OS does not support guiding the kernel for secure boot, the VM secure boot fails.
-* Currently, the x86 architecture do not provide nvram file configuration to configure VM secure boot.
-
-#### Secure Boot Practice
-
-VM secure boot depends on UEFI BIOS. The UEFI BIOS image is installed using the edk rpm package. This section uses AArch64 as an example to describe how to configure VM secure boot.
-
-##### Configuring VM
-
-The components in the edk rpm package are installed in the /usr/share/edk2/aarch64 directory, including `QEMU_EFI-pflash.raw` and `vars-template-pflash.raw`. The following describes the XML configuration of the UEFI BIOS during VM startup.
-
-```
-
- hvm
- /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw
- /path/to/QEMU-VARS.fd
-
-```
-
-In the preceding configuration, /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw indicates the path of UEFI BIOS image, /path/to/QEMU-VARS.fd indicates the path of nvram image template. /usr/share/edk2/aarch64/vars-template-pflash.raw indicates the nvram image template path, and /path/to/QEMU-VARS.fd indicates the nvram image file path of the current virtual machine, which is used to save the environment variables in the UEFI BIOS system.
-
-##### Importing Certificate
-
-The certificate for VM secure boot is imported from the BIOS page. Before importing the certificate, you need to import the certificate file to the VM. You can mount the directory where the certificate file is located to the VM by mounting a disk. For example, you can create an image that contains the certificate and mount the image in the XML configuration file of the VM.
-
-Create a certificate file image.
-
-```
-dd of='/path/to/data.img' if='/dev/zero' bs=1M count=64
-mkfs.vfat -I /path/to/data.img
-mkdir /path/to/mnt
-mount path/to/data.img /path/to/mnt/
-cp -a /path/to/certificates/* /path/to/mnt/
-umount /path/to/mnt/
-```
-In the preceding command, /path/to/certificates/ indicates the path where the certificate file is located, /path/to/data.img indicates the path where the certificate file image is located, and /path/to/mnt/ indicates the image mounting path.
-
-Mount the image in the XML file of the VM.
-
-```
-
-
-
-
-
-
-
-
-
-```
-
-Start the VM and import the PK certificate. The procedure is as follows (the procedure for importing the KEK certificate is the same as that for importing the DB certificate):
-
-After the VM is started, press F2 to go to the BIOS screen.
-
-**Figure 1** BIOS screen
-
-
-
-**Figure 2** Device Manager
-
-
-
-**Figure 3** Custom Secure Boot Options
-
-
-
-**Figure 4** PK Options
-
-
-
-**Figure 5** Enrolling PK
-
-
-
-In the File Explorer window, many disk directories are displayed, including the certificate file directory mounted through the disk.
-
-**Figure 6** File Explorer
-
-
-
-Select the PK certificate to be imported in the disk directory.
-
-**Figure 7** Disk where the certificate is stored
-
-
-
-**Figure 8** Selecting Commit Changes and Exit to save the imported certificate
-
-
-
-After the certificate is imported, the UEFI BIOS writes the certificate information and secure boot attributes into the nvram configuration file /path/to/QEMU-VARS.fd. The next time the virtual machine starts up, it will read the configuration and initialize the certificate information and secure boot attributes from the file /path/to/QEMU-VARS.fd, importing the certificate and enable secure boot automatically. Similarly, we can use the file /path/to/QEMU-VARS.fd as a UEFI BIOS boot configuration template file for other same configured VMs, and make the other VMs boot with the certificate automatically imported and the secure boot option enabled by modifying the nvram template field with the following VM xml configuration changes.
-
-```
-
- hvm
- /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw
-
-
-```
-
-##### Secure Boot Observation
-
-After the VM is correctly configured and the PK, KEK, and DB certificates are imported, the VM runs in secure boot mode. You can configure the serial port log file in the VM configuration file in XML format to check whether the VM is in the secure boot mode. The following figure shows how to configure the serial port log file.
-
-```
-
-
-
-```
-
+### VM Secure Boot
+
+#### General Introduction
+
+##### Overview
+
+Secure boot uses public and private key pairs to sign and validate boot components. During the startup, the previous component validates the digital signature of the next component. If the validation is successful, the next component starts. If the validation fails, the startup fails. Secure boot is used to detect whether the firmware and software during startup of the device are tampered with to prevent malware from intrusion and modification. Secure boot ensures the integrity of each component during system startup and prevents unauthorized components from being loaded and running, thereby preventing security threats to the system and user data. Secure boot is implemented based on the UEFI boot mode. It is not supported by the legacy boot mode. According to UEFI specifications, some reliable public keys can be built in the mainboard before delivery. Any operating system or hardware drivers that you want to load on this mainboard must be authenticated by these public keys. The secure boot of a physical machine is implemented by the physical BIOS, while the secure boot of a VM is simulated by software. The process of the VM secure boot is the same as that of the host secure boot, both complying with the open-source UEFI specifications. The UEFI on the virtualization platform is provided by the edk component. When a VM starts, QEMU maps the UEFI image to the memory to simulate the firmware startup process for the VM. Secure boot is a security protection capability provided by edk during the VM startup to protect the OS kernel of the VM from being tampered with. The sequence of signature validation for the secure boot is as follows: UEFI BIOS->shim->GRUB->vmlinuz (signature validation is passed and loaded in sequence).
+
+| English | Acronyms and Abbreviations | Description |
+| :----- | :----- | :----- |
+| Secure boot | - | Secure boot indicates that a component validates the digital signature of the next component during startup. If the validation is successful, the component runs. If the validation fails, the component stops running. It ensures the integrity of each component during system startup. |
+| Platform key | PK | Platform key is owned by the OEM vendor and must be RSA2048 or stronger. The PK establishes a trusted relationship between the platform owner and the platform firmware. The platform owner registers the PKpub, public key of the PK, with the platform firmware. The platform owner can use the PKpriv, private part of the PK, to change the ownership of the platform or register the KEK key. |
+| Key exchange key | KEK | Key exchange key creates a trusted relationship between the platform firmware and the OS. Each OS and third-party application that communicates with the platform firmware register the KEKpub, public part of the KEK key, in the platform firmware. |
+| Database trustlist | DB | Database trustlist stores and validates the keys of components such as shim, GRUB, and vmlinuz. |
+| Database blocklist | DBx | Database blocklist stores revoked keys. |
+
+##### Function Description
+
+The VM secure boot feature is implemented based on the edk open-source project. In non-secure boot mode, the basic Linux process is as follows:
+
+**Figure 1** System startup process
+
+
+
+In secure boot mode, the first component loaded after UEFI BIOS starts is shim in the system image. By interacting with UEFI BIOS, shim obtains the key stored in the variable DB of UEFI BIOS to validate GRUB. After GRUB is loaded, the key and the authentication API are also called to validate the kernel. The Linux boot process is as follows:
+
+**Figure 2** Secure boot process
+
+
+
+The secure boot feature involves multiple key scenarios. Based on the scenario analysis and system breakdown, the secure boot feature involves the following subsystems: UEFI BIOS validating shim, shim validating GRUB, and GRUB validating kernel. When UEFI BIOS validates shim, if the validation is successful, shim is started. If the validation fails, an error message is displayed and shim fails to start. Shim needs to use the private key for signature during image compilation and creation, and the public key certificate needs to be imported to the variable area DB of UEFI BIOS. After shim is started, validate the startup of GRUB. If the validation is successful, GRUB is started. If the validation fails, an error message is displayed and GRUB fails to start. GRUB needs to be signed during image compilation and creation. The public and private key pairs are the same as those of shim. After GRUB is started, it calls the key and the authentication API key registered in UEFI BIOS to validate the kernel. If the validation is successful, GRUB starts the kernel. If the validation fails, an error message is displayed. GRUB needs to sign the image during compilation and creation and uses the public and private key pair that is the same as that of shim.
+
+##### Constraints
+
+* Running on the UEFI BIOS that does not support secure boot does not affect existing functions and services.
+* The secure boot feature depends on the UEFI BIOS and takes effect only when the UEFI supports this feature.
+* When secure boot is enabled in the UEFI BIOS, the system cannot be started if the related components have no signature or the signature is incorrect.
+* If secure boot is disabled in the UEFI BIOS, the validation function during the boot process is disabled.
+* The second half of the secure boot validation chain, that is, shim->GRUB->kernel, guides the kernel to start. This part of the validation chain is implemented by the OS image. If the OS does not support guiding the kernel for secure boot, the VM secure boot fails.
+* Currently, the x86 architecture do not provide nvram file configuration to configure VM secure boot.
+
+#### Secure Boot Practice
+
+VM secure boot depends on UEFI BIOS. The UEFI BIOS image is installed using the edk rpm package. This section uses AArch64 as an example to describe how to configure VM secure boot.
+
+##### Configuring VM
+
+The components in the edk rpm package are installed in the /usr/share/edk2/aarch64 directory, including `QEMU_EFI-pflash.raw` and `vars-template-pflash.raw`. The following describes the XML configuration of the UEFI BIOS during VM startup.
+
+```
+
+ hvm
+ /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw
+ /path/to/QEMU-VARS.fd
+
+```
+
+In the preceding configuration, /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw indicates the path of the UEFI BIOS image. /usr/share/edk2/aarch64/vars-template-pflash.raw is the path of the NVRAM image template, and /path/to/QEMU-VARS.fd is the path of the NVRAM image file of the current VM, which is used to store environment variables in the UEFI BIOS.
+
+##### Importing Certificate
+
+The certificate for VM secure boot is imported from the BIOS page. Before importing the certificate, you need to import the certificate file to the VM. You can mount the directory where the certificate file is located to the VM by mounting a disk. For example, you can create an image that contains the certificate and mount the image in the XML configuration file of the VM.
+
+Create a certificate file image.
+
+```
+dd of='/path/to/data.img' if='/dev/zero' bs=1M count=64
+mkfs.vfat -I /path/to/data.img
+mkdir /path/to/mnt
+mount path/to/data.img /path/to/mnt/
+cp -a /path/to/certificates/* /path/to/mnt/
+umount /path/to/mnt/
+```
+In the preceding command, /path/to/certificates/ indicates the path where the certificate file is located, /path/to/data.img indicates the path where the certificate file image is located, and /path/to/mnt/ indicates the image mounting path.
+
+Mount the image in the XML file of the VM.
+
+```
+
+
+
+
+
+
+
+
+
+```
+
+Start the VM and import the PK certificate. The procedure is as follows (the procedure for importing the KEK certificate is the same as that for importing the DB certificate):
+
+After the VM is started, press F2 to go to the BIOS screen.
+
+**Figure 1** BIOS screen
+
+
+
+**Figure 2** Device Manager
+
+
+
+**Figure 3** Custom Secure Boot Options
+
+
+
+**Figure 4** PK Options
+
+
+
+**Figure 5** Enrolling PK
+
+
+
+In the File Explorer window, many disk directories are displayed, including the certificate file directory mounted through the disk.
+
+**Figure 6** File Explorer
+
+
+
+Select the PK certificate to be imported in the disk directory.
+
+**Figure 7** Disk where the certificate is stored
+
+
+
+**Figure 8** Selecting Commit Changes and Exit to save the imported certificate
+
+
+
+After the certificate is imported, the UEFI BIOS writes the certificate information and secure boot attributes to the NVRAM configuration file /path/to/QEMU-VARS.fd. Upon the next startup, the VM reads related configurations from the /path/to/QEMU-VARS.fd file, initializes certificate information and secure boot attributes, automatically imports the certificate, and enables secure boot. Similarly, you can use /path/to/QEMU-VARS.fd as the UEFI BIOS boot configuration template file of other VMs with the same configuration. Modify the nvram template field so that the certificate is automatically imported and the secure boot option is enabled when other VMs are started. The VM XML configuration is modified as follows:
+
+```
+
+ hvm
+ /usr/share/edk2/aarch64/QEMU_EFI-pflash.raw
+
+
+```
+
+##### Secure Boot Observation
+
+After the VM is correctly configured and the PK, KEK, and DB certificates are imported, the VM runs in secure boot mode. You can configure the serial port log file in the VM configuration file in XML format to check whether the VM is in the secure boot mode. The following figure shows how to configure the serial port log file.
+
+```
+
+
+
+```
+
After the OS image is successfully loaded to the VM, if "UEFI Secure Boot is enabled" is displayed in the serial port log file, the VM is in the secure boot state.
\ No newline at end of file
diff --git a/docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-caution.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-caution.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-caution.gif
rename to docs/en/docs/Virtualization/public_sys-resources/icon-caution.gif
diff --git a/docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-danger.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-danger.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-danger.gif
rename to docs/en/docs/Virtualization/public_sys-resources/icon-danger.gif
diff --git a/docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-note.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-note.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-note.gif
rename to docs/en/docs/Virtualization/public_sys-resources/icon-note.gif
diff --git a/docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-notice.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-notice.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-notice.gif
rename to docs/en/docs/Virtualization/public_sys-resources/icon-notice.gif
diff --git a/docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-tip.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-tip.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-tip.gif
rename to docs/en/docs/Virtualization/public_sys-resources/icon-tip.gif
diff --git a/docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-warning.gif b/docs/en/docs/Virtualization/public_sys-resources/icon-warning.gif
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/public_sys-resources/icon-warning.gif
rename to docs/en/docs/Virtualization/public_sys-resources/icon-warning.gif
diff --git a/docs/en/docs/20.09/docs/Virtualization/system-resource-management.md b/docs/en/docs/Virtualization/system-resource-management.md
similarity index 97%
rename from docs/en/docs/20.09/docs/Virtualization/system-resource-management.md
rename to docs/en/docs/Virtualization/system-resource-management.md
index 456489f7cb821054805c891b194b21f35ad5d67b..33553d2ad0d49d370aeadfd1c8cdb84e9abe5984 100644
--- a/docs/en/docs/20.09/docs/Virtualization/system-resource-management.md
+++ b/docs/en/docs/Virtualization/system-resource-management.md
@@ -1,5 +1,8 @@
# system Resource Management
+[[toc]]
+
+
The **libvirt** command manages VM system resources, such as vCPU and virtual memory resources.
Before you start:
@@ -7,19 +10,6 @@ Before you start:
- Ensure that the libvirtd daemon is running on the host.
- Run the **virsh list --all** command to check that the VM has been defined.
-- [System Resource Management](#system-resource-management)
- - [Managing vCPU](#managing-vcpu)
- - [CPU Shares](#cpu-shares)
- - [Binding the QEMU Process to a Physical CPU](#binding-the-qemu-process-to-a-physical-cpu)
- - [Adjusting the vCPU Binding Relationship](#adjusting-the-vcpu-binding-relationship)
- - [CPU Hot Add](#cpu-hot-add)
- - [Managing Virtual Memory](#managing-virtual-memory)
- - [Introduction to NUMA](#introduction-to-numa)
- - [Configuring Host NUMA](#configuring-host-numa)
- - [Configuring Guest NUMA](#configuring-guest-numa)
- - [Memory Hot Add](#memory-hot-add)
-
-
## Managing vCPU
diff --git a/docs/en/docs/Virtualization/tool-guide.md b/docs/en/docs/Virtualization/tool-guide.md
new file mode 100644
index 0000000000000000000000000000000000000000..d22f203deaa05c79cb05eebb48ef455c5b2dce8f
--- /dev/null
+++ b/docs/en/docs/Virtualization/tool-guide.md
@@ -0,0 +1,140 @@
+# Tool Guide
+
+- [vmtop](#vmtop)
+
+## vmtop
+
+### Overview
+vmtop is a user-mode tool running on the host machine. You can use the vmtop tool to dynamically view the usage of VM resources in real time, such as CPU usage, memory usage, and the number of vCPU traps. Therefore, the vmtop tool can be used to locate virtualization problems and optimize performance.
+
+The vmtop monitoring items are as follows (sampling difference: difference between two data obtained at a specified interval):
+- VM/task-name: VM/Process name
+- DID: VM ID
+- PID: PID of the qemu process of the VM
+- %CPU: CPU usage of a process
+- EXThvc: Number of hvc-exits (sampling difference)
+- EXTwfe: Number of wfe-exits (sampling difference)
+- EXTwfi: Number of wfi-exits (sampling difference)
+- EXTmmioU: Number of mmioU-exits (sampling difference)
+- EXTmmioK: Number of mmioK-exits (sampling difference)
+- EXTfp: Number of fp-exits (sampling difference)
+- EXTirq: Number of irq-exits (sampling difference)
+- EXTsys64: Number of sys64 exits (sampling difference)
+- EXTmabt: Number of mem abort exits (sampling difference)
+- EXTsum: Total number of KVM exits (sampling difference)
+- S: Process status
+- P: Physical CPU usage of a process
+- %ST: Ratio of the preemption time to the CPU running time (KVM data)
+- %GUE: Ratio of the VM internal occupation time to the CPU running time (KVM data)
+- %HYP: Virtualization overhead ratio (KVM data)
+
+### Usage
+vmtop is a command line tool. You can directly run the vmtop in command line mode.
+In addition, the vmtop tool provides different options for querying different information.
+
+#### Syntax
+```sh
+vmtop [option]
+```
+
+#### Option Description
+- -d: sets the refresh interval, in seconds.
+- -H: displays the VM thread information.
+- -n: sets the number of refresh times and exits after the refresh is complete.
+- -b: displays Batch mode, which can be used to redirect to a file.
+- -h: displays help information.
+- -v: displays versions.
+
+#### Keyboard Shortcut
+Shortcut key used when the vmtop is running.
+- H: displays or stops the VM thread information. The information is displayed by default.
+- up/down: moves the VM list upwards or downwards.
+- left/right: moves the cursor leftwards or rightwards to display the columns that are hidden due to the screen width.
+- f: enters the editing mode of a monitoring item and selects the monitoring item to be enabled.
+- q: exits the vmtop process.
+
+### Example
+Run the vmtop command on the host.
+```sh
+vmtop
+```
+The command output is as follows:
+```sh
+vmtop - 2020-09-14 09:54:48 - 1.0
+Domains: 1 running
+
+ DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P %ST %GUE %HYP
+ 2 example 4054916 13.0 0 0 1206 10 0 144 62 174 0 1452 S 106 0.0 99.7 16.0
+```
+As shown in the output, there is only one VM named "example" on the host. The ID is 2. The CPU usage is 13.0%. The total number of traps within one second is 1452. The physical CPU occupied by the VM process is CPU 106. The ratio of the VM internal occupation time to the CPU running time is 99.7%.
+
+1. Display VM thread information.
+Press H to display the thread information.
+```sh
+vmtop - 2020-09-14 10:11:27 - 1.0
+Domains: 1 running
+
+ DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P %ST %GUE %HYP
+ 2 example 4054916 13.0 0 0 1191 17 4 120 76 147 0 1435 S 119 0.0 123.7 4.0
+ |_ qemu-kvm 4054916 0.0 0 0 0 0 0 0 0 0 0 0 S 119 0.0 0.0 0.0
+ |_ qemu-kvm 4054928 0.0 0 0 0 0 0 0 0 0 0 0 S 119 0.0 0.0 0.0
+ |_ signalfd_com 4054929 0.0 0 0 0 0 0 0 0 0 0 0 S 120 0.0 0.0 0.0
+ |_ IO mon_iothr 4054932 0.0 0 0 0 0 0 0 0 0 0 0 S 117 0.0 0.0 0.0
+ |_ CPU 0/KVM 4054933 3.0 0 0 280 6 4 28 19 41 0 350 S 105 0.0 27.9 0.0
+ |_ CPU 1/KVM 4054934 3.0 0 0 260 0 0 16 12 36 0 308 S 31 0.0 20.0 0.0
+ |_ CPU 2/KVM 4054935 3.0 0 0 341 0 0 44 20 26 0 387 R 108 0.0 27.9 4.0
+ |_ CPU 3/KVM 4054936 5.0 0 0 310 11 0 32 25 44 0 390 S 103 0.0 47.9 0.0
+ |_ memory_lock 4054940 0.0 0 0 0 0 0 0 0 0 0 0 S 126 0.0 0.0 0.0
+ |_ vnc_worker 4054944 0.0 0 0 0 0 0 0 0 0 0 0 S 118 0.0 0.0 0.0
+ |_ worker 4143738 0.0 0 0 0 0 0 0 0 0 0 0 S 120 0.0 0.0 0.0
+```
+The example VM has 11 threads, including the vCPU thread, vnc_worker, and IO mon_iotreads. Each thread also displays detailed CPU usage and trap information.
+
+2. Select the monitoring item.
+Enter f to edit the monitoring item.
+```sh
+field filter - select which field to be showed
+Use up/down to navigate, use space to set whether chosen filed to be showed
+'q' to quit to normal display
+
+ * DID
+ * VM/task-name
+ * PID
+ * %CPU
+ * EXThvc
+ * EXTwfe
+ * EXTwfi
+ * EXTmmioU
+ * EXTmmioK
+ * EXTfp
+ * EXTirq
+ * EXTsys64
+ * EXTmabt
+ * EXTsum
+ * S
+ * P
+ * %ST
+ * %GUE
+ * %HYP
+```
+By default, all monitoring items are displayed. You can press the up or down key to select a monitoring item. Press the space bar to set the monitoring item, and press q to exit.
+After %ST, %GUE, and %HYP are hidden, the following information is displayed:
+```sh
+vmtop - 2020-09-14 10:23:25 - 1.0
+Domains: 1 running
+
+ DID VM/task-name PID %CPU EXThvc EXTwfe EXTwfi EXTmmioU EXTmmioK EXTfp EXTirq EXTsys64 EXTmabt EXTsum S P
+ 2 example 4054916 12.0 0 0 1213 14 1 144 68 168 0 1464 S 125
+ |_ qemu-kvm 4054916 0.0 0 0 0 0 0 0 0 0 0 0 S 125
+ |_ qemu-kvm 4054928 0.0 0 0 0 0 0 0 0 0 0 0 S 119
+ |_ signalfd_com 4054929 0.0 0 0 0 0 0 0 0 0 0 0 S 120
+ |_ IO mon_iothr 4054932 0.0 0 0 0 0 0 0 0 0 0 0 S 117
+ |_ CPU 0/KVM 4054933 2.0 0 0 303 6 0 29 10 35 0 354 S 98
+ |_ CPU 1/KVM 4054934 4.0 0 0 279 0 0 39 17 49 0 345 S 1
+ |_ CPU 2/KVM 4054935 3.0 0 0 283 0 0 33 20 40 0 343 S 122
+ |_ CPU 3/KVM 4054936 3.0 0 0 348 8 1 43 21 44 0 422 S 110
+ |_ memory_lock 4054940 0.0 0 0 0 0 0 0 0 0 0 0 S 126
+ |_ vnc_worker 4054944 0.0 0 0 0 0 0 0 0 0 0 0 S 118
+ |_ worker 1794 0.0 0 0 0 0 0 0 0 0 0 0 S 126
+```
+%ST, %GUE, and %HYP will not be displayed on the screen.
diff --git a/docs/en/docs/20.09/docs/Virtualization/user-and-administrator-guide.md b/docs/en/docs/Virtualization/user-and-administrator-guide.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/user-and-administrator-guide.md
rename to docs/en/docs/Virtualization/user-and-administrator-guide.md
diff --git a/docs/en/docs/20.09/docs/Virtualization/virtualization.md b/docs/en/docs/Virtualization/virtualization.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/virtualization.md
rename to docs/en/docs/Virtualization/virtualization.md
diff --git a/docs/en/docs/20.09/docs/Virtualization/vm-configuration.md b/docs/en/docs/Virtualization/vm-configuration.md
similarity index 99%
rename from docs/en/docs/20.09/docs/Virtualization/vm-configuration.md
rename to docs/en/docs/Virtualization/vm-configuration.md
index 5c177e8cb319a052acd803b73eb20a023db87b58..e42e9ad02c921e04dec6a15df3af9f24b8736777 100644
--- a/docs/en/docs/20.09/docs/Virtualization/vm-configuration.md
+++ b/docs/en/docs/Virtualization/vm-configuration.md
@@ -277,7 +277,7 @@ In this example, two I/O threads, one block disk device and one CD, are configur
-
+
@@ -777,7 +777,7 @@ An XML configuration file of AArch64 VM, which contains basic elements. The foll
-
+
diff --git a/docs/en/docs/20.09/docs/Virtualization/vm-live-migration.md b/docs/en/docs/Virtualization/vm-live-migration.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/vm-live-migration.md
rename to docs/en/docs/Virtualization/vm-live-migration.md
diff --git a/docs/en/docs/20.09/docs/Virtualization/vm-maintainability-management.md b/docs/en/docs/Virtualization/vm-maintainability-management.md
similarity index 100%
rename from docs/en/docs/20.09/docs/Virtualization/vm-maintainability-management.md
rename to docs/en/docs/Virtualization/vm-maintainability-management.md
diff --git a/docs/en/docs/path/path.json b/docs/en/docs/path/path.json
deleted file mode 100644
index 489cb63270c6aabd8d4d54eaec551aa844696184..0000000000000000000000000000000000000000
--- a/docs/en/docs/path/path.json
+++ /dev/null
@@ -1,89 +0,0 @@
-[
- {
- "value": "1.0_Base",
- "name": "1.0 BASE",
- "docs": [
- {
- "title": "Install",
- "doc": [
- {
- "img": "/img/docs/docs-installation.svg",
- "path": "/docs/Installation/Installation.html",
- "name": "Installation Guide"
- }
- ]
- }
- ]
- },
- {
- "value": "20.03_LTS",
- "name": "20.03 LTS",
- "docs": [
- {
- "title": "About",
- "doc": [
- {
- "img": "/img/docs/docs-releasenotes.svg",
- "path": "/docs/Releasenotes/release_notes.html",
- "name": "Release Notes"
- }
- ]
- },
- {
- "title": "Install",
- "doc": [
- {
- "img": "/img/docs/docs-quickstart.svg",
- "path": "/docs/Quickstart/quick-start.html",
- "name": "Quick Start"
- },
- {
- "img": "/img/docs/docs-installation.svg",
- "path": "/docs/Installation/Installation.html",
- "name": "Installation Guide"
- }
- ]
- },
- {
- "title": "Mgmt",
- "doc": [
- {
- "img": "/img/docs/docs-administration.svg",
- "path": "/docs/Administration/administration.html",
- "name": "Administrator Guide"
- }
- ]
- },
- {
- "title": "Use",
- "doc": [
- {
- "img": "/img/docs/docs-user.svg",
- "path": "/docs/Virtualization/virtualization.html",
- "name": "Virtualization User Guide"
- },
- {
- "img": "/img/docs/docs-user.svg",
- "path": "/docs/Container/container.html",
- "name": "Container User Guide"
- },
- {
- "img": "/img/docs/docs-user.svg",
- "path": "/docs/A-Tune/A-Tune.html",
- "name": "A-Tune User Guide"
- }
- ]
- },
- {
- "title": "Dev",
- "doc": [
- {
- "img": "/img/docs/docs-application.svg",
- "path": "/docs/ApplicationDev/application-development.html",
- "name": "Application Development Guide"
- }
- ]
- }
- ]
- }
-]
\ No newline at end of file
diff --git a/docs/en/docs/userguide/images/Maintainer.jpg b/docs/en/docs/userguide/images/Maintainer.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..45912da4e7915715df0f598b9429f63bc8695667
Binary files /dev/null and b/docs/en/docs/userguide/images/Maintainer.jpg differ
diff --git a/docs/en/docs/userguide/images/PatchTracking.jpg b/docs/en/docs/userguide/images/PatchTracking.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..3bac7d2f1b4a228da8d273cdaef55f2d33792fab
Binary files /dev/null and b/docs/en/docs/userguide/images/PatchTracking.jpg differ
diff --git a/docs/zh/docs/20.09/docs/userguide/images/pkgship_outline.png b/docs/en/docs/userguide/images/pkgship_outline.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/userguide/images/pkgship_outline.png
rename to docs/en/docs/userguide/images/pkgship_outline.png
diff --git a/docs/en/docs/userguide/overview.md b/docs/en/docs/userguide/overview.md
new file mode 100644
index 0000000000000000000000000000000000000000..e3b656290f017e8688b1f831d00dd9ebeb86c576
--- /dev/null
+++ b/docs/en/docs/userguide/overview.md
@@ -0,0 +1,3 @@
+# Toolset User Guide
+
+This document describes the toolkit used for the openEuler release, including the overview, installation, and usage of tools.
diff --git a/docs/en/docs/userguide/patch-tracking.md b/docs/en/docs/userguide/patch-tracking.md
new file mode 100644
index 0000000000000000000000000000000000000000..a83d4ac20f0bb89cceee22af031be6b25c22b238
--- /dev/null
+++ b/docs/en/docs/userguide/patch-tracking.md
@@ -0,0 +1,338 @@
+# patch-tracking
+
+
+
+- [patch-tracking](#patch-tracking)
+ - [Overview](#overview)
+ - [Architecture](#architecture)
+ - [C/S Architecture](#cs-architecture)
+ - [Core Procedure](#core-procedure)
+ - [Data structure](#data-structure)
+ - [Tool Deployment](#tool-deployment)
+ - [Downloading Software](#downloading-software)
+ - [Installing the Tool](#installing-the-tool)
+ - [Generating a Certificate](#generating-a-certificate)
+ - [Configuring Parameters](#configuring-parameters)
+ - [Starting the Patch Tracking Service](#starting-the-patch-tracking-service)
+ - [Tool Usage](#tool-usage)
+ - [FAQ](#faq)
+ - [When I access api.github.com, the connection is refused.](#when-i-access-apigithubcom-the-connection-is-refused)
+
+
+
+
+## Overview
+
+During the development of the openEuler release, the latest code of each software package in the upstream community needs to be updated in a timely manner to fix function bugs and security issues, preventing the openEuler release from defects and vulnerabilities.
+
+This tool manages the patches for software packages, proactively monitors the patches submitted by the upstream community, automatically generates patches, submits issues to the corresponding Maintainer, and verifies basic patch functions to reduce the verification workload and help the Maintainer make decisions quickly.
+
+## Architecture
+
+### C/S Architecture
+
+The patch-tracking uses the C/S architecture.
+
+The patch-tracking is located in the server. It executes patch tracking tasks, including maintaining tracking items, identifying branch code changes in the upstream repository and generating patch files, and submitting issues and PRs to Gitee. In addition, the patch-tracking provides RESTful APIs for adding, deleting, modifying, and querying tracking items.
+
+The patch-tracking-cli is a command line tool located in the client. It invokes the RESTful APIs of the patch-tracking to add, delete, modify, and query tracking items.
+
+### Core Procedure
+
+1, Patch tracking service procedure
+
+The procedure for handling the submitted patch is as follows:
+
+1. Add the tracking item using the command line tool.
+2. Automatically obtain patch files from the upstream repository (for example, GitHub) that is configured for the tracking item.
+3. Create a temporary branch and submit the obtained patch file to the temporary branch.
+4. Automatically submit an issue to the corresponding repository and generate the PR associated with the issue.
+
+
+
+2, Procedure for the Maintainer to handle the submitted patch
+
+The procedure for handling the submitted patch is as follows:
+
+1. The Maintainer analyzes the PR.
+2. Execute the continuous integration (CI). After the CI is successfully executed, determine whether to merge the PR.
+
+
+
+### Data structure
+
+* Tracking table
+
+| No. | Name | Description | Type | Key | Is Null Allowed |
+| :--: | --------------- | ------------------------------------------------------------ | ------- | ------- | --------------- |
+| 1 | id | Sequence number of the tracking item of the self-added patch | int | - | No |
+| 2 | version_control | Version control system type of the upstream SCM | String | - | No |
+| 3 | scm_repo | Upstream SCM repository address | String | - | No |
+| 4 | scm_branch | Upstream SCM tracking branch | String | - | No |
+| 5 | scm_commit | Latest Commit ID processed by the upstream code | String | - | Yes |
+| 6 | repo | Address of the Gitee repository where the package source code is stored | String | Primary | No |
+| 7 | branch | Branch of the Gitee repository where the package source code is stored | String | Primary | No |
+| 8 | enabled | Indicating whether to start tracking | Boolean | - | No |
+
+* Issue table
+
+| No. | Name | Description | Type | Key | Is Null Allowed |
+| :--: | ------ | ------------------------------------------------------------ | ------ | ------- | --------------- |
+| 1 | issue | Issue No. | String | Primary | No |
+| 2 | repo | Address of the Gitee repository where the package source code is stored | String | - | No |
+| 3 | branch | Branch of the Gitee repository where the package source code is stored | String | - | No |
+
+## Tool Deployment
+
+### Downloading Software
+
+The repo source is officially released at https://repo.openeuler.org/.
+
+The RPM package can be obtained from https://build.openeuler.org/package/show/openEuler:20.09/patch-tracking.
+
+### Installing the Tool
+
+Method 1: Install the patch-tracking from the repo source.
+
+1. Use DNF to mount the repo source (The repo source of 20.09 or later is required. For details, see the [Application Development Guide](https://openeuler.org/zh/docs/20.03_LTS/docs/ApplicationDev/%E5%BC%80%E5%8F%91%E7%8E%AF%E5%A2%83%E5%87%86%E5%A4%87.html)). Run the following command to download and install the patch-tracking and its dependencies.
+
+2. Run the following command to install the `patch-tracking`:
+
+ ```shell script
+ dnf install patch-tracking
+ ```
+
+Method 2: Install the patch-tracking using the RPM package.
+
+1. Install the required dependencies.
+
+ ```shell script
+ dnf install python3-uWSGI python3-flask python3-Flask-SQLAlchemy python3-Flask-APScheduler python3-Flask-HTTPAuth python3-requests python3-pandas
+ ```
+
+2. `patch-tracking-1.0.0-1.oe1.noarch.rpm` is used as an example. Run the following command to install the patch-tracking.
+
+ ```shell script
+ rpm -ivh patch-tracking-1.0.0-1.oe1.noarch.rpm
+ ```
+
+### Generating a Certificate
+
+Run the following command to generate a certificate:
+
+```shell script
+openssl req -x509 -days 3650 -subj "/CN=self-signed" \
+-nodes -newkey rsa:4096 -keyout self-signed.key -out self-signed.crt
+```
+
+Copy the generated `self-signed.key` and `self-signed.crt` files to the **/etc/patch-tracking** directory.
+
+### Configuring Parameters
+
+Configure the corresponding parameters in the configuration file. The path of the configuration file is `/etc/patch-tracking/settings.conf`.
+
+1. Configure the service listening address.
+
+ ```
+ LISTEN = "127.0.0.1:5001"
+ ```
+
+2. GitHub Token is used to access the repository information hosted in the upstream open source software repository of GitHub. For details about how to create a GitHub token, see [Creating a personal access token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token).
+
+ ```
+ GITHUB_ACCESS_TOKEN = ""
+ ```
+
+3. For a repository that is hosted on Gitee and needs to be tracked, configure a Gitee Token with the repository permission to submit patch files, issues, and PRs.
+
+ ```
+ GITEE_ACCESS_TOKEN = ""
+ ```
+
+4. Scan the database as scheduled to detect whether new or modified tracking items exist and obtain upstream patches for the detected tracking items. Set the interval of scanning and the unit is second.
+
+ ```
+ SCAN_DB_INTERVAL = 3600
+ ```
+
+5. When the command line tool is running, you need to enter the user name and password hash value for the authentication for the POST interface.
+
+ ```
+ USER = "admin"
+
+ PASSWORD = ""
+ ```
+
+> The default value of `USER` is `admin`.
+
+Run the following command to obtain the password hash value. **Test@123** is the configured password.
+
+```
+[root]# generate_password Test@123
+pbkdf2:sha256:150000$w38eLeRm$ebb5069ba3b4dda39a698bd1d9d7f5f848af3bd93b11e0cde2b28e9e34bfbbae
+```
+
+> The password hash value must meet the following complexity requirements:
+>
+> * The length is more than or equal to 6 bytes.
+> * The password must contain uppercase letters, lowercase letters, digits, and special characters (~!@#%\^\*-\_=+).
+
+Add the password hash value `pbkdf2:sha256:150000$w38eLeRm$ebb5069ba3b4dda39a698bd1d9d7f5f848af3bd93b11e0cde2b28e9e34bfbbae` to the quotation marks of `PASSWORD = ""`.
+
+### Starting the Patch Tracking Service
+
+You can use either of the following methods to start the service:
+
+* Use the systemd mode.
+
+ ```
+ systemctl start patch-tracking
+ ```
+
+* Run the executable program.
+
+ ```
+ /usr/bin/patch-tracking
+ ```
+
+## Tool Usage
+
+1, Adding a Tracking Item
+
+You can associate the software repository and branch to be tracked with the corresponding upstream open source software repository and branch in any of the following ways:
+
+* Using CLI
+
+Parameter description:
+
+> --user: User name to be authenticated for the POST interface. It is the same as the USER parameter in the **settings.conf** file.
+> --password: Password to be authenticated for the POST interface. It is the password string corresponding to the PASSWORD hash value in the **settings.conf** file.
+> --server: URL for starting the patch tracking service, for example, 127.0.0.1:5001.
+> --version\_control: Control tool of the upstream repository version. Only GitHub is supported.
+> --repo: Name of the repository to be tracked, in the format of organization/repository.
+>
+> --branch: Branch name of the repository to be tracked.
+> --scm\_repo: Name of the upstream repository to be tracked, in the GitHub format of organization/repository.
+> --scm\_branch: Branch of the upstream repository to be tracked.
+>
+> --enabled: Indicates whether to automatically track the repository.
+
+For example:
+
+```shell script
+patch-tracking-cli add --server 127.0.0.1:5001 --user admin --password Test@123 --version_control github --repo testPatchTrack/testPatch1 --branch master --scm_repo BJMX/testPatch01 --scm_branch test --enabled true
+```
+
+* Using a Specified File
+
+Parameter description:
+
+> --server: URL for starting the patch tracking service, for example, 127.0.0.1:5001.
+--user: User name to be authenticated for the POST interface. It is the same as the USER parameter in the **settings.conf** file.
+--password: Password to be authenticated for the POST interface. It is the password string corresponding to the PASSWORD hash value in the **settings.conf** file.
+--file: YAML file path.
+
+Add the information about the repository, branch, version management tool, and whether to enable monitoring to the YAML file (for example, **tracking.yaml**). The file path is used as the command of the `--file` to invoke the input parameters.
+
+For example:
+
+```shell script
+patch-tracking-cli add --server 127.0.0.1:5001 --user admin --password Test@123 --file tracking.yaml
+```
+
+The format of the YAML file is as follows. The content on the left of the colon (:) cannot be modified, and the content on the right of the colon (:) needs to be set based on the site requirements.
+
+```shell script
+version_control: github
+scm_repo: xxx/xxx
+scm_branch: master
+repo: xxx/xxx
+branch: master
+enabled: true
+```
+
+> version\_control: Control tool of the upstream repository version. Only GitHub is supported.
+scm\_repo: Name of the upstream repository to be tracked, in the GitHub format of organization/repository.
+scm\_branch: Branch of the upstream repository to be tracked.
+repo: Name of the repository to be tracked, in the format of organization/repository.
+branch: Branch name of the repository to be tracked.
+enabled: Indicates whether to automatically track the repository.
+
+* Using a Specified Directory
+
+Place multiple `xxx.yaml` files in a specified directory, such as the `test_yaml`, and run the following command to record the tracking items of all YAML files in the specified directory.
+
+Parameter description:
+
+> --user: User name to be authenticated for the POST interface. It is the same as the USER parameter in the **settings.conf** file.
+--password: Password to be authenticated for the POST interface. It is the password string corresponding to the PASSWORD hash value in the **settings.conf** file.
+--server: URL for starting the patch tracking service, for example, 127.0.0.1:5001.
+--dir: Path where the YAML file is stored.
+
+```shell script
+patch-tracking-cli add --server 127.0.0.1:5001 --user admin --password Test@123 --dir /home/Work/test_yaml/
+```
+
+2, Querying a Tracking Item
+
+Parameter description:
+
+> --server: (Mandatory) URL for starting the patch tracking service, for example, 127.0.0.1:5001.
+--table: (Mandatory) Table to be queried.
+--Repo: (Optional) repo to be queried. Query all content in the table if this parameter is not configured.
+--branch: (Optional) Branch to be queried.
+
+```shell script
+patch-tracking-cli query --server --table tracking
+```
+
+The website can be accessed properly.
+
+```shell script
+patch-tracking-cli query --server 127.0.0.1:5001 --table tracking
+```
+
+3, Querying the Generated Issue
+
+```shell script
+patch-tracking-cli query --server --table issue
+```
+
+For example:
+
+```shell script
+patch-tracking-cli query --server 127.0.0.1:5001 --table issue
+```
+
+4, Deleting a Tracking Item
+
+```shell script
+patch-tracking-cli delete --server SERVER --user USER --password PWD --repo REPO [--branch BRANCH]
+```
+
+For example:
+
+```shell script
+patch-tracking-cli delete --server 127.0.0.1:5001 --user admin --password Test@123 --repo testPatchTrack/testPatch1 --branch master
+```
+
+> You can delete a single piece of data from a specified repo or branch. You can also delete data of all branches in a specified repo.
+
+5, Checking Issues and PRs on Gitee
+
+Log in to Gitee and check the software project to be tracked. On the Issues and Pull Requests tab pages of the project, you can see the item named in `[patch tracking] TIME`, for example, the `[patch tracking] 20200713101548`. This item is the issue and PR of the patch file that is just generated.
+
+## FAQ
+
+### When I access api.github.com, the connection is refused.
+
+#### Symptom
+
+During the operation of the patch-tracking, the following error message may occur:
+```
+ 9月 21 22:00:10 localhost.localdomain patch-tracking[36358]: 2020-09-21 22:00:10,812 - patch_tracking.util.github_api - WARNING - HTTPSConnectionPool(host='api.github.com', port=443): Max retries exceeded with url: /user (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused'))
+```
+
+#### Cause Analysis
+
+The preceding problem is caused by the unstable network access between the patch-tracking and GitHub API. Ensure that the patch-tracking is operating in a stable network environment (for example, HUAWEI CLOUD Hong Kong).
\ No newline at end of file
diff --git a/docs/en/docs/userguide/pkgship.md b/docs/en/docs/userguide/pkgship.md
new file mode 100644
index 0000000000000000000000000000000000000000..3e3a4fdc6ab4410d543ec6ed837875a956cffd8e
--- /dev/null
+++ b/docs/en/docs/userguide/pkgship.md
@@ -0,0 +1,399 @@
+# pkgship
+
+
+
+- [pkgship](#pkgship)
+ - [Overview](#overview)
+ - [Architecture](#architecture)
+ - [Downloading Software](#downloading-software)
+ - [Operating Environments](#operating-environments)
+ - [Installing the Tool](#installing-the-tool)
+ - [Configuring Parameters](#configuring-parameters)
+ - [Starting and Stopping Services](#starting-and-stopping-services)
+ - [Tool Usage](#tool-usage)
+
+
+
+## Overview
+
+pkgship is a query tool used to manage the dependency of OS software packages and provide a complete dependency graph. The pkgship provides functions such as software package dependency query, lifecycle management, and patch query.
+
+1. Software package dependency query: Allows community personnel to understand the impact on software when software packages are introduced, updated, or deleted.
+2. Lifecycle management: Tracks the release status of upstream software packages so that the maintenance personnel can learn about the current software status and upgrade the software properly in a timely manner.
+3. Patch query: Allows community personnel to learn about the patches in the openEuler software package and obtain the patch information. For details, see [patch-tracking](patch-tracking.md).
+
+## Architecture
+
+The system is developed using Flask-RESTful and adopts the SQLAlchemy ORM query framework.
+
+
+
+## Downloading Software
+
+* The repo source is officially released at
+* You can obtain the source code at
+* You can obtain the RPM package of the beta version at
+
+## Operating Environments
+
+* The available memory is greater than 700 MB.
+* The Python version is 3.8 or later.
+* The SQLite version is 3.32 or later.
+
+## Installing the Tool
+
+You can use either of the following methods to install the tool:
+
+* Method 1: Mount the repo source using DNF.
+Use DNF to mount the repo source where the pkgship is located (for details, see the [Application Development Guide](https://openeuler.org/zh/docs/20.09/docs/ApplicationDev/%E5%BC%80%E5%8F%91%E7%8E%AF%E5%A2%83%E5%87%86%E5%A4%87.html)), run the following command to download and install the pkgship and its dependencies:
+
+ ```bash
+ dnf install pkgship
+ ```
+
+* Method 2: Install the RPM package. Download the RPM package of the pkgship and run the following command to install the pkgship (x.x-x indicates the version number and needs to be replaced with the actual one):
+
+ ```bash
+ rpm -ivh pkgship-x.x-x.oe1.noarch.rpm
+ ```
+
+ or the following command:
+
+ ```bash
+ dnf install pkgship-x.x-x.oe1.noarch.rpm
+ ```
+
+## Configuring Parameters
+
+1. Configure the parameters in the configuration file. The default configuration file of the system is stored in **/etc/pkgship/packge.ini**. Modify the configuration file as required.
+
+ ```basn
+ vim /etc/pkgship/package.ini
+ ```
+
+ ```ini
+ [SYSTEM CONFIGURATION]
+
+ ; Directory for storing the YAML file imported during database initialization. The YAML file records the location of the imported SQLite file.
+ init_conf_path=/etc/pkgship/conf.yaml
+
+ ; Path for storing the SQLite file that is successfully imported
+ data_base_path=/var/run/pkgship_dbs
+
+ ; Write port
+ write_port=8080
+
+ ; Query port
+ query_port=8090
+
+ ; Write permission access IP address
+ write_ip_addr=127.0.0.1
+
+ ; Query permission access IP address
+ query_ip_addr=127.0.0.1
+
+ ; Address of the remote service. The command line can directly invoke the remote service to complete data requests. You only need to add the -remote parameter to the end of each command line.
+ remote_host=https://api.openeuler.org/pkgmanage
+
+ [LOG]
+
+ ; Path for storing logs
+ log_path=/var/log/pkgship/
+
+ ; Log level as follows:
+ ; INFO DEBUG WARNING ERROR CRITICAL
+ log_level=INFO
+
+ ; Log name
+ log_name=log_info.log
+
+ ; Number of logs that are dynamically created after the size of a log file reaches the upper limit.
+ backup_count=10
+
+ ; Size of each log file
+ max_bytes=314572800
+
+ [uWSGI SERVICE CONFIGURATION]
+
+ ; Path for storing uwsgi log
+ daemonize=/var/log/uwsgi.log
+
+ ; Size of data transmitted at the front- and back-end
+ buffer-size=65536
+
+ ; HTTP connection time
+ http-timeout=600
+
+ ; Server response time
+ harakiri=600
+
+ [TIMEDTASK]
+
+ ; Whether to enable scheduled tasks
+ open=True
+
+ ; Set the time when a scheduled task is triggered
+ hour=3
+ minute=0
+
+ [LIFECYCLE]
+ ; Remote storage address of the YAML address of each package
+ warehouse_remote=https://gitee.com/openeuler/openEuler-Advisor/raw/master/upstream-info/
+
+ ; When executing a scheduled task, you can enable multi-thread execution and set the number of threads in the thread pool based on the server configuration.
+ pool_workers=10
+
+ ; Warehouse name
+ warehouse=src-openeuler
+
+ ```
+
+2. Create a YAML configuration file to initialize the database. By default, the conf.yaml file is stored in the **/etc/pkgship/** directory. Based on this configuration, the pkgship reads the name of the database to be created and the SQLite file to be imported. An example of the conf.yaml file is as follows:
+
+ ```yaml
+ - dbname: openEuler-20.09
+ src_db_file: /etc/pkgship/src.sqlite
+ bin_db_file: /etc/pkgship/bin.sqlite
+ lifecycle: enable
+ priority: 1
+ ```
+
+> To change the storage path, change the value of **init\_conf\_path** in the **package.ini** file.
+
+## Starting and Stopping Services
+
+The pkgship uses the uWSGI web server. The commands for starting and stopping the service are as follows. You can specify whether to start the read-only (write-only) service or start the read and write services at the same time.
+
+```bash
+pkgshipd start [manage/selfpkg]
+
+pkgshipd stop [manage/selfpkg]
+```
+
+## Tool Usage
+
+1. Initialize the database.
+
+ > Application scenario: After the service is started, to query the package information and package dependency in the corresponding database, such as Mainline and openEuler 20.09, you need to import the SQLite (including the source code library and binary library), which is generated by the database using createrepo, to the service, and generate the corresponding DB file. When the **lifecycle** parameter of the database is set to enable in the conf.yaml file, a corresponding table is generated in **lifecycle.db** to record database information. The database table name (**tablename**) is read from this file subsequently. The **\[-filepath]** parameter is optional.
+
+ ```bash
+ pkgship init [-filepath path]
+ ```
+
+ > Parameter description:
+**-filepath**: Specifies the path of the initialized configuration file. You can use either a relative path or an absolute path. If no parameter is specified, the default configuration is used for initialization.
+
+2. Query a single package.
+
+ You can query the information about a source code package (**packagename**) in a specified database table (**tablename**).
+
+ > Application scenario: You can query information about a specific source code package in a specified database. The **packagename** and **tablename** are mandatory.
+
+ ```bash
+ pkgship single packagename tablename
+ ```
+
+ > Parameter description:
+**packagename**: Specifies the name of the source code package to be queried.
+**tablename**: Specifies the database name.
+
+3. Query all packages.
+
+ Query information about all packages in the database.
+
+ > Application scenario: You can query information about all software packages in a specified database. The **tablename** is mandatory, and the **\[-packagename]** and **\[-maintainer]** are optional.
+
+ ```bash
+ pkgship list tablename [-packagename pkgName] [-maintainer maintainer]
+ ```
+
+ > Parameter description:
+**tablename**: Specifies the database name.
+**-packagename**: Matches the package whose name contains the parameter string.
+**-maintainer**: Matches the package in which **maintainer** is a parameter.
+
+4. Query the installation dependency.
+
+ Query the installation dependency of the binary package (binaryName).
+
+ > Application scenario: When you need to install the binary package A, you need to install B, the installation dependency of A, and C, the installation dependency of B, etc. A can be successfully installed only after all the installation dependencies are installed in the system. Therefore, before installing the binary package A, you may need to query all installation dependencies of A. You can run the following command to query multiple databases based on the default priority of the platform, and to customize the database query priority.
+
+ ```bash
+ pkgship installdep binaryName [-dbs dbName1 dbName2...]
+ ```
+
+ > Parameter description:
+**-dbs**: Specifies the database query priority. **dbName** indicates the database name.
+
+5. Query the compilation dependency.
+
+ Query all compilation dependencies of the source code package (**sourceName**).
+
+ > Application scenario: To compile the source code package A, you need to install B, the compilation dependency package of A. To install B, you need to obtain all installation dependency packages of B. Therefore, before compiling the source code package A, you may need to query the compilation dependencies of A and all installation dependencies of these compilation dependencies. You can run the following command to query multiple databases based on the default priority of the platform, and to customize the database query priority.
+
+ ```bash
+ pkgship builddep sourceName [-dbs dbName1 dbName2...]
+ ```
+
+ > Parameter description:
+**-dbs**: Specifies the database query priority. **dbName** indicates the database name.
+
+6. Query the self-compilation and self-installation dependencies.
+
+ Query the installation and compilation dependencies of a specified binary package (**binaryName**) or source code package (**sourceName**). In the command, **\[pkgName]** indicates the name of the binary package or source code package to be queried. When querying a binary package, you can query all installation dependencies of the binary package, and the compilation dependencies of the source code package corresponding to the binary package, as well as all installation dependencies of these compilation dependencies. When querying a source code package, you can query its compilation dependency, and all installation dependencies of these compilation dependencies, as well as all installation dependencies of the binary packages generated by the source code package. In addition, you can run this command together with the corresponding parameters to query the self-compilation dependency of a software package and the dependency of a subpackage.
+
+ > Application scenario: If you want to introduce a new software package based on the existing version library, you need to introduce all compilation and installation dependencies of the software package. You can run this command to query these two dependency types at the same time to know the packages introduced by the new software package, and to query binary packages and source code packages.
+
+ ```bash
+ pkgship selfbuild [pkgName] [-dbs dbName1 dbName2 ] [-t source] [-s 1] [-w 1]
+ ```
+
+ > Parameter description:
+**-dbs:** Specifies the database priority. **dbName** indicates the database name. The following is an example:
+
+ > ```bash
+ > pkgship selfbuild pkgName -dbs dbName1 dbName2
+ > ```
+
+ > **-t source/binary**: Specifies whether the package **pkgName** to be queried is a source code package or a binary package. If **-t** is not added, the package is a binary package by default.
+**-s**: This parameter is added to query all installation dependencies and compilation dependencies of the software package (that is, compilation dependencies of the source code package on which compilation depends), and all installation dependencies of the compilation dependencies. In the command, **0** following the **-s** indicates that the self-compilation dependency is not queried, and 1 indicates that the self-compilation dependency is queried. The default value is **0**, and you can specify the value to **1**. If the **-s** is not added, all installation dependencies, layer-1 compilation dependencies, and layer-1 compilation dependencies of the software package are queried. The following is an example of querying self-compilation dependencies:
+
+ > ```bash
+ > pkgship selfbuild pkgName -t source -s 1
+ > ```
+
+ > **-w**: When a binary package is introduced and this parameter is added, the source code package corresponding to the binary package and all binary packages generated by the source code package are displayed in the query result. In the command, **0** following **-w** indicates that the corresponding subpackage is not queried, and **1** indicates that the corresponding subpackage is queried. The default value is **0**, and you can specify the value to **1**. When **-w** is not added, only the corresponding source code package is displayed in the query result when a binary package is introduced. The following is an example of querying a subpackage:
+
+ > ```bash
+ > pkgship selfbuild pkgName -w 1
+ > ```
+
+7. Query dependency.
+Query the packages that depend on the source code package (**sourceName**) in a database (**dbName**).
+
+ > Application scenario: You can run this command to query the software packages that will be affected by the upgrade or deletion of the software source code package A. This command displays the source code packages (for example, B) whose compilation depends on all binary packages generated by the source code package A, and the binary packages (for example, C1) whose installation depends on all binary packages generated by A. This command also displays the source code packages (for example, D) whose compilation depends on C1 and the binary package generated by B, and the binary packages (for example, E1) whose installation depends on C1 and the binary package generated by B, etc. Iterate the packages that depend on these binary packages. **\[-w 0/1]** is an optional parameter. The following is an example:
+
+ ```bash
+ pkgship bedepend sourceName dbName [-w 1]
+ ```
+
+ > Parameter description
+**-w (0/1)**: If the command does not contain configuration parameters or **\[-w 0]**, by default, the query result does not contain the subpackage of the corresponding binary package. When the command is followed by the configuration parameter or **\[-w 1]**, the dependency of the binary package C1 is queried, as well as the dependency of other binary packages (for example, C2 and C3) generated by C, the source code package corresponding to C1.
+
+8. Modify package information.
+
+ > Application scenario: You can modify the information about the maintainer and maintenance level of a specified source code package. **[-Packagename]**, **\[-maintainer]**, **\[-maintainlevel]**, **\[-filefolder]**, and **\[--batch]** are optional parameters.
+
+ You can modify the information with either of the following methods:
+Method 1: Specify the source code package name (**packagename**) to modify the information about the maintainer (**Newmaintainer**) and maintenance level (**Newmaintainlevel**) of the source code package. The following is an example:
+
+ ```bash
+ pkgship updatepkg [-packagename packagename] [-maintainer Newmaintainer] [-maintainlevel Newmaintainlevel]
+ ```
+
+ > Parameter description:
+**-packagename**: Specifies the name of the package to be maintained.
+**-maintainer**: Specifies the maintainer of the update package.
+**-maintainlevel**: Specifies the maintenance level of the update package. The value ranges from 1 to 4, and the default value is **1**.
+
+ Method 2: Specify the file path, and the maintainer, and maintenance level of the batch update package. The **--batch** parameter must be added to this command. The following is an example:
+
+ ```bash
+ pkgship updatepkg [--batch] [-filefolder path]
+ ```
+
+ > Parameter description:
+**-filefolder**: Specifies the YAML file where the package information is stored. The specified directory can contain only the updated YAML files.
+**--batch**: Specifies the update in batches. This parameter must be used together with the **\[-filefolder]** parameter.
+
+ You can create a file named A.yaml, set the package name to A, and specify the YAML content to modify the package information.
+The YAML format of the package information is as follows:
+
+ ```
+ maintainer:Newmaintainlevel
+ maintainlevel: Newmaintainlevel
+ ```
+
+9. Delete databases.
+
+ > Application scenario: Delete a specified database (**dbName**).
+
+ ```bash
+ pkgship rm dbName
+ ```
+
+10. Query table information.
+
+ > Application scenario: View all data tables in the current lifecycle database.
+
+ ```bash
+ pkgship tables
+ ```
+
+11. Query issues.
+
+ > Application scenario: View information about all issues in all source code packages. The optional parameters include **\[-packagename]**, **\[-issue\_type]**, **\[-issue\_status]**, **\[-maintainer]**, **\[-page N]**, and **\[-pagesize pageSize]**.
+
+ ```bash
+ pkgship issue [-packagename pkgName],[-issue_type issueType],[-issue_status issueStatus],[-maintainer maintainer],[-page N],[-pagesize pageSize]
+ ```
+
+ > Parameter description:
+**-packagename**: Specifies the package name for fuzzy query.
+**-issue\_type**: Specifies the issue type for query.
+**-issue\_status**: Specifies the issue status for query.
+**-maintainer**: Specifies a maintainer for query.
+**-page**: Specifies the data on page N to be queried.
+**-pagesize**: Specifies the number of data records displayed on each page.
+
+ ```bash
+ Run the following command to specify a package name for fuzzy search:
+ pkgship issue -packagename pkgName
+ ```
+
+ ```bash
+ Run the following command to specify an issue type for query:
+ pkgship issue -issue_type issueType
+ ```
+
+ ```bash
+ Run the following command to specify an issue status for query:
+ pkgship issue -issue_status issueStatus
+ ```
+
+ ```bash
+ Run the following command to specify a maintainer for query:
+ pkgship issue -maintainer maintainer
+ ```
+
+ ```bash
+ Run the following command to specify the data of page N for query:
+ pkgship issue -page N
+ ```
+
+ ```bash
+ Run the following command to specify the number of data items of each page for query:
+ pkgship issue -pagesize pageSize
+ ```
+
+12. Update the lifecycle of the software package.
+
+ > Application scenario: Update the information about the issue, maintainer, and maintenance level of all software packages in the lifecycle table. The optional parameters include **\[--issue]** and **\[--package]**.
+
+ ```bash
+ pkgship update [--issue] [--package]
+ ```
+
+ > Parameter description:
+**--issue**: Updates the issue information of all software packages in the lifecycle table. Based on the software package names in the lifecycle table, the system crawls the issue information corresponding to the software package.
+**--package**: Updates the information about the lifecycle, maintainer, and maintenance level of all software packages in the lifecycle table.
+
+ ```bash
+ Run the following command to update the issue information of all software packages in the lifecycle table:
+ pkgship update --issue
+ ```
+
+ ```bash
+ Run the following command to update the lifecycles, maintainers, and maintenance levels of all software packages in the lifecycle table:
+ pkgship update --package
+ ```
\ No newline at end of file
diff --git a/docs/en/documentation/README.md b/docs/en/documentation/README.md
deleted file mode 100644
index fdcdac580235f4bd4d680131a698564e0734a967..0000000000000000000000000000000000000000
--- a/docs/en/documentation/README.md
+++ /dev/null
@@ -1,7 +0,0 @@
----
-title: "Documentation"
-
----
-
-
-
\ No newline at end of file
diff --git a/docs/en/docs/20.09/menu/menu.json b/docs/en/menu/menu.json
similarity index 92%
rename from docs/en/docs/20.09/menu/menu.json
rename to docs/en/menu/menu.json
index 43315eb278ad84d70bb740fe90d561804c45e35c..f0414cf0b3d8cc21974c74751a8eb656d5fc7c1a 100644
--- a/docs/en/docs/20.09/menu/menu.json
+++ b/docs/en/menu/menu.json
@@ -93,6 +93,11 @@
"path": "docs/Installation/using-kickstart-for-automatic-installation",
"children": []
},
+ {
+ "label": "Installation UKUI",
+ "path": "docs/Installation/install-UKUI",
+ "children": []
+ },
{
"label": "FAQs",
"path": "docs/Installation/faqs",
@@ -210,7 +215,7 @@
},
{
"label": "Trusted Computing",
- "path": "docs/Administration/Trusted Computing",
+ "path": "docs/Administration/trusted-computing",
"children": []
},
{
@@ -331,6 +336,11 @@
"path": "docs/Virtualization/best-practices",
"children": []
},
+ {
+ "label": "Tool Guide",
+ "path": "docs/Virtualization/tool-guide",
+ "children": []
+ },
{
"label": "Appendix",
"path": "docs/Virtualization/appendix",
@@ -338,6 +348,47 @@
}
]
},
+ {
+ "label": "StratoVirt User Guide",
+ "path": "docs/StratoVirt/StratoVrit_guidence",
+ "children": [
+ {
+ "label": "Introduction to StratoVirt",
+ "path": "docs/StratoVirt/StratoVirt_Intoduction",
+ "children": []
+ },
+ {
+ "label": "Installing StratoVirt",
+ "path": "docs/StratoVirt/Install_StratoVirt",
+ "children": []
+ },
+ {
+ "label": "Preparing the Environment",
+ "path": "docs/StratoVirt/Prepare_env",
+ "children": []
+ },
+ {
+ "label": "Configuring a VM",
+ "path": "docs/StratoVirt/VM_configuration",
+ "children": []
+ },
+ {
+ "label": "Managing the VM Lifecycle",
+ "path": "docs/StratoVirt/Manage_life_cycle",
+ "children": []
+ },
+ {
+ "label": "Managing VM resources",
+ "path": "docs/StratoVirt/Manage_resource",
+ "children": []
+ },
+ {
+ "label": "Interconnecting with the iSula Secure Container",
+ "path": "docs/StratoVirt/Interconnect_isula",
+ "children": []
+ }
+ ]
+ },
{
"label": "Container User Guide",
"path": "docs/Container/container",
@@ -420,6 +471,11 @@
"label": "Supporting OCI hooks",
"path": "docs/Container/supporting-oci-hooks",
"children": []
+ },
+ {
+ "label": "Local Volume Management",
+ "path": "docs/Container/local-volume-management",
+ "children": []
}
]
},
@@ -671,7 +727,7 @@
]
},
{
- "label": "openEuler Toolset User Guide",
+ "label": "Toolset User Guide",
"path": "docs/userguide/overview",
"children": [
{
@@ -686,4 +742,4 @@
}
]
}
- ]
\ No newline at end of file
+ ]
diff --git a/docs/zh/README.md b/docs/zh/README.md
deleted file mode 100644
index bfdf916f2efe1030352d19588c9e670576178bf2..0000000000000000000000000000000000000000
--- a/docs/zh/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
----
-title: "openEuler"
----
\ No newline at end of file
diff --git a/docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0227497343.png b/docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0227497343.png
deleted file mode 100644
index 6db5a0793fe3068c7519d9a157abc856560e71b2..0000000000000000000000000000000000000000
Binary files a/docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0227497343.png and /dev/null differ
diff --git "a/docs/zh/docs/20.09/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md" "b/docs/zh/docs/20.09/docs/Installation/\345\256\211\350\243\205\345\234\250\346\234\215\345\212\241\345\231\250.md"
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git "a/docs/zh/docs/20.09/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md" "b/docs/zh/docs/20.09/docs/Installation/\345\256\211\350\243\205\345\234\250\346\240\221\350\216\223\346\264\276.md"
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/docs/zh/docs/20.09/docs/Releasenotes/release_notes.md b/docs/zh/docs/20.09/docs/Releasenotes/release_notes.md
deleted file mode 100644
index b022c7ec5c7df23ee40b7a61c89496376a4f6eef..0000000000000000000000000000000000000000
--- a/docs/zh/docs/20.09/docs/Releasenotes/release_notes.md
+++ /dev/null
@@ -1 +0,0 @@
-本文是 openEuler 20.09 版本的发行说明。
\ No newline at end of file
diff --git a/docs/zh/docs/20.09/docs/A-Tune/A-Tune.md b/docs/zh/docs/A-Tune/A-Tune.md
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/A-Tune.md
rename to docs/zh/docs/A-Tune/A-Tune.md
diff --git a/docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0213178479.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0213178479.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0213178479.png
rename to docs/zh/docs/A-Tune/figures/zh-cn_image_0213178479.png
diff --git a/docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0213178480.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0213178480.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0213178480.png
rename to docs/zh/docs/A-Tune/figures/zh-cn_image_0213178480.png
diff --git a/docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0214540398.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0214540398.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0214540398.png
rename to docs/zh/docs/A-Tune/figures/zh-cn_image_0214540398.png
diff --git a/docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0227497000.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0227497000.png
rename to docs/zh/docs/A-Tune/figures/zh-cn_image_0227497000.png
diff --git a/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png
new file mode 100644
index 0000000000000000000000000000000000000000..aecf293846ebd12f15b9a3fb5fdc2618d9d527dc
Binary files /dev/null and b/docs/zh/docs/A-Tune/figures/zh-cn_image_0227497343.png differ
diff --git a/docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0231122163.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0231122163.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0231122163.png
rename to docs/zh/docs/A-Tune/figures/zh-cn_image_0231122163.png
diff --git a/docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0245342444.png b/docs/zh/docs/A-Tune/figures/zh-cn_image_0245342444.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/figures/zh-cn_image_0245342444.png
rename to docs/zh/docs/A-Tune/figures/zh-cn_image_0245342444.png
diff --git a/docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-caution.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-caution.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-caution.gif
rename to docs/zh/docs/A-Tune/public_sys-resources/icon-caution.gif
diff --git a/docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-danger.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-danger.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-danger.gif
rename to docs/zh/docs/A-Tune/public_sys-resources/icon-danger.gif
diff --git a/docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-note.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-note.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-note.gif
rename to docs/zh/docs/A-Tune/public_sys-resources/icon-note.gif
diff --git a/docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-notice.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-notice.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-notice.gif
rename to docs/zh/docs/A-Tune/public_sys-resources/icon-notice.gif
diff --git a/docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-tip.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-tip.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-tip.gif
rename to docs/zh/docs/A-Tune/public_sys-resources/icon-tip.gif
diff --git a/docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-warning.gif b/docs/zh/docs/A-Tune/public_sys-resources/icon-warning.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/A-Tune/public_sys-resources/icon-warning.gif
rename to docs/zh/docs/A-Tune/public_sys-resources/icon-warning.gif
diff --git "a/docs/zh/docs/20.09/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md" "b/docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md"
similarity index 98%
rename from "docs/zh/docs/20.09/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md"
rename to "docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md"
index e46ed15111093319a589452f890dc0441ae7592a..0b581c71f27dda073d586e992e24a59646d56460 100644
--- "a/docs/zh/docs/20.09/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md"
+++ "b/docs/zh/docs/A-Tune/\344\275\277\347\224\250\346\226\271\346\263\225.md"
@@ -419,7 +419,7 @@ example.conf 可以参考如下方式书写(以下各优化项非必填,仅
### 命令格式
-**atune-adm info** _
+**atune-adm info**
### 使用示例
@@ -530,7 +530,7 @@ disable the nginx log = application
### 命令格式
-**atune-adm profile **_<_profile_\>_
+**atune-adm profile**
### 参数说明
@@ -634,7 +634,7 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数
> **说明:**
>在运行命令前,需要满足如下条件:
>1. 服务端的yaml配置文件已经编辑完成并放置于 atuned服务下的**/etc/atuned/tuning/**目录中。
->2. 客户端的yaml配置文件已经编译完成并放置于atuned客户端下。
+>2. 客户端的yaml配置文件已经编辑完成并放置于atuned客户端任意目录下。
**atune-adm tuning** \[OPTIONS\]
@@ -743,6 +743,7 @@ A-Tune提供了最佳配置的自动搜索能力,免去人工反复做参数
diff --git "a/docs/zh/docs/20.09/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md" "b/docs/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md"
rename to "docs/zh/docs/Releasenotes/\346\263\225\345\276\213\345\243\260\346\230\216.md"
diff --git "a/docs/zh/docs/20.09/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md" "b/docs/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md"
rename to "docs/zh/docs/Releasenotes/\346\272\220\344\273\243\347\240\201.md"
diff --git "a/docs/zh/docs/20.09/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md" "b/docs/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md"
rename to "docs/zh/docs/Releasenotes/\347\224\250\346\210\267\351\241\273\347\237\245.md"
diff --git "a/docs/zh/docs/20.09/docs/Releasenotes/\347\256\200\344\273\213.md" "b/docs/zh/docs/Releasenotes/\347\256\200\344\273\213.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/Releasenotes/\347\256\200\344\273\213.md"
rename to "docs/zh/docs/Releasenotes/\347\256\200\344\273\213.md"
diff --git "a/docs/zh/docs/20.09/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md" "b/docs/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md"
rename to "docs/zh/docs/Releasenotes/\347\263\273\347\273\237\345\256\211\350\243\205.md"
diff --git "a/docs/zh/docs/20.09/docs/Releasenotes/\350\207\264\350\260\242.md" "b/docs/zh/docs/Releasenotes/\350\207\264\350\260\242.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/Releasenotes/\350\207\264\350\260\242.md"
rename to "docs/zh/docs/Releasenotes/\350\207\264\350\260\242.md"
diff --git "a/docs/zh/docs/20.09/docs/SecHarden/SELinux\351\205\215\347\275\256.md" "b/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/SecHarden/SELinux\351\205\215\347\275\256.md"
rename to "docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md"
diff --git a/docs/zh/docs/20.09/docs/SecHarden/figures/zh-cn_image_0221925211.png b/docs/zh/docs/SecHarden/figures/zh-cn_image_0221925211.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/SecHarden/figures/zh-cn_image_0221925211.png
rename to docs/zh/docs/SecHarden/figures/zh-cn_image_0221925211.png
diff --git a/docs/zh/docs/20.09/docs/SecHarden/figures/zh-cn_image_0221925212.png b/docs/zh/docs/SecHarden/figures/zh-cn_image_0221925212.png
similarity index 100%
rename from docs/zh/docs/20.09/docs/SecHarden/figures/zh-cn_image_0221925212.png
rename to docs/zh/docs/SecHarden/figures/zh-cn_image_0221925212.png
diff --git a/docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-caution.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-caution.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-caution.gif
rename to docs/zh/docs/SecHarden/public_sys-resources/icon-caution.gif
diff --git a/docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-danger.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-danger.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-danger.gif
rename to docs/zh/docs/SecHarden/public_sys-resources/icon-danger.gif
diff --git a/docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-note.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-note.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-note.gif
rename to docs/zh/docs/SecHarden/public_sys-resources/icon-note.gif
diff --git a/docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-notice.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-notice.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-notice.gif
rename to docs/zh/docs/SecHarden/public_sys-resources/icon-notice.gif
diff --git a/docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-tip.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-tip.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-tip.gif
rename to docs/zh/docs/SecHarden/public_sys-resources/icon-tip.gif
diff --git a/docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-warning.gif b/docs/zh/docs/SecHarden/public_sys-resources/icon-warning.gif
similarity index 100%
rename from docs/zh/docs/20.09/docs/SecHarden/public_sys-resources/icon-warning.gif
rename to docs/zh/docs/SecHarden/public_sys-resources/icon-warning.gif
diff --git a/docs/zh/docs/20.09/docs/SecHarden/secHarden.md b/docs/zh/docs/SecHarden/secHarden.md
similarity index 100%
rename from docs/zh/docs/20.09/docs/SecHarden/secHarden.md
rename to docs/zh/docs/SecHarden/secHarden.md
diff --git "a/docs/zh/docs/20.09/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md" "b/docs/zh/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md"
rename to "docs/zh/docs/SecHarden/\345\206\205\346\240\270\345\217\202\346\225\260.md"
diff --git "a/docs/zh/docs/20.09/docs/SecHarden/\345\212\240\345\233\272\346\214\207\345\257\274.md" "b/docs/zh/docs/SecHarden/\345\212\240\345\233\272\346\214\207\345\257\274.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/SecHarden/\345\212\240\345\233\272\346\214\207\345\257\274.md"
rename to "docs/zh/docs/SecHarden/\345\212\240\345\233\272\346\214\207\345\257\274.md"
diff --git "a/docs/zh/docs/20.09/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md" "b/docs/zh/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md"
rename to "docs/zh/docs/SecHarden/\345\256\211\345\205\250\345\212\240\345\233\272\345\267\245\345\205\267.md"
diff --git "a/docs/zh/docs/20.09/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md" "b/docs/zh/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md"
rename to "docs/zh/docs/SecHarden/\346\216\210\346\235\203\350\256\244\350\257\201.md"
diff --git "a/docs/zh/docs/20.09/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md" "b/docs/zh/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md"
rename to "docs/zh/docs/SecHarden/\346\223\215\344\275\234\347\263\273\347\273\237\345\212\240\345\233\272\346\246\202\350\277\260.md"
diff --git "a/docs/zh/docs/20.09/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md" "b/docs/zh/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md"
similarity index 100%
rename from "docs/zh/docs/20.09/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md"
rename to "docs/zh/docs/SecHarden/\346\226\207\344\273\266\346\235\203\351\231\220.md"
diff --git "a/docs/zh/docs/20.09/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md" "b/docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md"
similarity index 99%
rename from "docs/zh/docs/20.09/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md"
rename to "docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md"
index e6f917881a39ffecb1cd1cdc04239289f2d80675..13049d47053fe826043ebc9ac44208a944f88424 100644
--- "a/docs/zh/docs/20.09/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md"
+++ "b/docs/zh/docs/SecHarden/\347\263\273\347\273\237\346\234\215\345\212\241.md"
@@ -206,7 +206,7 @@ SSH(Secure Shell)是目前较可靠,专为远程登录会话和其他网
- 
- 
- 
- 
- 
-