diff --git a/docs/en/docs/Container/isula-build.md b/docs/en/docs/Container/isula-build.md index abe20158635ed866c29b81de5b7fd1cffff51982..6630ce840f4f0237d2f5a22574a1df2a0903983e 100644 --- a/docs/en/docs/Container/isula-build.md +++ b/docs/en/docs/Container/isula-build.md @@ -22,6 +22,8 @@ * [rm: Deleting a Local Persistent Image](#rm-deleting-a-local-persistent-image) * [save: Exporting Cascade Images](#save-exporting-cascade-images) * [tag: Tagging Local Persistent Images](#tag-tagging-local-persistent-images) + * [pull: Pulling an Image To a Local Host](#pull-pulling-an-image-to-a-local-host) + * [push: Pushing a Local Image to a Remote Repository](#push-pushing-a-local-image-to-a-remote-repository) * [info: Viewing the Operating Environment and System Information](#info-viewing-the-operating-environment-and-system-information) * [login: Logging In to the Remote Image Repository](#login-logging-in-to-the-remote-image-repository) * [logout: Logging Out of the Remote Image Repository](#logout-logging-out-of-the-remote-image-repository) @@ -109,7 +111,7 @@ Currently, the isula-build server contains the following configuration file: | run_root | Mandatory | Sets the root directory of runtime data. | For example, /var/run/isula-build/ | | data_root | Mandatory | Sets the local persistency directory. | For example, /var/lib/isula-build/ | | runtime | Optional | Sets the runtime type. Currently, only runc is supported. | runc | - +| group | Optional | Sets an owner group for the local socket file isula_build.sock so that non-privileged users in the group can use isula-build. | isula | - /etc/isula-build/storage.toml: configuration file for local persistent storage, including the configuration of the storage driver in use. @@ -136,6 +138,7 @@ Currently, the isula-build server contains the following configuration file: > - isula-build supports the preceding configuration file with the maximum size of 1 MiB. > - The persistent working directory dataroot cannot be configured on the memory disk, for example, tmpfs. > - Currently, only overlay2 can be used as the underlying graphdriver. +> - Before setting the --group option, ensure that the corresponding user group has been created on a local OS and non-privileged users have been added to the group. After the isula-builder is restarted, non-privileged users can use the isula-build function. In addition, to ensure permission consistency, the array of the isula-build configuration file directory /etc/isula-build is set to the group specified by --group. @@ -184,6 +187,7 @@ You can also run the isula-builder command on the server to start the service. T - --runroot: runtime directory. The default value is /var/run/isula-build/. - --storage-driver: underlying storage driver type. - --storage-opt: underlying storage driver configuration. +- --group: an owner group for the local socket file isula_build.sock so that non-privileged users in the group can use isula-build. The default owner group is "isula". >![](./public_sys-resources/icon-note.gif) **Note:** > If the command line startup parameters contain the same configuration options as those in the configuration file, the command line parameters are preferentially used for startup. @@ -227,6 +231,8 @@ The isula-build client provides a series of commands for building and managing c - rm: deletes a local container image. - save: exports a cascade image to a local disk. - tag: adds a tag to a local container image. + - pull: pulls an image to a local host. + - push: pushes a local image to a remote repository. - info: displays the running environment and system information of isula-build. - login: logs in to the remote container image repository. - logout: logs out of the remote container image repository. @@ -316,7 +322,7 @@ When isula-build is used to build a container image, assume that a fixed timesta For container image build, isula-build supports the same Dockerfile. If the build environments are the same, the image content and image ID generated in multiple builds are the same. -–build-static supports the key-value pair option in the k=v format. Currently, the following options are supported: +--build-static supports the key-value pair option in the k=v format. Currently, the following options are supported: - build-time: string, which indicates the fixed timestamp for creating a static image. The value is in the format of YYYY-MM-DD HH-MM-SS. The timestamp affects the attribute of the file for creating and modifying the time at the diff layer. @@ -353,7 +359,7 @@ $ cat testfile **\-o, --output** -Currently, -o and –output support the following formats: +Currently, -o and --output support the following formats: - `isulad:image:tag`: directly pushes the image that is successfully built to iSulad, for example, `-o isulad:busybox:latest`. Pay attention to the following restrictions: @@ -413,6 +419,7 @@ $ sudo isula-build ctr-img build --cap-add CAP_SYS_ADMIN --cap-add CAP_SYS_PTRAC > - The stage name can contain a maximum of 64 characters. > - isula-build does not support resource restriction on a single Dockerfile build. If resource restriction is required, you can configure a resource limit on the isula-builder. > - Currently, isula-build does not support a remote URL as the data source of the ADD command in the Dockerfile. +> - The local tarball exported using the 'docker-archive' type is not compressed, you can manually compress the file as required. @@ -448,13 +455,13 @@ Example: ```sh $ sudo isula-build ctr-img import ./openEuler-docker.x86_64.tar.xz openeuler:21.03 -Import success with image id: 7317851cd2ab33263eb293f68efee9d724780251e4e92c0fb76bf5d3c5585e37 +Import success with image id: "aac8223a40e9c37558477671c4d66692c8ee5d37b28d947e10010911dd0549d8" $ sudo isula-build ctr-img images ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ -openeuler 21.03 7317851cd2ab 2021-03-15 06:25:34 500 MB ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ +--------------- ----------- ----------------- ------------------------ ------------ + REPOSITORY TAG IMAGE ID CREATED SIZE +--------------- ----------- ----------------- ------------------------ ------------ + openeuler 21.03 aac8223a40e9 2021-04-02 00:56:46 210 MB +--------------- ----------- ----------------- ------------------------ ------------ ``` >![](./public_sys-resources/icon-note.gif) **Note** @@ -518,8 +525,8 @@ isula-build ctr-img rm IMAGE [IMAGE...] [FLAGS] Currently, the following flags are supported: -- -a, –all: deletes all images stored locally. -- -p, –prune: deletes all images that are stored locally and do not have tags. +- -a, --all: deletes all images stored locally. +- -p, --prune: deletes all images that are stored locally and do not have tags. Example: @@ -567,6 +574,28 @@ Storing signatures Save success with image: 21c3e96ac411 ``` +The following example shows how to export multiple images to the same tarball: + +```sh +$ sudo isula-build ctr-img save busybox:latest nginx:latest -o all.tar +Getting image source signatures +Copying blob sha256:eb78099fbf7fdc70c65f286f4edc6659fcda510b3d1cfe1caa6452cc671427bf +Copying blob sha256:29f11c413898c5aad8ed89ad5446e89e439e8cfa217cbb404ef2dbd6e1e8d6a5 +Copying blob sha256:af5bd3938f60ece203cd76358d8bde91968e56491daf3030f6415f103de26820 +Copying config sha256:b8efb18f159bd948486f18bd8940b56fd2298b438229f5bd2bcf4cedcf037448 +Writing manifest to image destination +Storing signaturesGetting image source signatures +Copying blob sha256:e2d6930974a28887b15367769d9666116027c411b7e6c4025f7c850df1e45038 +Copying config sha256:a33de3c85292c9e65681c2e19b8298d12087749b71a504a23c576090891eedd6 +Writing manifest to image destination +Storing signatures +Save success with image: [busybox:latest nginx:latest] +``` + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- save exports an image in .tar format by default. If necessary, you can save the image and then manually compress it. +>- When exporting an image, specify the image integrity in the format of IMAGE_NAME:IMAGE_TAG. #### tag: Tagging Local Persistent Images @@ -596,6 +625,49 @@ alpine v1 a24bb4013296 ---------------------------------------------- ----------- ----------------- -------------------------- ------------ ``` +#### pull: Pulling an Image To a Local Host + +Run the pull command to pull an image from a remote image repository to a local host. Command format: + +``` +isula-build ctr-img pull REPOSITORY[:TAG] +``` + +Example: + +```sh +$ sudo isula-build ctr-img pull example-registry/library/alpine:latest +Getting image source signatures +Copying blob sha256:8f52abd3da461b2c0c11fda7a1b53413f1a92320eb96525ddf92c0b5cde781ad +Copying config sha256:e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b +Writing manifest to image destination +Storing signatures +Pull success with image: example-registry/library/alpine:latest +``` + +#### push: Pushing a Local Image to a Remote Repository + +Run the push command to push a local image to a remote repository. Command format: + +``` +isula-build ctr-img push REPOSITORY[:TAG] +``` + +Example: + +```sh +$ sudo isula-build ctr-img push example-registry/library/mybusybox:latest +Getting image source signatures +Copying blob sha256:d2421964bad195c959ba147ad21626ccddc73a4f2638664ad1c07bd9df48a675 +Copying config sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f +Writing manifest to image destination +Storing signatures +Push success with image: example-registry/library/mybusybox:latest +``` + +>![](./public_sys-resources/icon-note.gif) **NOTE:** +> +>- Before pushing an image, log in to the corresponding image repository. ### info: Viewing the Operating Environment and System Information @@ -608,7 +680,8 @@ You can run the isula-build info command to view the running environment and sys The following flags are supported: -- -H, –human-readable: Boolean. The memory information is printed in the common memory format. The value is 1000 power. +- -H, --human-readable: Boolean. The memory information is printed in the common memory format. The value is 1000 power. +- -V, --verbose: Boolean. The memory usage is displayed during system running. Example: @@ -633,6 +706,13 @@ $ sudo isula-build info -H Insecure Registries: localhost:5000 oepkgs.net + Runtime: + MemSys: 68.4 MB + HeapSys: 63.3 MB + HeapAlloc: 7.41 MB + MemHeapInUse: 8.98 MB + MemHeapIdle: 54.4 MB + MemHeapReleased: 52.1 MB ``` ### login: Logging In to the Remote Image Repository @@ -695,17 +775,17 @@ You can run the version command to view the current version information. ```sh $ sudo isula-build version Client: - Version: 0.9.2 - Go Version: go1.13.3 - Git Commit: ccb2a13 - Built: Sat Aug 22 08:06:47 2020 + Version: 0.9.5-6 + Go Version: go1.15.7 + Git Commit: b82408f + Built: Tue Mar 30 11:08:00 2021 OS/Arch: linux/amd64 - + Server: - Version: 0.9.2 - Go Version: go1.13.3 - Git Commit: ccb2a13 - Built: Sat Aug 22 08:06:47 2020 + Version: 0.9.5 + Go Version: go1.15.5 + Git Commit: 64dbad50 + Built: Mon Apr 12 20:30:31 2021 OS/Arch: linux/amd64 ``` @@ -735,7 +815,7 @@ busybox 2.0 2d414a5cad6d 2020-08-01 06:41: >![](./public_sys-resources/icon-note.gif) **Note:** > - It is required that isula-build and iSulad be on the same node. -> - When an image is directly exported to the iSulad, the isula-build client needs to temporarily store the successfully built image as `/var/tmp/isula-build-tmp-%v.tar` and then import it to the iSulad. Ensure that the /var/tmp/ directory has sufficient disk space. If the isula-build client process is killed or Ctrl+C is pressed during the export, you need to manually clear the `/var/tmp/isula-build-tmp-%v.tar` file. +> - When an image is directly exported to the iSulad, the isula-build client needs to temporarily store the successfully built image as `/var/lib/isula-build/tmp/[buildid]/isula-build-tmp-%v.tar` and then import it to the iSulad. Ensure that the /var/tmp/ directory has sufficient disk space. If the isula-build client process is killed or Ctrl+C is pressed during the export, you need to manually clear the `/var/lib/isula-build/tmp/[buildid]/isula-build-tmp-%v.tar` file. ### Integration with Docker @@ -815,22 +895,24 @@ The isula-build component processes communicate with each other through the Unix ### File and Permission -- All isula-build operations must be performed by the root user. +- All isula-build operations must be performed by the root user. To perform operations as a non-privileged user, you need to configure the --group option. - The following table lists the file permissions involved in the running of isula-build. | **File Path** | **File/Folder Permission** | **Description** | | ------------------------------------------- | ------------------- | ------------------------------------------------------------ | -| /usr/bin/isula-build | 550 | Binary file of the command line tool. | +| /usr/bin/isula-build | 551 | Binary file of the command line tool. | | /usr/bin/isula-builder | 550 | Binary file of the isula-builder process on the server. | | /usr/lib/systemd/system/isula-build.service | 640 | systemd configuration file, which is used to manage the isula-build service. | +| /usr/isula-build | 650 | Root directory of the isula-builder configuration file. | | /etc/isula-build/configuration.toml | 600 | General isula-builder configuration file, which sets the isula-builder log level, persistency directory, runtime directory, and OCI runtime. | | /etc/isula-build/policy.json | 600 | Syntax file of the signature verification policy file. | | /etc/isula-build/registries.toml | 600 | Configuration file of each image repository, including the available image repository list and image repository blacklist. | | /etc/isula-build/storage.toml | 600 | Configuration file for local persistent storage, including the configuration of the used storage driver. | -| /var/run/isula_build.sock | 600 | Local socket of isula-builder. | +| /etc/isula-build/isula-build.pub | 444 | Asymmetric encryption public key file. | +| /var/run/isula_build.sock | 660 | Local socket of isula-builder. | | /var/lib/isula-build | 700 | Local persistency directory. | | /var/run/isula-build | 700 | Local runtime directory. | -| /var/tmp/isula-build-tmp-*.tar | 600 | Local directory for temporarily storing the images when they are exported to the iSulad. | +| /var/lib/isula-build/tmp/[buildid]/isula-build-tmp-*.tar | 644 | Local directory for temporarily storing the images when they are exported to the iSulad. | diff --git a/docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md b/docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md index eadc4c0a4ef5e520bd7666df52848975ff96247d..530ec2a5be74b3d660be58a108f87c213da06fdb 100644 --- a/docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md +++ b/docs/en/docs/Releasenotes/common-vulnerabilities-and-exposures-(cve).md @@ -1,4 +1,4 @@ # Common Vulnerabilities and Exposures \(CVE\) -For CVE involved in the version, see the [CVE list](https://cve.openeuler.org/#/CVE). +For CVE involved in the version, see the [CVE list](https://openeuler.org/en/security/cve/). diff --git a/docs/en/docs/Releasenotes/contribution.md b/docs/en/docs/Releasenotes/contribution.md index 5ac221e1384a2093fdbb6effa314b17f5f896add..ff6e6f09e136749018f998eeb5e5662649ce01a4 100644 --- a/docs/en/docs/Releasenotes/contribution.md +++ b/docs/en/docs/Releasenotes/contribution.md @@ -6,7 +6,7 @@ As an openEuler user, you can contribute to the openEuler community in multiple openEuler brings together people of common interest to form different special interest groups \(SIGs\). For details about existing SIGs, see the [SIG list](https://openeuler.org/en/sig/sig-list/). -You are welcome to join an existing SIG or create a SIG. For details about how to create a SIG, see the [SIG Management Procedure](https://gitee.com/openeuler/community/blob/master/en/technical-committee/governance/README.md). +You are welcome to join an existing SIG or create a SIG. For details about how to create a SIG, see the [SIG Management Procedure](https://gitee.com/openeuler/community/blob/master/en/technical-committee/governance/). ## Mail List and Tasks @@ -18,5 +18,5 @@ You can contribute to the community by submitting code. We also welcome your fee ## IRC -openEuler has also opened a channel in IRC as an additional channel to provide community support and interaction. For details, see [openEuler IRC](https://gitee.com/openeuler/community/blob/master/en/communication/IRCs.md). +openEuler has also opened a channel in IRC as an additional channel to provide community support and interaction. For details, see [openEuler IRC](https://gitee.com/openeuler/community/blob/master/en/communication/). diff --git a/docs/en/docs/Releasenotes/key-features.md b/docs/en/docs/Releasenotes/key-features.md index 53df363b8522c681741d1df7d0fdc41a6ce5383a..361eb40a501acc8ffd267a35653337410ad6e545 100644 --- a/docs/en/docs/Releasenotes/key-features.md +++ b/docs/en/docs/Releasenotes/key-features.md @@ -1,49 +1,101 @@ # Key Features -- StratoVirt: Combines high security and performance with lightweight loads, low power consumption, and flexible component splitting for trusted virtualization platform in all scenarios. - - - Uses the Rust language, supports **seccomp** and multi-tenant isolation, providing a secure and trusted operating environment. - - Supports startup within 50 ms and memory noise floor of less than 4 MB, achieving the ultimate performance and lightweight deployment in various scenarios across-device-edge-cloud. - - Supports multiple hardware acceleration virtualized engines, such as x86 VT and Kunpeng-V. - - Supports device scaling within milliseconds, providing flexible resource scaling capabilities for lightweight loads. - - Scalable device models, supports complex device specifications such as PCI, and compatible with the QEMU software ecosystem. - - Supports multiple computing, network, and storage acceleration solutions, and flexible collaboration of heterogeneous computing power. - -- iSula: A lightweight container solution that unifies IoT, edge, and cloud computing. - - - Optimized operation performance for the startup and container lifecycle. - - **isula-build**, a container image build tool that provides secure and fast container image build capabilities. - - Secure and trusted VM startup for enhanced VM security. - -- Enhanced virtualization features - - - Optimizes VM lock preemption with dual-layer scheduling and Hypervisor-aware VM scheduling, delivering higher performance in the multi-core overcommitment scenario. - - Optimizes the IPI interruption performance using the Guest-Idle-Haltpoll mechanism, improving the database service performance. - - For the virtualization feature of the ARM platform, supports the CPU/memory hot plug and the custom mode for the KVM CPU, making resource configuration more flexible. - - Quickly collects performance indicators of a VM using the O\&M tool VMTOP. - - Enables hardlockup detection using the PMU NMI watchdog feature. - -- Kernel feature enhancement - - - Enhancement for IMA commercial use: Based on the open source IMA solution, improves security, performance, and usability to facilitate commercial use. - - NUMA Aware Qspinlock: Improves system performance by reducing cross-NUMA cache synchronization and ping-pong operations caused by lock competition. - - Ktask parallelism: A kernel task parallelism framework that supports the parallel operation of kernel tasks. - - MPAM resource control: Supports Cache QoS and memory bandwidth control technology for the ARM64 architecture. - - Memory system lock optimization: Optimizes vmalloc allocation lock and Pagecache lock. - -- Programming languages and compilers - - - JDK8 enhancement: Supports the APPCDS feature and crc32 hardware acceleration instruction. - - GCC optimization: Supports cyclic optimization, automatic vectorization, and global optimization. - -- Hardware and chip enablement - - - Raspberry Pi: Supports the Raspberry series boards. - -- Desktop support - - - UKUI: Default desktop environment of the Kylin OS. Its layout, style, and usage habits are similar to those of the traditional Windows OS. - -- Intelligent O\&M - - - A-Tune: An intelligent system performance optimization engine that infers service features and configures the optimal system parameter set for the optimal service operations. \ No newline at end of file +## Brand New 5.10 Kernel + +In-depth optimization of scheduling, I/O, and memory management has been performed, providing more computing capabilities such as ARM64, x86, and RISC-V. + +- **Optimized scheduler**. The fairness of CFS tasks has been optimized. The NUMA aware asynchronous calling mechanism has been added so that the NVDIMM initialization is significantly improved. The SCHED\_IDLE scheduling policy is optimized to significantly reduce the scheduling delay of high-priority tasks and reduce interference to other tasks. +- **Optimized the NUMA balancing mechanism**. Better affinity, higher utilization, and fewer invalid migrations are achieved. +- **Enhanced the CPU isolation mechanism**. Interrupt isolation and unbound kthreads isolation are supported to enhance the isolation of CPU cores and avoid mutual interference between services. +- **Optimized Cgroup single-thread migration**. The dependency on the read and write semaphores of the thread group is eliminated. Time namespaces are introduced to facilitate container migration. +- **Limitable number of file handles that can be used in a container**. File handles include common file handles and network sockets. When a container is started, you can specify the `--files-limit` parameter to limit the maximum number of handles that can be opened in the container. +- **PSI support**. Pressure Stall Information (PSI) provides a method for evaluating system resources, such as the CPU, memory, and I/O pressure. An accurate detection method can help a resource user determine an appropriate workload, and can also help a system formulate an efficient resource scheduling policy, so as to maximize system resource utilization and improve user experience. +- **Optimized inter-process communication**. The **pipe/epoll\_wait** wakeup mechanism is optimized to improve the performance of waking up multiple waiting threads. +- **Enhanced memory management**. Memory control and statistics are refined, and heterogeneous memory, hot swap, and memory initialization functions are improved. More effective user control interfaces are provided. Hotspot locks and semaphores are optimized. Radical memory normalization and defragmentation are supported. The vmap/vmalloc mechanism is optimized, significantly improving the memory application efficiency. Memory maintenance and test features, such as **KASAN**, **kmemleak**, **slub\_debug**, and **oom**, are enhanced to improve the efficiency of locating and resolving memory problems. +- **Early Departure Time model switching**. It eliminates the limitation of the TCP framework during packet sending. The EDT timestamp is set for data packets based on the scheduling policy, which avoids the delay caused by large queue buffer and greatly improves the TCP performance. +- **MultiPath TCP**. MultiPath TCP improves performance and reliability in mobile and data scenarios and supports parallel transmission of multiple subflows in load balancing scenarios. +- **Log fast commit method**. EXT4 introduces a new and lightweight log method `-fast commit`, which can greatly accelerate time-consuming operations such as `fsync` and bring better performance. +- **dm writecache feature**. The dm writecache feature is supported to improve the sequential write performance of large SSD blocks and the performance of the DDR persistent memory. +- **io\_uring**. io\_uring is a new asynchronous I/O framework and implementation. It supports the polling mode. In polling mode, the performance is greatly improved, which is close to that of the SPDK. When the queue depth is high, the performance is better. +- **ILP32**. 32-bit applications are supported in the Kunpeng 920 ARM64 environment. +- **Enhanced IMA commercial use**. Based on the open-source IMA solution, the security, performance, and ease-of-use of IMA are enhanced to facilitate commercial use. +- **Per task stack check**. Per task stack check is supported to enhance the capability of defending against ROP attacks. +- **MPAM resource management and control**. The cache QoS and memory bandwidth control technologies of the ARM64 architecture is supported. +- **SEDI-based NMI mechanism and PMU-based NMI mechanism**. Hard lockup detection is enabled. perf nmi is enabled so that the performance analysis becomes more accurate. +- **VM CPU hot swap in the ARM64 platform**. CPU hot swap is supported in ARM64 for more flexible resource allocation. +- **Enhanced ARM64 kdump**. Memory reservation for addresses greater than 4 GB is supported so that the kdump can reserve more memory space to support machines with larger memory. +- **Raspberry PI series board**s. The support for the Raspberry PI has been integrated into the native openEuler 21.03 kernel. You can directly use the openEuler 21.03 kernel source code for debugging the boards. +- **KVM virtualization in the RISC-V platform** +- **1822 iNICs** + +## Kernel Hot Upgrade + +NVWA is an OS vulnerability repair and upgrade solution that implements quick hot replacement of the kernel without affecting services. + +- **The CPU park and quick kexec features** accelerate system startup and shutdown, reduce system downtime, and improve system availability. +- **The pin memory and PMem features** ensure quick and accurate recovery of service processes and improve service resilience. +- **The NVWA controllere** provides the gRPC communication interface, which is easy to use. + +## Enhanced Virtualization Function and Maintainability + +The live migration Pro capability is extended to improve the maintainability and testability. + +- **Live migration Pro feature**. multifd is enhanced to support TLS, ensuring data security during migration. Concurrent compression of live migration data is supported, improving migration performance. Statistics on data page access frequency are added for live migration data prediction in advance. +- **Performance debugging tool (vmtop).** You can dynamically view the resource usage of VMs in real time, including the CPU usage and memory usage. The x86\_64 architecture is supported. +- **I/O suspension**. I/O suspension is supported so that automatic retry is performed by default in case an I/O error occurs. If the retry times out, an alarm is reported. +- **Virtualization live migration on RISC-V architecture** + +## Lightweight Virtual Runtime (StratoVirt) + +Elastic memory, huge page, and system call filtering are added to enhance the performance and stability of the I/O subsystem. + +- **Elastic memory**. The memory can be allocated and reclaimed based on the memory requirements of the workload. The memory reclamation speed of virtio-balloon can reach 3 GB/s. +- **Huge page**. Huge page in the lightweight framework provides continuous physical memory pages for lightweight VMs, improving VM memory access efficiency. +- **System call filtering**. The device model has been simplified and system call filtering is supported. In the simplest configuration, only 35 system calls are required, effectively reducing the system attack surface. +- **Enhanced I/O subsystem**. Multi-channel concurrent I/O capability is supported and the performance is improved. The I/O-QoS capability improves the flexibility and stability of VM I/O traffic management. + +## Hierarchical Memory Management Framework + +Various memory and storage media are supported to expand the system memory capacity and reduce memory usage costs. + +- **Hot and cold page identification**. The busy/idle status statistics mechanism of the kernel-mode memory page can accurately identify the cold and hot distribution of process memory page accesses. +- **Configurable elimination policies**. A configuration interface is provided to customize the cold and hot tiering policies for memory pages. +- **Smooth expansion**. Cold pages are automatically swapped out to the extended memory. The software deployed on the cold pages can run properly without changing or adapting the programming mode. +- **Multi-media expansion**. Multiple media such as SCM, XL flash, and NVMe SSD can be used as the extended memory. The cold and hot memory tiering solution is specified based on the access speed of the media to expand the memory and reduce performance loss. + +## OpenStack Victoria Integration + +OpenStack Victoria is a simple, scalable, rich, and standard cloud management operating system. For details about more features, see OpenStack Victoria release notes. + +- **Integrated OpenStack Victoria**. OpenStack Victoria enables the IaaS solution. +- **Enhanced block storage.** Advanced functions such as capacity expansion, snapshots, and VM image cloning are supported. +- **Container-based deployment and network capabilities**. Better integration with containers is achieved. +- **Extended services**. Extended services such as control panel management, bare metal server deployment, and cloud resource tracing are supported. + +## Kubernetes 1.20 Integration + +Kubernetes 1.20 is a cloud-native OS used to automatically deploy, scale, and manage containerized applications. For more information, see Kubernetes 1.20 release notes. + +- **Automatic rollout and rollback**. Kubernetes automatically rolls out applications or instances whose configurations have been modified and monitors the running status of the applications. If any application fails to be rolled out, Kubernetes will roll back the previous modification. +- **Service discovery and load balancing**. Service discovery and load balancing based on the container IP addresses and DNS names are supported. +- **Storage orchestration**. Automatic mounting of multiple storage backends, such as local storage, NFS, iSCSI, Gluster, and Ceph. +- **Scaleou**t. Manual scaleout on the CLI and UI, and automatic scaleout based on the CPU usage are supported. + +## HA Cluster Solution + +The high-availability (HA) cluster solution provided by Kylinsoft implements second-level failover and provides users with an HA environment that ensures service continuity, continuous data protection, and disaster recovery. + +- **Multiple protection modes**. Protection modes such as dual-system hot backup, dual-system mutual backup, and multi-system backup (*N* + *M*) are supported to meet various protection requirements of service applications. +- **Physical machine and cloud scenarios**. HA can be configured in the VM pool, and for physical server nodes as well. +- **Network heartbeat modes (the single-heartbeat and dual-heartbeat modes)**. Shared data resources can be comprehensively monitored to ensure data consistency in extreme conditions. +- **Low resource consumption**. Online deployment is supported with secure use of protected application resources. +- **Mainstream system services and application software supported.** Nginx, httpd, MariaDB are supported. Secondary development is made possible. +- **HA-WEB man-machine interaction interfaces.** Interfaces for user login, cluster status display, and resource control are supported. +- **HA-API machine-machine interaction interfaces**. Interfaces for backend cluster control, resource management, cluster status monitoring, and resource status monitoring are supported. + +## More Desktop Environments + +More development desktop options and better development experience are provided. + +- **Xfce.** Xfce is a lightweight Linux desktop that occupies fewer resources than mainstream UIs. +- **DDE**. DDE is a Linux desktop environment provided by Uniontech Software. It is aesthetic, easy-to-use, and efficient. \ No newline at end of file diff --git a/docs/en/docs/Releasenotes/known-issues.md b/docs/en/docs/Releasenotes/known-issues.md index 16ada9132ac580ad434b59d9b922e73649597fbb..d79eae95f727ea83e11928d77f41827461ee9fa9 100644 --- a/docs/en/docs/Releasenotes/known-issues.md +++ b/docs/en/docs/Releasenotes/known-issues.md @@ -1,29 +1,11 @@ -# Known Issues - - - - - - - - - - - - - - - - -

Issue

-

Description

-

I1VR1W

-

An error message is displayed when the x86 QCOW2 image is used for VM creation or the ISO image is used for physical machine installation. The error message is output as expected. For details, see the issue response.

-

I1U1LP

-

The ARM-based physical machine uses the drive that has been written into the file system for customized partitioning, but the partitioning fails. A special path can be used to prevent this issue. For details, see the issue response.

-

I1VTC5

-

In the pressure test in the overcommitment scenario, frame freezing occurs to vmtop -H page turning when the number of vCPUs is greater than 1,000. The impact scope is controllable. For details, see the issue response.

-

I1WVM8

-

Among the CPU usage data collected by vmtop, the single core whose usage exceeds 100% exists. The impact scope is controllable. For details, see the issue response.

-
+# Known Issues + +| ISSUE| Description| +|:----------|:----------| +| [I39AN0](https://gitee.com/openeuler/community/issues/I26ZLO?from=project-issue)| \[21.03] ARM Physical Machine Reports the Kernel Error: "ACPI CPPC: Failed to find PCC channel for subspace 0"| +| [I39I7C](https://gitee.com/open_euler/dashboard?issue_id=I29P84)| \[21.03] ARM Physical Machine Reports the Kernel Error: "The BMC does not support, but the BMC needs to be fixed"| +| [I39MQQ](https://gitee.com/open_euler/dashboard?issue_id=I39MQQ)| \[21.03] Input Is Abnormal and the User Login Fails in the RC1 Version After the Up and Down Arrow Keys Are Used in the Login Area on the Character Interface| +| [I3A52C](https://gitee.com/open_euler/dashboard?issue_id=I3A52C)| \[21.03] Samba Service Fails to Start| +| [I3AB65](https://gitee.com/open_euler/dashboard?issue_id=I3AB65)| \[21.03] SCAP Security Guide Does Not Support the Check of OPSS (General Operating System Protection Configuration File)| +| [I3A8YY](https://gitee.com/open_euler/dashboard?issue_id=I3A8YY)| \[21.03] Stopping of nfs-blkmap Is in the "failed" State| diff --git a/docs/en/docs/Releasenotes/resolved-issues.md b/docs/en/docs/Releasenotes/resolved-issues.md index 01107f9b33cb9d4ebeb2f23e7e52130dd9a42951..ea183276474059d823213ff713499aa3969c979d 100644 --- a/docs/en/docs/Releasenotes/resolved-issues.md +++ b/docs/en/docs/Releasenotes/resolved-issues.md @@ -2,225 +2,234 @@ For the complete issue list, see [Complete Issue List](https://gitee.com/organizations/src-openeuler/issues). -For details about the complete kernel submission records, see [Record Submission](https://gitee.com/openeuler/kernel/commits/openEuler-1.0-LTS). - -**Applications and basic services** - - - - - - - - - - - - - - - - - - - - -

Issue

-

Description

-

I1TPY4

-

x86/arm mariadb-server installation fails.

-

I1TOV5

-

lm_sensors cannot be started by default, and systemd is in the degraded state.

-

I1TOCE

-

The kdump on an x86- or ARM-based physical machine fails to be started.

-

I1TZH1

-

The rule does not take effect when the destination port is 80 and the data packages from the source IP address of a host are added to the x86-based server.

-

I1T4O3

-

During x86 PXE installation, the %packages file in the .ks file is used to install minimal, @core, and @base. After the installation is successful, the startup is suspended.

-

I1T8JJ

-

The installation of the ARM-based freeRADIUS server fails.

-
- -**Programming languages and compilers ** - - - - - - - - - - -

Issue

-

Description

-

I1RUM6

-

Track the community to resolve the issue that the type of the file generated after the compilation of gcc -static-pie is incorrect.

-
- -**Virtualization and containers ** - - - - - - - - - - - - - - -

Issue

-

Description

-

I1TB7N

-

PMU nmi watchdog does not support CPU hot-plug.

-

I1TXAU

-

The VM fails to be started when the VM CPU mode is configured with host-model.

-

I1U8BP

-

When openEuler is used to set trusted boot as an image, the VM cannot identify the TPM device.

-
- -**Kernel** - - - - - - - - - - - - - - - - - - -

Issue

-

Description

-

I17YPQ

-

The drive connected to the LSI SAS3408 RAID controller card cannot be identified during the installation.

-

I1JZHT

-

The Netdevsim is repeatedly loaded and uninstalled, causing the system to reset.

-

I1RUC8

-

The performance loss of vmalloc on x86-based servers is huge.

-

I1R86G

-

An error of pread is reported when openEuler performs a test on the open GaussDB, causing the return to -EIO.

-

I1SISM

-

The XFS drive with size=8192 cannot be mounted to the openEuler on the x86 platform.

-
- -**Security ** - - - - - - - - - - -

Issue

-

Description

-

I1TQ15

-

An error is reported when the firewall-cmd --reload command is executed to add an IP address set that does not exist to the drop area as the source.

-
- -**Hardware and chips** ****** - - - - - - - - - - - - -

Issue

-

Description

-

I1SY0K

-

The Raspberry Pi Wi-Fi is unavailable and the connection to the Wi-Fi network fails.

-

I1R4G1

-

The connection to the Raspberry Pi BT fails repeatedly.

-
- -**File system ** - - - - - - - - - - - - - - -

Issue

-

Description

-

I1E0KN

-

A core dump occurs when a user creates and deletes folders concurrently in the XFS file system and uses the find command to query the folders.

-

I1MA88

-

The libguestfs uses the Gnulib code that has a vulnerability, causing a core dump.

-

I1T3GC

-

The memory allocation is reported to fail when the mounted drive letter is checked at the NFS client.

-
- -**Network ** - - - - - - - - - - - - - - -

Issue

-

Description

-

I1TO3R

-

An error occurs when the network-manager-appletda is invoked during installation and ipv4 is manually configured.

-

I1TYDG

-

The NetworkManager service cannot not be self-healed due to the D-Bus service exception.

-

I1AD7N

-

The IP address is lost when the network is restarted because the return value of the grep -L command in the network-scripts file is changed.

-
- -**System tools ** - - - - - - - - - - - -

Issue

-

Description

-

I1U7RL

-

An error occurs during system-config-printer installation.

-

I1T8H4

-

After the x86/ARM-based device is installed by default, the systemctl -all --failed command is executed and the tuned service fails to be started.

-
+For details about the kernel submission records, see \[Submission Record] (https://gitee.com/openeuler/kernel/commits/openEuler-21.03). + +For details about the resolved issues, see [Table 1](#table249714911433). + +Table 1 Resolved issues + +| ISSUE| Description| +|:----------|:----------| +| [I385CW](https://gitee.com/open_euler/dashboard?issue_id=I385CW)| \[21.03] An Error Is Reported During the Installation of mod\_fcgid, Indicating that Warnings and Failures Exist| +| [I38NM0](https://gitee.com/open_euler/dashboard?issue_id=I38NM0)| A Segment Error Occurs When the Same Enclave Is Destroyed Twice| +| [I38NO8](https://gitee.com/open_euler/dashboard?issue_id=I38NO8)| No Error Message Is Displayed When the Same Enclave Is Created Twice| +| [I38PJ8](https://gitee.com/open_euler/dashboard?issue_id=I38PJ8)| Infinite loop in htmlParseChunk found by fuzz| +| [I38QDA](https://gitee.com/open_euler/dashboard?issue_id=I38QDA)| Stack overflow found by honggfuzz| +| [I38SNU](https://gitee.com/open_euler/dashboard?issue_id=I38SNU)| \[21.03] System Services Fail to Be Started Due to SELinux Rules| +| [I38SON](https://gitee.com/open_euler/dashboard?issue_id=I38SON)| Codegen Fails to Display Messages When the Permission on the EDL Directory That Depends on the SDK Is Abnormal| +| [I38T6R](https://gitee.com/open_euler/dashboard?issue_id=I38T6R)| Displayed Message Is Unclear When the EDL File Is Not Specified or Is Added After **--search-path**| +| [I38WFT](https://gitee.com/open_euler/dashboard?issue_id=I38WFT)| Pacemaker Service Fails to Be Started in the Daily Build Version of openEuler 21.03, Which Can Be Resolved After the libqb Software Package Is Upgraded| +| [I38XEC](https://gitee.com/open_euler/dashboard?issue_id=I38XEC)| \[21.03] Rsyslog Service Fails to Be Started After the Minimum Installation Is Complete| +| [I38XHF](https://gitee.com/open_euler/dashboard?issue_id=I38XHF)| \[21.03] irqbalance Process Occasionally Times Out During VM Startup or Restart| +| [I38XPQ](https://gitee.com/open_euler/dashboard?issue_id=I38XPQ)| \[21.03] lm\_sensors Fails to Start or Restart on a Physical Machine or VM| +| [I38XQ2](https://gitee.com/open_euler/dashboard?issue_id=I38XQ2)| \[21.03] \[ARM/x86] Software Package Is Not Downloaded Based on the **dnf --downloadonly** Parameter | +| [I38XRJ](https://gitee.com/open_euler/dashboard?issue_id=I38XRJ)| \[21.03] tcsd.service Fails to Start or Restart on a VM| +| [I38XSC](https://gitee.com/open_euler/dashboard?issue_id=I38XSC)| \[21.03] VM Fails to Start or Restart rdisc| +| [I38ZCF](https://gitee.com/open_euler/dashboard?issue_id=I38ZCF)| \[21.03] \[ARM/x86] Kernel Version Displayed in **/etc/openEuler-latest** Is Different from the Actual Kernel Version | +| [I38ZTE](https://gitee.com/open_euler/dashboard?issue_id=I38ZTE)| \[21.03] File Conflict Occurs When hibernate-jpa-2.0-api-javadoc and hibernate-jpa-2.0-api-help Are Installed| +| [I391F2](https://gitee.com/open_euler/dashboard?issue_id=I391F2)| \[21.03] File Conflict Occurs When freeradius-posgresql and freeradius-mysql Are Installed| +| [I391PG](https://gitee.com/open_euler/dashboard?issue_id=I391PG)| \[21.03] "20.03" Is Displayed on the Boot Screen of the x86/ARM netinst Image and x86 Standard Image| +| [I3927G](https://gitee.com/open_euler/dashboard?issue_id=I3927G)| \[21.03] \[x86] Subpackages Conflict Occurs When NVML, nvml-help and PMDK Are Installed at the Same Time| +| [I392CF](https://gitee.com/open_euler/dashboard?issue_id=I392CF)| \[21.03] Warning Information Is Displayed During Firebird Installation| +| [I392HC](https://gitee.com/open_euler/dashboard?issue_id=I392HC)| \[openEuler 21.03] \[StratoVirt] Second Startup with the Same Configuration Fails and the Return Value Is Still 0 When the **-daemonize** Parameter Is Specified to Start a VM| +| [I392JK](https://gitee.com/open_euler/dashboard?issue_id=I392JK)| \[21.03] \[ARM/x86] Two python3-wheel Problems| +| [I392KT](https://gitee.com/open_euler/dashboard?issue_id=I392KT)| \[openEuler 21.03] \[StratoVirt] Error Message Is Displayed If the iothread Configured for the Device Specified by **-drive** Does Not Exist When a VM Is Started Using the CLI, But the Return Value Is Still 0 | +| [I393DJ](https://gitee.com/open_euler/dashboard?issue_id=I393DJ)| \[21.03] "call trace" Is Displayed in the Log After Minimum ARM Physical Machine Installation Is Performed and the System Is Rebooted| +| [I393JS](https://gitee.com/open_euler/dashboard?issue_id=I393JS)| \[21.03] \[x86] Error Message Is Displayed When the linux-sgx-driver Is Installed| +| [I393MX](https://gitee.com/open_euler/dashboard?issue_id=I393MX)| \[21.03] Error Message Is Displayed During the Installation of iavf| +| [I393NF](https://gitee.com/open_euler/dashboard?issue_id=I393NF)| \[21.03] Failure Reported During the Installation of sgx-dcap-pccs| +| [I393PF](https://gitee.com/open_euler/dashboard?issue_id=I393PF)| \[21.03] sgx-dcap-pccs Source Code Package Queried by Running the **dnf info** Command Is **sgx-dcap-pccs** Instead of **linux-sgx** | +| [I393U6](https://gitee.com/open_euler/dashboard?issue_id=I393U6)| \[21.03] Exception Occurs When fprintd Is Uninstalled| +| [I395AI](https://gitee.com/open_euler/dashboard?issue_id=I395AI)| \[openEuler 21.03] \[StratoVirt] Hot Swap Command Provided by virtio-net in **config\_guidebook.md** Is Incorrect | +| [I396YM](https://gitee.com/open_euler/dashboard?issue_id=I396YM)| \[21.03] Service Status Is "Failed" After authz Is Disabled on a VM| +| [I3980L](https://gitee.com/open_euler/dashboard?issue_id=I3980L)| Default Port Number Needs to Be Changed to 5000 Because 35357 Is No Longer Used| +| [I398PU](https://gitee.com/open_euler/dashboard?issue_id=I398PU)| \[21.03] \[x86/ARM] Error "Can't open PID file /run/irqbalance.pid" Reported by irqbalance| +| [I399FI](https://gitee.com/open_euler/dashboard?issue_id=I399FI)| No Configuration Files Available| +| [I399L1](https://gitee.com/open_euler/dashboard?issue_id=I399L1)| HTTPD Configuration File of Horizon Is Unavailable| +| [I399MW](https://gitee.com/open_euler/dashboard?issue_id=I399MW)| Duplicate spec and package| +| [I39A55](https://gitee.com/open_euler/dashboard?issue_id=I39A55)| Segment Error Occurs When An Enclave Is Created, A Random Number Is Generated, Encrypted, or Decrypted, or a Large Amount of Information Is Printed| +| [I39AEY](https://gitee.com/open_euler/dashboard?issue_id=I39AEY)| \[21.03] \[ARM/x86] Error Is Reported When **powertop2tuned new\_profile\_name --force** Is Executed | +| [I39AFM](https://gitee.com/open_euler/dashboard?issue_id=I39AFM)| \[21.03] Error "could not open '/sys/module/ib\_cm/holders'" Is Reported in System Logs of ARM Physical Machines| +| [I39AH8](https://gitee.com/open_euler/dashboard?issue_id=I39AH8)| \[21.03] \[ARM/x86] Error "startup phases are not supported" Is Reported by systemd-xdg-autostart-generator| +| [I39AJJ](https://gitee.com/open_euler/dashboard?issue_id=I39AJJ)| \[21.03] ARM Physical Machine Reports the Kernel Error "hisi\_sec2 0000:75:00.0: fail to alloc uacce"| +| [I39ALG](https://gitee.com/open_euler/dashboard?issue_id=I39ALG)| \[21.03] \[ARM] Kernel Error Is Reported on the TaiShan 2280 V2 Physical Machine: "cma: cma\_alloc: alloc failed"| +| [I39AM8](https://gitee.com/open_euler/dashboard?issue_id=I39AM8)| \[21.03] \[ARM] Kernel Error Is Reported on the TaiShan 2280 V2 Physical Machine: "swapper/0 page allocation failure"| +| [I39ANR](https://gitee.com/open_euler/dashboard?issue_id=I39ANR)| \[21.03] slpd Service Fails to Be Started Because the Binary File Is Missing When the OpenSLP Is Installed Using the base Source| +| [I39ET0](https://gitee.com/open_euler/dashboard?issue_id=I39ET0)| \[21.03] \[ARM/x86] Error Is Reported When oemaker Constructs the Standard ISO| +| [I39EVJ](https://gitee.com/open_euler/dashboard?issue_id=I39EVJ)| NULL pointer dereference in cil\_fill\_ipaddr| +| [I39GGV](https://gitee.com/open_euler/dashboard?issue_id=I39GGV)| \[21.03] Alarm Is Generated When the VM Starts or Restarts the php-fpm Service| +| [I39H0X](https://gitee.com/open_euler/dashboard?issue_id=I39H0X)| \[21.03] Self-Compiling of Some Packages Fails Because the Maven Script Is Missing in the Source Code| +| [I39HQB](https://gitee.com/open_euler/dashboard?issue_id=I39HQB)| \[21.03] Kernel Fails to Be Compiled Locally| +| [I39IB4](https://gitee.com/open_euler/dashboard?issue_id=I39IB4)| \[21.03] NIC Name Is Displayed as "rename" on the NIC and Host Name Setting Page During the Installation of an x86 Physical Machine| +| [I39IFV](https://gitee.com/open_euler/dashboard?issue_id=I39IFV)| \[21.03] NGINX Service Document Contains "redhat"| +| [I39KLF](https://gitee.com/open_euler/dashboard?issue_id=I39KLF)| Placement HTTPD Configuration Is Unavailable| +| [I39LM9](https://gitee.com/open_euler/dashboard?issue_id=I39LM9)| \[openEuler 21.03-RC1] \[vmtop] Terminal Page Is Refreshed| +| [I39LMD](https://gitee.com/open_euler/dashboard?issue_id=I39LMD)| \[openEuler 21.03-RC1] \[vmtop] Parameter Parsing and Error Information Is Missing| +| [I39MI9](https://gitee.com/open_euler/dashboard?issue_id=I39MI9)| \[21.03] Some SRC Files Fail to Be Compiled Locally Due to the Lack of maven-plugins-pom| +| [I39N4Y](https://gitee.com/open_euler/dashboard?issue_id=I39N4Y)| \[21.03] Local Compilation of Some Source Code Packages Fails Because totem-pl-parser-devel and pkgconfig (totem-plparser) Are Missing| +| [I39NDA](https://gitee.com/open_euler/dashboard?issue_id=I39NDA)| \[21.03] Local Compilation of XSane Fails Due to the Lack of gimp-devel| +| [I39NWJ](https://gitee.com/open_euler/dashboard?issue_id=I39NWJ)| \[21.03] Local Compilation of gnulib Fails| +| [I39OT1](https://gitee.com/open_euler/dashboard?issue_id=I39OT1)| \[21.03] PR Needs to Be Synchronized to the Fix iscsiadm segfault when exiting Branch| +| [I39OZA](https://gitee.com/open_euler/dashboard?issue_id=I39OZA)| \[openEuler 21.03] \[Virtualization] Support for the Zstd Compression Algorithm by Live Migration Is Not Included in the 21.03 Version| +| [I39PTI](https://gitee.com/open_euler/dashboard?issue_id=I39PTI)| Compilation Fails If the Signature Tool and Codegen Are Not Included in the secGear RPM Files| +| [I39Q0V](https://gitee.com/open_euler/dashboard?issue_id=I39Q0V)| \[21.03] "Failed to migrate controller cgroups" Is Displayed When a Common User Is Added and the user@id.service Corresponding to the User Is Started| +| [I39RTQ](https://gitee.com/open_euler/dashboard?issue_id=I39RTQ)| Optimized the Command Output for Database Initialization | +| [I39S7T](https://gitee.com/open_euler/dashboard?issue_id=I39S7T)| No Log Is Recorded When installdep, builddep, and bedepend Are Used to Query a Package That Does Not Exist for Multiple Times| +| [I39SCE](https://gitee.com/open_euler/dashboard?issue_id=I39SCE)| \[21.03] "opening triplet file failed" Is Displayed When Logs Are Queried After strongswan Is Enabled| +| [I39SYV](https://gitee.com/open_euler/dashboard?issue_id=I39SYV)| \[21.03] Local Compilation of Gemini Blueprint Fails Due to the Lack of springframework-context-support| +| [I39T5C](https://gitee.com/open_euler/dashboard?issue_id=I39T5C)| \[21.03] Error Is Displayed During the Startup of the Physical Machine: rdma-init-kernel: Failed to add sysattr match| +| [I39T7I](https://gitee.com/open_euler/dashboard?issue_id=I39T7I)| No Log Is Recorded If a File Does Not Exist During the Querying of Multiple Packages by selfdepend| +| [I39T9E](https://gitee.com/open_euler/dashboard?issue_id=I39T9E)| Compilation Fails If the EDL File Is Not Included When secGear-related RPM Packages Are Installed| +| [I39T9T](https://gitee.com/open_euler/dashboard?issue_id=I39T9T)| \[21.03] \[ARM/x86] System Reports an Error When the systemctl for Starting the rsyslog service and the rsyslogd Command Are Executed at the Same Time| +| [I39THU](https://gitee.com/open_euler/dashboard?issue_id=I39THU)| \[21.03] Error Message Is Displayed During the Startup of an x86 Physical Machine: "rdma-ndd: set Node Description failed on i40iw0"| +| [I39TLM](https://gitee.com/open_euler/dashboard?issue_id=I39TLM)| \[21.03] \[ARM/x86] All Commands in the sos Package Cannot be Executed and an Error Is Displayed Indicating that the **/etc/sos/sos.conf** Configuration File Does Not Exist | +| [I39TTG](https://gitee.com/open_euler/dashboard?issue_id=I39TTG)| \[21.03] \[ARM/x86] An Error Is Reported When the **cppcheck-htmlreport** Command in the cppcheck File Is Executed | +| [I39TTT](https://gitee.com/open_euler/dashboard?issue_id=I39TTT)| "sgx\_sign:command not found" Is Displayed During Compilation After the secGear RPM Package Is Installed. You Need to Run the **source** Command on the sgx Package, Compress the Package and Link It Directly| +| [I39TZM](https://gitee.com/open_euler/dashboard?issue_id=I39TZM)| \[21.03] openEuler-latest-release Fails to Be Compiled Locally| +| [I39U52](https://gitee.com/open_euler/dashboard?issue_id=I39U52)| \[21.03] Duplicate partuids Exist When Parted Partitions Are Used| +| [I39U8C](https://gitee.com/open_euler/dashboard?issue_id=I39U8C)| \[21.03] \[ARM/x86] Integrity Error Is Reported on the Physical Machine: "Unable to open file: /etc/keys/x509\_ima.der (-2)" | +| [I39W2T](https://gitee.com/open_euler/dashboard?issue_id=I39W2T)| \[21.03] Timestamps of the Files in the XFS File System Cannot Be Changed to Later than 2038| +| [I39W4K](https://gitee.com/open_euler/dashboard?issue_id=I39W4K)| Code Generation Tool Needs to Adapt to the secGear/host\_inc Directory Created When the secGear-related RPM Files Are Installed| +| [I39WJX](https://gitee.com/open_euler/dashboard?issue_id=I39WJX)| No Exception Is Captured When a Common User Is Initialized| +| [I39Y6E](https://gitee.com/open_euler/dashboard?issue_id=I39Y6E)| CMake Reports an Error After a secGear RPM File Is Installed| +| [I3A028](https://gitee.com/open_euler/dashboard?issue_id=I3A028)| \[21.03] Service Status Is "Failed" After atuned Is Disabled on a VM| +| [I3A0UX](https://gitee.com/open_euler/dashboard?issue_id=I3A0UX)| \[21.03] Local Compilation of Augeas Fails| +| [I3A0WO](https://gitee.com/open_euler/dashboard?issue_id=I3A0WO)| \[21.03] Local Compilation of Ceph Fails| +| [I3A103](https://gitee.com/open_euler/dashboard?issue_id=I3A103)| \[21.03] Local Compilation of Coreutils Fails| +| [I3A11P](https://gitee.com/open_euler/dashboard?issue_id=I3A11P)| Local Compilation of createrepo\_c Fails| +| [I3A16L](https://gitee.com/open_euler/dashboard?issue_id=I3A16L)| \[21.03] Local Compilation of Devhelp| +| [I3A1AI](https://gitee.com/open_euler/dashboard?issue_id=I3A1AI)| Setting Permission of the Encrypted Signature File and Others to 600| +| [I3A1TC](https://gitee.com/open_euler/dashboard?issue_id=I3A1TC)| \[21.03] \[x86] System Is Suspended and a Crash File Is Generated After Long-term Stability Test Cases Are Executed| +| [I3A2BR](https://gitee.com/open_euler/dashboard?issue_id=I3A2BR)| \[21.03] "Failed to parse PID from file /run/nginx.pid" Is Displayed When Logs Are Queried Using nginx start| +| [I3A3KM](https://gitee.com/open_euler/dashboard?issue_id=I3A3KM)| \[openEuler 21.03] \[Virtualization] cpu\_custom Patch Is Not Integrated Into Kernel 5.10.0-4.0.0| +| [I3A3X0](https://gitee.com/open_euler/dashboard?issue_id=I3A3X0)| \[21.03] "Error setting audit daemon pid (Permission denied)" Is Recorded in the Log After the System Is Installed and Anaconda Is Restarted| +| [I3A50O](https://gitee.com/open_euler/dashboard?issue_id=I3A50O)| \[21.03] Service Fails to Be Started After atune-engine Is Restarted on a VM| +| [I3A554](https://gitee.com/open_euler/dashboard?issue_id=I3A554)| \[openEuler 21.03] \[Virtualization] openEuler 21.03 Occupies a Large Amount of Memory After the ARM Server Is Started| +| [I3A5VT](https://gitee.com/open_euler/dashboard?issue_id=I3A5VT)| \[openEuler 21.03] \[Virtualization] A Small Amount of Memory Leaks During TLS Live Migration| +| [I3A5YC](https://gitee.com/open_euler/dashboard?issue_id=I3A5YC)| \[21.03] Service speech-dispatcher Fails To Be Started| +| [I3A600](https://gitee.com/open_euler/dashboard?issue_id=I3A600)| Command **/usr/sbin/sfcbd** Fails to Run| +| [I3A66H](https://gitee.com/open_euler/dashboard?issue_id=I3A66H)| \[21.03] \[ARM] System Reports an Exception After a Long-term Stability Test Case Is Executed for a Period of Time| +| [I3A6CP](https://gitee.com/open_euler/dashboard?issue_id=I3A6CP)| Two Basic Packages Fail to Be Compiled Locally After the Value of the Macro openEuler Is Changed to **21.03**| +| [I3A6FU](https://gitee.com/open_euler/dashboard?issue_id=I3A6FU)| \[21.03] \[x86/ARM] An Error Is Reported for the **semctl09/proc01/tpci** Case When LTP Is Executed | +| [I3A84O](https://gitee.com/open_euler/dashboard?issue_id=I3A84O)| An Error Is Reported When Flags Is Set to **0** During Enclave Creation | +| [I3A89D](https://gitee.com/open_euler/dashboard?issue_id=I3A89D)| \[21.03] nghttpx.service Fails to Be Started| +| [I3A8GH](https://gitee.com/open_euler/dashboard?issue_id=I3A8GH)| Segment Error Occurs When an Enclave Is Destroyed and Then Recreated| +| [I3A8IJ](https://gitee.com/open_euler/dashboard?issue_id=I3A8IJ)| \[21.03] spice-webdavd.service Fails to Be Restarted| +| [I3A8OS](https://gitee.com/open_euler/dashboard?issue_id=I3A8OS)| \[21.03] vma Service Status Changes to "inactive" After It Is Reloaded| +| [I3A8X9](https://gitee.com/open_euler/dashboard?issue_id=I3A8X9)| \[21.03] Error Logs Are Reported After the named-sdb-chroot,named-chroot and named Services Are Started| +| [I3A8YF](https://gitee.com/open_euler/dashboard?issue_id=I3A8YF)| \[21.03] Error Log "auxpropfunc error no mechanism available" Is Displayed After slapd.service Is Started| +| [I3A8Z8](https://gitee.com/open_euler/dashboard?issue_id=I3A8Z8)| \[21.03] Status of sm-client.service After Start Is: "sm-client.service: Failed to..."| +| [I3A8ZA](https://gitee.com/open_euler/dashboard?issue_id=I3A8ZA)| \[21.03] Error Log "auxpropfunc error no mechanism available" Is Displayed After the sendmail.service Is Started| +| [I3A936](https://gitee.com/open_euler/dashboard?issue_id=I3A936)| \[21.03] Service Status of the bacular-dir, bacular-fd and bacula-sd Services Changes to "failed" After They Are Started and Then Stopped| +| [I3ABFW](https://gitee.com/open_euler/dashboard?issue_id=I3ABFW)| Interface Is Changed Due to Package Upgrade| +| [I3AS0I](https://gitee.com/open_euler/dashboard?issue_id=I3AS0I)| \[RC1] Core Dump Is Triggered When glade Is Executed on the Xfce GUI in the AArch64 Architecture, But It Does Not Occur in the x86\_64 Environment| +| [I3AT8N](https://gitee.com/open_euler/dashboard?issue_id=I3AT8N)| \[21.03] \[ARM/x86] systemd-resolved.service Fails to Be Started and the NFS/SMB Service Fails to Be Restarted After the Server Is Restarted After the SELinux Is Enabled | +| [I3AXP2](https://gitee.com/open_euler/dashboard?issue_id=I3AXP2)| Error Is Reported When the Enclave Is Repeatedly Created, Random Numbers Are Generated, and the Enclave Is Destroyed | +| [I3B0IH](https://gitee.com/open_euler/dashboard?issue_id=I3B0IH)| \[21.03] [x86] Physical Machine Cannot Be Brought Online After CPU 0 Is Brought Offline | +| [I2433Y](https://gitee.com/open_euler/dashboard?issue_id=I2433Y)| \[pkgship] File **/usr/share/doc/pkgship/README.md** Is Not Updated| +| [I38NK4](https://gitee.com/open_euler/dashboard?issue_id=I38NK4)| Segment Error Occurs After the Enclave Is Destroyed| +| [I3A2CO](https://gitee.com/open_euler/dashboard?issue_id=I3A2CO)| sealert Command Is Unavailable After the Installation| +| [I3A8AW](https://gitee.com/open_euler/dashboard?issue_id=I3A8AW)| \[21.03] System Responds Abnormally When You Click a Button During the Installation of an x86 VM| +| [I3AAEM](https://gitee.com/open_euler/dashboard?issue_id=I3AAEM)| \[pkgship] Error Is Reported When Elasticsearch Is Installed and Started Using the Automatic Installation and Deployment Script| +| [I3AEG7](https://gitee.com/open_euler/dashboard?issue_id=I3AEG7)| \[21.03] Matplotlib Fails to Run| +| [I3AHWR](https://gitee.com/open_euler/dashboard?issue_id=I3AHWR)| \[pkgship] Database Initialization Often Fails| +| [I3AITX](https://gitee.com/open_euler/dashboard?issue_id=I3AITX)| \[21.03] Source Information Queried Using **dnf info apache-zookeeper** Is Inconsistent with the Source Package Name | +| [I3AIVF](https://gitee.com/open_euler/dashboard?issue_id=I3AIVF)| \[21.03] Failure Message Is Displayed When the Mailman Is Uninstalled| +| [I3AIZP](https://gitee.com/open_euler/dashboard?issue_id=I3AIZP)| \[openEuler 21.03] Error Message Is Displayed When the Kernel RPM Fails to Be Installed, Indicating that Headers Are Required| +| [I3AJ2L](https://gitee.com/open_euler/dashboard?issue_id=I3AJ2L)| \[pkgship] Error Is Reported During Command Execution When **init\_conf\_path** in the Configuration File Is Set to a Non-YAML File | +| [I3AJ33](https://gitee.com/open_euler/dashboard?issue_id=I3AJ33)| \[21.03] NIC Is Not Enabled and No IP Address Is Available After the System Is Started| +| [I3AJ36](https://gitee.com/open_euler/dashboard?issue_id=I3AJ36)| \[pkgship] Code Exception Occurs When the Initialization Command Specifies a File Path that Does Not Exist| +| [I3AJ5Q](https://gitee.com/open_euler/dashboard?issue_id=I3AJ5Q)| \[21.03] Service lvm2.pvscan Reports an Error Because the System Installed on the RAID Disk Cannot Be Identified| +| [I3AJZ3](https://gitee.com/open_euler/dashboard?issue_id=I3AJZ3)| \[21.03] spice-webdavd Fails to Be Started Due to the Lack of the Avahi Dependency Package| +| [I3AK1K](https://gitee.com/open_euler/dashboard?issue_id=I3AK1K)| \[pkgship] Initialized Databases Are Not Sorted Alphabetically When the Configured Database Priorities Are the Same| +| [I3AKM2](https://gitee.com/open_euler/dashboard?issue_id=I3AKM2)| \[21.03] \[x86/ARM] **mount -t cgroup -o memory ltp\_cgroup /dev/cgroup/** Fails to Be Executed After the **/dev/cgroup** Directory Is Created | +| [I3AKUR](https://gitee.com/open_euler/dashboard?issue_id=I3AKUR)| \[openEuler 21.03] \[iSCSI] Error Message "Unknown driver'iscsi'" Is Displayed When network\_disk Is Started in the New Version| +| [I3ALZ6](https://gitee.com/open_euler/dashboard?issue_id=I3ALZ6)| \[openEuler 21.03] \[I/O Suspension] Foolproof Is Not Set and the VM Can Still Be Started Using the QEMU Command When I/O Suspension Is Configured and **retry\_interval** and **retry\_timeout** Are Set to -1| +| [I3AM39](https://gitee.com/open_euler/dashboard?issue_id=I3AM39)| \[openEuler 21.03] Core Dump Fails Using the **virsh dump** Command Immediately After a VM Is Started| +| [I3AM4T](https://gitee.com/open_euler/dashboard?issue_id=I3AM4T)| \[openEuler 21.03] Memory Information Is Missing from the Cgroup Information of the QEMU Process| +| [I3AMMG](https://gitee.com/open_euler/dashboard?issue_id=I3AMMG)| \[openEuler 21.03] Setting **emulator\_quota** to **18446744073709551** Fails| +| \[[I3AMTA](https://gitee.com/open_euler/dashboard?issue_id=I3AMTA)| \[pkgship] Elasticsearch Times Out When the openEuler 20.09 Database Is Initialized| +| [I3AMVH](https://gitee.com/open_euler/dashboard?issue_id=I3AMVH)| \[21.03] \[ARM/x86] Some Services Fail to Be Started After SELinux Is Enabled | +| [I3AMW5](https://gitee.com/open_euler/dashboard?issue_id=I3AMW5)| \[pkgship] Interaction Is Canceled During Automatic Redis/Elasticsearch Installation and Deployment| +| [I3AN14](https://gitee.com/open_euler/dashboard?issue_id=I3AN14)| \[pkgship] System Should Prompt the User to Start the pkgship Service Instead of the uWSGI Service When the User Queries a Service That Is Not Started| +| [I3ANFP](https://gitee.com/open_euler/dashboard?issue_id=I3ANFP)| \[pkgship] Initialization Using the Local Repo Source that Does Not Exist Is Successful| +| [I3AP8U](https://gitee.com/open_euler/dashboard?issue_id=I3AP8U)| \[pkgship] **-install** and **-build** Parameters Cannot Be Transferred at the Same Time During pkgship bedepend Query| +| [I3AR58](https://gitee.com/open_euler/dashboard?issue_id=I3AR58)| \[21.03] \[x86/ARM] Installed LXCFS Service Fails to Be Started Due to the Lack of the Module to Load FUSE| +| [I3AR6K](https://gitee.com/open_euler/dashboard?issue_id=I3AR6K)| \[21.03] \[ARM/x86] Parameter **-q** of radeapclient Is Incorrect| +| [I3ARDX](https://gitee.com/open_euler/dashboard?issue_id=I3ARDX)| \[pkgship] Message Is Displayed Indicating that the Local pkgship Service Needs to be Started When a Client Sends a Request to Query the Server| +| [I3ARHT](https://gitee.com/open_euler/dashboard?issue_id=I3ARHT)| \[pkgship] System Falsely Displays a Message Indicating that the Service is Started When the Remote Redis Cannot Be Accessed| +| [I3ARNO](https://gitee.com/open_euler/dashboard?issue_id=I3ARNO)| \[21.03] Formatting of the mkfs.ext3 1.1 TB Disk of a Physical Machine Is Stuck| +| [I3AROU](https://gitee.com/open_euler/dashboard?issue_id=I3AROU)| \[pkgship] There Is No Traffic Control Measure for Local Query Accesses| +| [I3ART8](https://gitee.com/open_euler/dashboard?issue_id=I3ART8)| \[pkgship] Path in the Log Dump File Is Not Changed Accordingly After the Service Log Path Is Changed and the Service Is Started| +| [I3ARZH](https://gitee.com/open_euler/dashboard?issue_id=I3ARZH)| \[pkgship] Deleted **log\_name** in the Configuration File Takes Effect After It Is Manually Added and Assigned with a Value| +| [I3ASPJ](https://gitee.com/open_euler/dashboard?issue_id=I3ASPJ)| \[openEuler 21.03] \[Virtualization] Compression Level Range That Can Be Set for Zstd Compression Migration Is Inconsistent with that Described in the Document| +| [I3AUO2](https://gitee.com/open_euler/dashboard?issue_id=I3AUO2)| Using **kexec -l** to Add **cpuparkmem** to Reserve Memory Fails When **cpuparkmem** Is Not Added in the Baseline Version| +| [I3AVDX](https://gitee.com/open_euler/dashboard?issue_id=I3AVDX)| \[pkgship] Service Fails to Be Started When **query\_ip\_addr** Is Set to an IP Address That Does Not Exist| +| [I3AVO6](https://gitee.com/open_euler/dashboard?issue_id=I3AVO6)| \[21.03] ARM VM Reports the Following Kernel Error: "ERROR: Endpoint drop flag = 0, add flag = 1..."| +| [I3AW41](https://gitee.com/open_euler/dashboard?issue_id=I3AW41)| \[pkgship] Code Exception Is Thrown in the Command Output When an Invalid Address Is Configured for **remote\_host**| +| [I3AWPM](https://gitee.com/open_euler/dashboard?issue_id=I3AWPM)| \[21.03] ARM Kernel Does Not Support Files Cgroup| +| [I3AX0D](https://gitee.com/open_euler/dashboard?issue_id=I3AX0D)| **-q** Occasionally Fails to Load the Kernel When the Kernel Is Replaced Repeatedly Using **-q** and **-l** Alternately | +| [I3AZUU](https://gitee.com/open_euler/dashboard?issue_id=I3AZUU)| Account Is Not Locked If a User Enters Incorrect Login Passwords for Three Consecutive Times| +| [I3AZYM](https://gitee.com/open_euler/dashboard?issue_id=I3AZYM)| \[21.03 RC2] Error Is Reported When podman stats Is Executed| +| [I3B0ZW](https://gitee.com/open_euler/dashboard?issue_id=I3B0ZW)| sudo File Syntax Is Incorrect and Cannot Be Used| +| [I3B17Q](https://gitee.com/open_euler/dashboard?issue_id=I3B17Q)| \[21.03] Error Message "blk\_update\_request" Is Displayed When the ARM Physical Machine Boots from the USB I/O error| +| [I3B2B2](https://gitee.com/open_euler/dashboard?issue_id=I3B2B2)| \[21.03] Drive Letter Shift Occurs Occasionally Because No Hot Swap Is Performed| +| [I3B3BD](https://gitee.com/open_euler/dashboard?issue_id=I3B3BD)| \[21.03] Kernel Error "hisi\_sec2: Failed to enable PASID" Occurs on a TaiShan 200 (Model 2280) ARM Physical Machine| +| [I3B3G0](https://gitee.com/open_euler/dashboard?issue_id=I3B3G0)| \[pkgship] CLI Throws an Exception and Does Not Process It After the Value of database\_engine\_type in the Configuration File Is Changed| +| [I3B3IP](https://gitee.com/open_euler/dashboard?issue_id=I3B3IP)| \[pkgship] Value Assignment of the **REDIS** Parameter in the Configuration File Is Not Verified| +| [I3B3J7](https://gitee.com/open_euler/dashboard?issue_id=I3B3J7)| Specifications Should Be Provided for Large Memory Encryption and Decryption| +| [I3B48M](https://gitee.com/open_euler/dashboard?issue_id=I3B48M)| \[21.03] \[ARM/x86] Exception Occurs After the System Is Restarted When All Base Image Packages Are Installed and SELinux Is Enabled | +| [I3B4PB](https://gitee.com/open_euler/dashboard?issue_id=I3B4PB)| \[21.03] Kernel Occasionally Reports the Error on the Physical Machine: "usbhid: probe of 1-1.1:1.1 failed with error -110"| +| [I3B4VE](https://gitee.com/open_euler/dashboard?issue_id=I3B4VE)| \[ARM] \[21.03] kexec-related Logs Are Not Recorded During the nvwa Operation| +| [I3B4XH](https://gitee.com/open_euler/dashboard?issue_id=I3B4XH)| \[ARM] \[21.03] Method of Modifying the Service File Configuration Is Improper if the Port Needs to Be Changed During the nvwa Operation| +| [I3B4XU](https://gitee.com/open_euler/dashboard?issue_id=I3B4XU)| \[ARM] \[21.03] Restoration Using nvwa Update Fails If PID Is Occupied| +| [I3B4ZE](https://gitee.com/open_euler/dashboard?issue_id=I3B4ZE)| \[ARM] \[21.03] Service nvwa Needs to Support Configuration Update During Restart| +| [I3B514](https://gitee.com/open_euler/dashboard?issue_id=I3B514)| \[21.03] Kernel Error Occurs on an x86 Physical Machine: "xhci\_hcd: ERROR: unexpected command completion code 0x11"| +| [I3B5Z4](https://gitee.com/open_euler/dashboard?issue_id=I3B5Z4)| \[21.03] Field "20.03" Is Found in the Quick Start Document| +| [I3B60G](https://gitee.com/open_euler/dashboard?issue_id=I3B60G)| \[21.03] Corresponding Image Is Missing| +| [I3B85Z](https://gitee.com/open_euler/dashboard?issue_id=I3B85Z)| \[21.03] Kernel Error Occurs on an x86 Physical Machine: "ERROR: unexpected command completion code 0x11"| +| [I3B8JG](https://gitee.com/open_euler/dashboard?issue_id=I3B8JG)| \[21.03] Version Information in the Quick Start Document Is Incorrect| +| [I3B8NK](https://gitee.com/open_euler/dashboard?issue_id=I3B8NK)| \[21.03] Chinese Installation Guide Does Not Contain the Corresponding Screenshots| +| [I3BC45](https://gitee.com/open_euler/dashboard?issue_id=I3BC45)| \[21.03] Formatting of the mkfs.ext3 1.1 TB Disk of a Physical Machine Is Stuck| +| [I3BD57](https://gitee.com/open_euler/dashboard?issue_id=I3BD57)| \[21.03] Option Scanning of Security Compilation Is Abnormal| +| [I3BFEO](https://gitee.com/open_euler/dashboard?issue_id=I3BFEO)| Inspector Startup Service File Does Not Contain the --config-file Option and the Default Configuration File Is Missing| +| [I3BGE4](https://gitee.com/open_euler/dashboard?issue_id=I3BGE4)| \[21.03] \[ARM/x86] Parameter **radsqlrelay -P** Is Invalid| +| [I3BMBV](https://gitee.com/open_euler/dashboard?issue_id=I3BMBV)| \[21.03] \[ARM] No Use Option for the nvwa Binary| +| [I3BMHR](https://gitee.com/open_euler/dashboard?issue_id=I3BMHR)| \[21.03] Error Occurs When the samba-tool Command Is Executed| +| [I3BMJF](https://gitee.com/open_euler/dashboard?issue_id=I3BMJF)| \[ARM] \[21.03] Description of the Configuration Items That Users Do Not Need to Pay Attention to in the **server.yaml** File Should be Optimized to Avoid Incorrect Modification| +| [I3BQDY](https://gitee.com/open_euler/dashboard?issue_id=I3BQDY)| Process isgx Is Still Running After the linux-sgx-driver Is Installed and Then Removed| +| [I3BQH3](https://gitee.com/open_euler/dashboard?issue_id=I3BQH3)| \[ARM] \[21.03] Error Message "File \* already exists" Is Displayed When **syatemctl enable nvwa** Is Used| +| [I3BW4X](https://gitee.com/open_euler/dashboard?issue_id=I3BW4X)| \[openEuler 21.03] Error Is Reported When **cpu.cfs\_quota\_us** of cgroup Is Set to **18446744073709551**| +| [I3C6MP](https://gitee.com/open_euler/dashboard?issue_id=I3C6MP)| Spelling Error for Error Message "permission denied" Reported by the Codegen| +| [I3BHF2](https://gitee.com/open_euler/dashboard?issue_id=I3BHF2)| \[ARM] \[21.03] Service nvwa Supports Live Migration Only for the Daemon Process and SELinux Needs To Be Disabled| +| [I3BJIJ](https://gitee.com/open_euler/dashboard?issue_id=I3BJIJ)| \[pkgship] Initialization Progress Bar Keeps Running When the Files Fail to be Verified| +| [I3BMKM](https://gitee.com/open_euler/dashboard?issue_id=I3BMKM)| \[21.03] Error Message Is Displayed During i40e Installation| +| [I3BOC4](https://gitee.com/open_euler/dashboard?issue_id=I3BOC4)| \[openEuler 21.03] Sub-item 502.gcc of SPEC2017 Is Suspended| +| [I3BPQ8](https://gitee.com/open_euler/dashboard?issue_id=I3BPQ8)| \[21.03] Description About User Passwords in the *Administration/Managing Users and User Groups.md* Needs to Be Modified| +| [I3BQ2Z](https://gitee.com/open_euler/dashboard?issue_id=I3BQ2Z)| \[pkgship] Initialization Can Be Performed When the Service Is Disabled| +| [I3BQDX](https://gitee.com/open_euler/dashboard?issue_id=I3BQDX)| \[21.03] Description About Creating a Local Software Repository in the *Administration/Managing Software Packages Through DNF.md* Needs to Be Modified| +| [I3BQE3](https://gitee.com/open_euler/dashboard?issue_id=I3BQE3)| \[21.03] Some Packages Cannot Be Found During Group Installation| +| [I3BQVH](https://gitee.com/open_euler/dashboard?issue_id=I3BQVH)| \[21.03] Description About Extending a VG in the *Administration/Managing Hard Disks Through LVM.md* Needs to Be Modified| +| [I3BQW6](https://gitee.com/open_euler/dashboard?issue_id=I3BQW6)| \[21.03] Deletion of the **/** Partition Fails But the System Prompts That It Is Successfully Deleted| +| [I3BRDW](https://gitee.com/open_euler/dashboard?issue_id=I3BRDW)| \[openEuler 21.03] Device Update Using virsh update-device Fails| +| [I3BT7H](https://gitee.com/open_euler/dashboard?issue_id=I3BT7H)| \[ARM] \[21.03] No Dump Failure Log Is Generated in **/etc/nvwa/running** When the Service Dump Fails| +| [I3BT8M](https://gitee.com/open_euler/dashboard?issue_id=I3BT8M)| \[pkgship] pkginfo Interface Implementation Does Not Comply with the Design Document| +| [I3BTUX](https://gitee.com/open_euler/dashboard?issue_id=I3BTUX)| \[21.03] \[ARM/x86] Words in the Dictionary Can Be Used as the Password, Which Is Inconsistent with the Description in the Official Website Manual| +| [I3BU08](https://gitee.com/open_euler/dashboard?issue_id=I3BU08)| \[21.03] \[ARM/x86] LTP Test Case memcg\_stat\_test/memcg\_use\_hierarchy Fails to Be Executed| +| [I3BU3W](https://gitee.com/open_euler/dashboard?issue_id=I3BU3W)| \[21.03] \[x86/ARM] systemd-xdg-autostart-generator Reports an Error Because the pkcs11-register.desktop File Is Not Deleted| +| [I3BUAQ](https://gitee.com/open_euler/dashboard?issue_id=I3BUAQ)| \[21.03] Local Compilation of Atlas Fails| +| [I3BVKD](https://gitee.com/open_euler/dashboard?issue_id=I3BVKD)| \[21.03] Local Compilation of LAPACK Fails| +| [I3BVX5](https://gitee.com/open_euler/dashboard?issue_id=I3BVX5)| \[21.03] Error Log "Can't open PID file /run/sendmail.pid" Is Displayed After the sendmail.service Is Started| +| [I3BWCP](https://gitee.com/open_euler/dashboard?issue_id=I3BWCP)| \[21.03] \[ARM/x86] LTP semctl09 Fails Due to the glibc Problem | +| [I3BYW0](https://gitee.com/open_euler/dashboard?issue_id=I3BYW0)| \[21.03] Error Log "Unable to render networking" Is Displayed for the cloud-init Service After It Is Installed and the System Is Restarted| +| [I3BYW2](https://gitee.com/open_euler/dashboard?issue_id=I3BYW2)| \[21.03] Local Compilation of secGear Fails| +| [I3C00V](https://gitee.com/open_euler/dashboard?issue_id=I3C00V)| Description in the pkgship Document Is Incorrect| +| [I3C2ES](https://gitee.com/open_euler/dashboard?issue_id=I3C2ES)| \[21.03] Service rasdaemon of the Physical Machine Displays: "rasdaemon: Can't register mce handler" and "diskerror\_eventstore"| +| [I3C2JT](https://gitee.com/open_euler/dashboard?issue_id=I3C2JT)| \[21.03] \[x86] Error Log "Server GSSAPI error" Is Displayed After MariaDB Is Started| +| [I3C5A9](https://gitee.com/open_euler/dashboard?issue_id=I3C5A9)| \[openEuler 21.03] \[ARM] Compilation of libvirt Using the SRC Package Fails| +| [I3C5LD](https://gitee.com/open_euler/dashboard?issue_id=I3C5LD)| Core Occurs After etmemd Is Started and **etmem migrate start** Is Executed| +| [I3CBT0](https://gitee.com/open_euler/dashboard?issue_id=I3CBT0)| \[21.03] \[ARM] kdump Fails to Be Started| +| [I3CBXD](https://gitee.com/open_euler/dashboard?issue_id=I3CBXD)| \[21.03] Error Message Is Displayed When the Subpackage of GRUB2 Is Uninstalled| +| [I3CDJQ](https://gitee.com/open_euler/dashboard?issue_id=I3CDJQ)| \[21.03] Local Compilation Using rpmbuild Fails| +| [I3CEO1](https://gitee.com/open_euler/dashboard?issue_id=I3CEO1)| \[21.03] Local Compilation Using rpmbuild Fails| diff --git a/docs/en/docs/desktop/Xfce_userguide.md b/docs/en/docs/desktop/Xfce_userguide.md new file mode 100644 index 0000000000000000000000000000000000000000..ea6396320d845f3c7f44ac8d2bdfb95a7ff6d4a0 --- /dev/null +++ b/docs/en/docs/desktop/Xfce_userguide.md @@ -0,0 +1,275 @@ +# Table of Contents + +* [Xfce User Guide](#Xfce User Guide) + * [1. Overview](#1. Overview) + * [2. Desktop](#2. Desktop) + * [2.1 Desktop Icons](#2.1 Desktop Icons) + * [2.2 Shortcut Menu](#2.2 Shortcut Menu) + * [3. Taskbar](#3. Taskbar) + * [3.1 Basic Functions](#3.1 Basic Functions) + * [3.1.1 Applications](#3.1.1 Applications) + * [3.1.2 Window Display Area](#3.1.2 Window Display Area) + * [3.1.3 Multi-View Switching](#3.1.3 Multi-View Switching) + * [3.1.4 Tray](#3.1.4 Tray) + * [3.1.4.1 Network](#3.1.4.1 Network) + * [3.1.4.2 Volume](#3.1.4.2 Volume) + * [3.1.4.3 Power Supply](#3.1.4.3 Power Supply) + * [3.1.4.4 Notification Center](#3.1.4.4 Notification Center) + * [3.1.4.5 Calendar](#3.1.4.5 Calendar) + * [3.1.4.6 Advanced Settings](#3.1.4.6 Advanced Settings) + * [3.1.4.7 Login User Actions](#3.1.4.7 Login User Actions) + * [3.1.4.7.1 Lock Screen](#3.1.4.7.1 Lock Screen) + * [3.1.4.7.2 Switch User](#3.1.4.7.2 Switch User) + * [3.1.4.7.3 Suspend](#3.1.4.7.3 Suspend) + * [3.1.4.7.3 Shut Down](#3.1.4.7.3 Shut Down) + * [3.1.4.7.3 Log Out](#3.1.4.7.3 Log Out) + * [4. Shortcut Operation Bar](#4. Shortcut Operation Bar) + * [4.1 Basic Functions](#4.1 [Basic Functions]) + * [4.1.1 Show Desktop](#4.1.1 Show Desktop) + * [4.1.2 Terminal](#4.1.2 Terminal) + * [4.1.3 File Manager](#4.1.3 File Manager) + * [4.1.4 Web Browser](#4.1.4 Web Browser) + * [4.1.5 Application Finder](#4.1.5 Application Finder) + * [4.1.6 User Home Directory](#4.1. 6 User Home Directory) + +# Xfce User Guide + +## 1\. Overview + +Xfce is a lightweight desktop environment running on Unix-like operating systems. Xfce provides multiple functional components, including all applications. This document describes how to use Xfce. + +The following figure shows the WebUI. + +![Figure 1 Main screen of the desktop - big](./figures/xfce-1.png) + +
+## 2\. Desktop + +### 2.1 Desktop Icons + +By default, icons such as the file system, main folder, and mount directory are placed. You can double-click the icons to open the page. + +![Figure 2 Default desktop icons - big](./figures/xfce-2.png) + +### 2.2 Shortcut Menu + +Right-click in the blank area on the desktop. The shortcut menus are displayed, as shown in the following figure. + +![Figure 3 Shortcut menu](./figures/xfce-3.png) + +The following table describes some options. + +| Parameter| Description| +|:----------|:----------| +| Open in New Window| Open the **Desktop** directory of the login user.| +| Create Launcher| Create a launcher.| +| Create URL Link| Create a URL link.| +| Create Folder| Create a folder.| +| Create Document| Create a text file.| +| Open Terminal Here| Create a terminal.| +| Arrange Desktop Icons| Automatically arrange desktop icons.| +| Desktop Settings| Set the background, menus, and icons.| +| Properties| Set desktop properties, such as the general, logo, and permission.| +| Applications| Applications| + +
+## 3\. Taskbar + +### 3.1 Basic Functions + +The taskbar is located at the top, including application, window display area, multi-view switch, and tray menus. + +![Figure 4 Taskbar](./figures/xfce-4.png) + +| Component| Description| +|:----------|:----------| +| Applications| Display all applications and settings, and allow you to search for applications and settings.| +| Window display area| The blank area in the middle of the horizontal bar, which displays running programs or opened documents. You can minimize, maximize, close, or pin the window to the top.| +| Switching views| Perform operations in multiple workspaces without interfering with each other.| +| Tray| Set the network connection, sound, power, notification center, calendar, and login user actions.| + +#### 3.1.1 Applications + +![Figure 5 All applications – big](./figures/xfce-5.png) + +#### 3.1.2 Window Display Area + +![Figure 6 Window display area - big](./figures/xfce-6.png) + +#### 3.1.3 Multi-View Switching + +Click ![](./figures/xfce-7.png) in the taskbar to enter the corresponding work area. + +For example, you can use the mouse to switch among multiple workspaces to select the operation area that you want to work in. + +![Figure 7 Switching among multiple views - big](./figures/xfce-71.png) + +#### 3.1.4 Tray + +![Figure 8 Tray menu - big](./figures/xfce-8.png) + +##### 3.1.4.1 Network + +You can click ![](./figures/xfce-81.png) on the taskbar and select a network connection mode as required. + +![Figure 9 Network connection page](./figures/xfce-811.png) + +Network settings dialog box + +Right-click the network icon ![](./figures/xfce-81.png) on the taskbar. The network setting menu is displayed. + +![Figure 10 Network settings](./figures/xfce-812.png) + +Click **Edit Connections**. The network setting dialog box is displayed. + +![Figure 11 Network setting dialog box](./figures/xfce-813.png) + +Double-click the specified network connection, for example, **enp1s0**. The page for setting the connection is displayed. + +![Figure 12 Setting the wired network](./figures/xfce-814.png) + +##### 3.1.4.2 Volume + +Click the volume icon ![](./figures/xfce-82.png) on the taskbar to open the sound page. + +![Figure 13 Volume setting window](./figures/xfce-821.png) + +##### 3.1.4.3 Power supply + +Click ![](./figures/xfce-83.png) on the taskbar. + +![Figure 14 Power supply devices](./figures/xfce-831.png) + +You can click **Power Manager Settings** to configure the display and nodes. + +![Figure 15 Setting the power manager](./figures/xfce-832.png) + +##### 3.1.4.4 Notification Center + +Click ![](./figures/xfce-84.png) on the taskbar. + +![Figure 16 Notification center - big](./figures/xfce-841.png) + +You can disable the notification function by selecting **Do not disturb**. + +The notification center displays the latest important information list. You can click **Clear log** to clear the information list. + +You can click **Notification settings** to go to the notification setting page of the control panel and set the applications to be displayed and the number of messages to be displayed. + +![Figure 17 Notification center - big](./figures/xfce-842.png) + +##### 3.1.4.5 Calendar + +You can click the date and time on the taskbar to display the calendar window and view the calendar, month calendar, and annual calendar. + +You can choose a year, a month and a day to view the information of a specific day. + +![Figure 18 Calendar-big](./figures/xfce-85.png) + +Right-click the time and date on the taskbar and click **Properties** to set the time. + +![Figure 19 Date setting - big](./figures/xfce-851.png) + +#### 3.1.4.6 Advanced Settings + +Right-click the taskbar and choose **Panel** from the shortcut menu. + +![Figure 20 Shortcut menu on the taskbar](./figures/xfce-86.png) + +You can set the layout of the taskbar and add or delete items. + +![Figure 21 Shortcut menu on the taskbar](./figures/xfce-861.png) + +##### 3.1.4.7 Login User Actions + +Click the login user on the task bar to view related actions. + +![Figure 22 Actions of a login user](./figures/xfce-87.png) + +###### 3.1.4.7.1 Lock Screen + +If you use the computer currently, you can lock the screen (which does not affect the current running status of the system) to prevent misoperations. After locking the screen, you can enter the password to log in to the system again. + +By default, the system automatically locks the screen after a period of idle time. + +###### 3.1.4.7.2 Switch User + +If you want to log in to the computer as another user, choose **Switch User**. + +Then, the system closes all running applications. Therefore, before performing this operation, save the current work. + +###### 3.1.4.7.3 Suspend + +For the sake of environmental protection and energy saving, you can select **Suspend****.** + +After that, the related data is read into the memory. Do not switch the power supply. + +###### 3.1.4.7.3 Shut Down + +You can choose **Shut Down** to shut down a computer. + +Before performing this operation, save the current work. + +###### 3.1.4.7.3 Log Out + +To log out of the GUI, click **Log Out**. + +Then, the system closes all running applications. Therefore, before performing this operation, save the current work. + +
+## 4\. Shortcut Operation Bar + +### 4.1 Basic Functions + +The shortcut operation bar is located at the bottom, including the icons for displaying all the desktops, terminals, file managers, web browsers, application search, and user home directories. + +![Figure 23 Shortcut operation bar](./figures/xfce-9.png) + +| Component| Description | +|:----------|:----------| +| Show Desktop| Hide all windows and show the desktop. Click again to restore the window.| +| Terminal| Open a terminal.| +| File Manager| Open a file manager.| +| Web Browser| Open a web browser.| +| Application Finder| Open the application search window.| +| User Home Directory| Open the home directory of the login user.| + +#### 4.1.1 Show Desktop + +Click ![](./figures/xfce-91.png) on the shortcut operation bar to display the desktop. + +![Figure 24 Showing the desktop - big](./figures/xfce-911.png) + +#### 4.1.2 Terminal + +Click ![](./figures/xfce-92.png) on the shortcut operation bar to open a terminal. + +![Figure 25 Terminal-big](./figures/xfce-921.png) + +#### 4.1.3 File Manager + +You can click the ![](./figures/xfce-93.png) icon on the shortcut operation bar to open a file manager. + +![Figure 26 File manager - big](./figures/xfce-931.png) + +#### 4.1.4 Web Browser + +You can click the ![](./figures/xfce-94.png) icon on the shortcut operation bar to open a web browser. + +![Figure 27 Web browser - big](./figures/xfce-941.png) + +#### 4.1.5 Application Finder + +You can click the ![](./figures/xfce-95.png) icon on the shortcut operation bar to open an application program search interface. + +![Figure 28 Searching for an application - big](./figures/xfce-951.png) + +#### 4.1. 6 User Home Directory + +Click ![](./figures/xfce-96.png) on the shortcut operation bar and click **Open File**. The user home directory page is displayed. + +![Figure 29 User home directory - big](./figures/xfce-961.png) + +Click the ![](./figures/xfce-96.png) icon on the shortcut operation bar, and then click **Open in Terminal** to open a terminal. The current directory is the home directory of the user. + +![Figure 30 User home directory - big](./figures/xfce-962.png) \ No newline at end of file diff --git a/docs/en/docs/userguide/images/packagemanagement.png b/docs/en/docs/userguide/images/packagemanagement.png new file mode 100644 index 0000000000000000000000000000000000000000..20808309c820d9d732dd4f25d6b882e5d802afdb Binary files /dev/null and b/docs/en/docs/userguide/images/packagemanagement.png differ diff --git a/docs/en/docs/userguide/pkgship.md b/docs/en/docs/userguide/pkgship.md index 28f7cb1307d126f1c99f47d77fb4dd6e80312f7c..0fdd4c721c3fb0f376ec3bcc8b12efb8af95ec3d 100644 --- a/docs/en/docs/userguide/pkgship.md +++ b/docs/en/docs/userguide/pkgship.md @@ -1,51 +1,65 @@ # pkgship - - [pkgship](#pkgship) - - [Overview](#overview) - - [Architecture](#architecture) - - [Downloading Software](#downloading-software) - - [Operating Environments](#operating-environments) - - [Installing the Tool](#installing-the-tool) - - [Configuring Parameters](#configuring-parameters) - - [Starting and Stopping Services](#starting-and-stopping-services) - - [Tool Usage](#tool-usage) + - [Introduction](#Introduction) + - [Architecture](#Architecture) + - [Downloading the Software](#Downloading the Software) + - [Operating Environment](#Operating Environment) + - [Installing the Tool](#Installing the Tool) + - [Configuring Parameters](#Configuring Parameters) + - [Starting and Stopping the Service](#Starting and Stopping the Service) + - [Using the Tool](#Using the Tool) + - [Viewing and Dumping Logs](#Viewing and Dumping Logs) -## Overview +## Introduction -pkgship is a query tool used to manage the dependency of OS software packages and provide a complete dependency graph. The pkgship provides functions such as software package dependency query, lifecycle management, and patch query. +The pkgship is a query tool used to manage the dependency of OS software packages and provide a complete dependency graph. The pkgship provides functions such as software package dependency query, lifecycle management, and patch query. -1. Software package dependency query: Allows community personnel to understand the impact on software when software packages are introduced, updated, or deleted. -2. Lifecycle management: Tracks the release status of upstream software packages so that the maintenance personnel can learn about the current software status and upgrade the software properly in a timely manner. -3. Patch query: Allows community personnel to learn about the patches in the openEuler software package and obtain the patch information. For details, see [patch-tracking](patch-tracking.md). +1. Software package dependency query: Allow community personnel to understand the impact on software when software packages are introduced, updated, or deleted. +2. Patch query: Allow community personnel to learn about the patches in the openEuler software package and obtain the patch information. For details, see [patch-tracking](../patch-tracking/README.md). ## Architecture -The system is developed using Flask-RESTful and adopts the SQLAlchemy ORM query framework. +The system uses the Flask-RESTful development mode. The following figure shows the architecture: + +![avatar](./images/packagemanagement.png) + +## Downloading the Software + +* The repo source is officially released at: +* You can obtain the source code at: +* You can obtain the RPM package at: -![avatar](./images/pkgship_outline.png) +## Operating Environment -## Downloading Software +- Hardware configuration: -* The repo source is officially released at -* You can obtain the source code at -* You can obtain the RPM package of the beta version at +| Item| Recommended Specification| +|----------|----------| +| CPU| 8 cores| +| Memory| 32 GB (minimum: 4 GB)| +| Network bandwidth| 300 Mbit/s| +| I/O| 375 MB/s| -## Operating Environments +- Software configuration: -* The available memory is greater than 700 MB. -* The Python version is 3.8 or later. -* The SQLite version is 3.32 or later. +| Name| Specifications| +|----------|----------| +| Elasticsearch| 7.10.1. Single-node and cluster deployment is available.| +| Redis| 5.0.4 or later is recommended. You are advised to set the size to 3/4 of the memory.| +| Python| 3.8 or later.| ## Installing the Tool -You can use either of the following methods to install the tool: +**1\. Installing the pkgship** + +You can use either of the following methods to install the pkgship: * Method 1: Mount the repo source using DNF. -Use DNF to mount the repo source where the pkgship is located (for details, see the [Application Development Guide](https://openeuler.org/zh/docs/21.03/docs/ApplicationDev/%E5%BC%80%E5%8F%91%E7%8E%AF%E5%A2%83%E5%87%86%E5%A4%87.html)), run the following command to download and install the pkgship and its dependencies: +Use DNF to mount the repo source where the pkgship is located (for details, see the [Application Development Guide](https://openeuler.org/zh/docs/20.09/docs/ApplicationDev/%E5%BC%80%E5%8F%91%E7%8E%AF%E5%A2%83%E5%87%86%E5%A4%87.html)). Then run the following command to download and install the pkgship and its dependencies: ```bash dnf install pkgship @@ -57,343 +71,337 @@ Use DNF to mount the repo source where the pkgship is located (for details, see rpm -ivh pkgship-x.x-x.oe1.noarch.rpm ``` - or the following command: + Or ```bash dnf install pkgship-x.x-x.oe1.noarch.rpm ``` +**2\. Installing Elasticsearch and Redis** + +If Elasticsearch or Redis is not installed in the environment, you can execute the automatic installation script after the pkgship is installed. + +The default script path is as follows: + +``` +/etc/pkgship/auto_install_pkgship_requires.sh +``` + +Run the following command: + +``` +/bin/bash auto_install_pkgship_requires.sh elasticsearch +``` + +Or + +``` + /bin/bash auto_install_pkgship_requires.sh redis +``` + +**3\. Adding a User After the Installation** + +After the pkgship software is installed, the system automatically creates a user named **pkgshipuser** and a user group named **pkgshipuser**. They will be used when the service is started and running. + ## Configuring Parameters -1. Configure the parameters in the configuration file. The default configuration file of the system is stored in **/etc/pkgship/packge.ini**. Modify the configuration file as required. - - ```basn - vim /etc/pkgship/package.ini - ``` - - ```ini - [SYSTEM CONFIGURATION] - - ; Directory for storing the YAML file imported during database initialization. The YAML file records the location of the imported SQLite file. - init_conf_path=/etc/pkgship/conf.yaml - - ; Path for storing the SQLite file that is successfully imported - data_base_path=/var/run/pkgship_dbs - - ; Write port - write_port=8080 - - ; Query port - query_port=8090 - - ; Write permission access IP address - write_ip_addr=127.0.0.1 - - ; Query permission access IP address - query_ip_addr=127.0.0.1 - - ; Address of the remote service. The command line can directly invoke the remote service to complete data requests. You only need to add the -remote parameter to the end of each command line. - remote_host=https://api.openeuler.org/pkgmanage - - [LOG] - - ; Path for storing logs - log_path=/var/log/pkgship/ - - ; Log level as follows: - ; INFO DEBUG WARNING ERROR CRITICAL - log_level=INFO - - ; Log name - log_name=log_info.log - - ; Number of logs that are dynamically created after the size of a log file reaches the upper limit. - backup_count=10 - - ; Size of each log file - max_bytes=314572800 - - [uWSGI SERVICE CONFIGURATION] - - ; Path for storing uwsgi log - daemonize=/var/log/uwsgi.log - - ; Size of data transmitted at the front- and back-end - buffer-size=65536 - - ; HTTP connection time - http-timeout=600 - - ; Server response time - harakiri=600 - - [TIMEDTASK] - - ; Whether to enable scheduled tasks - open=True - - ; Set the time when a scheduled task is triggered - hour=3 - minute=0 - - [LIFECYCLE] - ; Remote storage address of the YAML address of each package - warehouse_remote=https://gitee.com/openeuler/openEuler-Advisor/raw/master/upstream-info/ - - ; When executing a scheduled task, you can enable multi-thread execution and set the number of threads in the thread pool based on the server configuration. - pool_workers=10 - - ; Warehouse name - warehouse=src-openeuler - - ``` +1\. Configure the parameters in the configuration file. The default configuration file of the system is stored in **/etc/pkgship/packge.ini**. Modify the configuration file as required. -2. Create a YAML configuration file to initialize the database. By default, the conf.yaml file is stored in the **/etc/pkgship/** directory. Based on this configuration, the pkgship reads the name of the database to be created and the SQLite file to be imported. An example of the conf.yaml file is as follows: - - ```yaml - - dbname: openEuler-21.03 - src_db_file: /etc/pkgship/src.sqlite - bin_db_file: /etc/pkgship/bin.sqlite - lifecycle: enable - priority: 1 - ``` +``` +vim /etc/pkgship/package.ini +``` + +```ini +[SYSTEM-System Configuration] +; Path for storing the .yaml file imported during database initialization. The .yaml file records the location of the imported .sqlite file. +init_conf_path=/etc/pkgship/conf.yaml + +; Service query port +query_port=8090 + +; Service query IP address +query_ip_addr=127.0.0.1 + +; Address of the remote service. The command line can directly call the remote service to complete the data request. +remote_host=https://api.openeuler.org/pkgmanage + +; Directory for storing temporary files during initialization and download. The directory will not be occupied for a long time. It is recommended that the available space be at least 1 GB. +temporary_directory=/opt/pkgship/tmp/ + +[LOG-Logs] +; Service log storage path +log_path=/var/log/pkgship/ + +; Log level. The options are as follows: +; INFO DEBUG WARNING ERROR CRITICAL +log_level=INFO + +; Maximum size of a service log file. If the size of a service log file exceeds the value of this parameter, the file is automatically compressed and dumped. The default value is 30 MB. +max_bytes=31457280 + +; Maximum number of backup log files. The default value is 30. +backup_count=30 + +[UWSGI-Web Server Configuration] +; Operation log path +daemonize=/var/log/pkgship-operation/uwsgi.log +; Size of data transmitted between the front end and back end +buffer-size=65536 +; Network connection timeout interval +http-timeout=600 +; Service response time +harakiri=600 + +[REDIS-Cache Configuration] +; The address of the Redis cache server can be the released domain or IP address that can be accessed. +; The default link address is 127.0.0.1. +redis_host=127.0.0.1 + +; Port number of the Redis cache server. The default value is 6379. +redis_port=6379 + +; Maximum number of connections allowed by the Redis server at a time. +redis_max_connections=10 + +[DATABASE-Database] +; Database access address. The default value is the IP address of the local host. +database_host=127.0.0.1 + +; Database access port. The default value is 9200. +database_port=9200 + +``` + +2\. Create a YAML configuration file to initialize the database. The **conf.yaml** file is stored in the **/etc/pkgship/** directory by default. The pkgship reads the name of the database to be created and the SQLite file to be imported based on this configuration. You can also configure the repo address of the SQLite file. An example of the **conf.yaml** file is as follows: + +```yaml +dbname: oe20.03 #Database name +src_db_file: /etc/pkgship/repo/openEuler-20.09/src #Local path of the source package +bin_db_file: /etc/pkgship/repo/openEuler-20.09/bin #Local path of the binary package +priority: 1 #Database priority + +dbname: oe20.09 +src_db_file: https://repo.openeuler.org/openEuler-20.09/source #Repo source of the source package +bin_db_file: https://repo.openeuler.org/openEuler-20.09/everything/aarch64 #Repo source of the binary package +priority: 2 +``` > To change the storage path, change the value of **init\_conf\_path** in the **package.ini** file. +> +> The SQLite file path cannot be configured directly. +> +> The value of **dbname** can contain only lowercase letters and digits. -## Starting and Stopping Services +## Starting and Stopping the Service -The pkgship uses the uWSGI web server. The commands for starting and stopping the service are as follows. You can specify whether to start the read-only (write-only) service or start the read and write services at the same time. +The pkgship can be started and stopped in two modes: systemctl mode and pkgshipd mode. In systemctl mode, the automatic startup mechanism can be stopped when an exception occurs. You can run any of the following commands: + +```shell +systemctl start pkgship.service Start the service. + +systemctl stop pkgship.service Stop the service. + +systemctl restart pkgship.service Restart the service. +``` -```bash -pkgshipd start [manage/selfpkg] +```sh +pkgshipd start Start the service. -pkgshipd stop [manage/selfpkg] +pkgshipd stop Stop the service. ``` -## Tool Usage +> Only one mode is supported in each start/stop period. The two modes cannot be used at the same time. +> +> The pkgshipd startup mode can be used only by the **pkgshipuser** user. + +## Using the Tool 1. Initialize the database. - > Application scenario: After the service is started, to query the package information and package dependency in the corresponding database, such as Mainline and openEuler 21.03, you need to import the SQLite (including the source code library and binary library), which is generated by the database using createrepo, to the service, and generate the corresponding DB file. When the **lifecycle** parameter of the database is set to enable in the conf.yaml file, a corresponding table is generated in **lifecycle.db** to record database information. The database table name (**tablename**) is read from this file subsequently. The **\[-filepath]** parameter is optional. + > Application scenario: After the service is started, to query the package information and dependency in the corresponding database (for example, oe20.03 and oe20.09), you need to import the SQLite (including the source code library and binary library) generated by the **createrepo** to the service. Then insert the generated JSON body of the package information into the corresponding database of Elasticsearch. The database name is the value of d**bname-source/binary** generated based on the value of **dbname** in the **conf.yaml** file. ```bash pkgship init [-filepath path] ``` > Parameter description: -**-filepath**: Specifies the path of the initialized configuration file. You can use either a relative path or an absolute path. If no parameter is specified, the default configuration is used for initialization. +**-filepath**: (Optional) Specifies the path of the initialization configuration file **config.yaml.** You can use either a relative path or an absolute path. If no parameter is specified, the default configuration is used for initialization. 2. Query a single package. - You can query the information about a source code package (**packagename**) in a specified database table (**tablename**). + You can query details about a source package or binary package (**packagename**) in the specified **database** table. - > Application scenario: You can query information about a specific source code package in a specified database. The **packagename** and **tablename** are mandatory. + > Application scenario: You can query the detailed information about the source package or binary package in a specified database. ```bash - pkgship single packagename tablename + pkgship pkginfo $packageName $database [-s] ``` > Parameter description: -**packagename**: Specifies the name of the source code package to be queried. -**tablename**: Specifies the database name. +**packagename**: (Mandatory) Specifies the name of the software package to be queried. +**database**: (Mandatory) Specifies the database name. + > + > **-s**: (Optional) Specifies that the source package `src` is to be queried by `-s`. If this parameter is not specified, the binary package information of `bin` is queried by default. 3. Query all packages. Query information about all packages in the database. - > Application scenario: You can query information about all software packages in a specified database. The **tablename** is mandatory, and the **\[-packagename]** and **\[-maintainer]** are optional. + > Application scenario: You can query information about all software packages in a specified database. ```bash - pkgship list tablename [-packagename pkgName] [-maintainer maintainer] + pkgship list $database [-s] ``` > Parameter description: -**tablename**: Specifies the database name. -**-packagename**: Matches the package whose name contains the parameter string. -**-maintainer**: Matches the package in which **maintainer** is a parameter. +**database**: (Mandatory) Specifies the database name. +**-s**: (Optional) Specifies that the source package `src` is to be queried by `-s`. If this parameter is not specified, the binary package information of `bin` is queried by default. 4. Query the installation dependency. - Query the installation dependency of the binary package (binaryName). + Query the installation dependency of the binary package (**binaryName**). - > Application scenario: When you need to install the binary package A, you need to install B, the installation dependency of A, and C, the installation dependency of B, etc. A can be successfully installed only after all the installation dependencies are installed in the system. Therefore, before installing the binary package A, you may need to query all installation dependencies of A. You can run the following command to query multiple databases based on the default priority of the platform, and to customize the database query priority. + > Application scenario: When you need to install the binary package A, you need to install B, the installation dependency of A, and C, the installation dependency of B, etc. A can be installed only after all the installation dependencies are installed in the system. Therefore, before installing the binary package A, you may need to query all installation dependencies of A. You can run the following command to query multiple databases based on the default priority of the platform, and to customize the database query priority. ```bash - pkgship installdep binaryName [-dbs dbName1 dbName2...] + pkgship installdep [$binaryName $binaryName1 $binaryName2...] [-dbs] [db1 db2...] [-level] $level ``` > Parameter description: -**-dbs**: Specifies the database query priority. **dbName** indicates the database name. +**binaryName**: (Mandatory) Specifies the name of the dependent binary package to be queried. Multiple packages can be transferred. + > + > **-dbs:** (Optional) Specifies the priority of the database to be queried. If this parameter is not specified, the database is queried based on the default priority. + > + > **-level**: (Optional) Specifies the dependency level to be queried. If this parameter is not specified, the default value **0** is used, indicating that all levels are queried. 5. Query the compilation dependency. Query all compilation dependencies of the source code package (**sourceName**). - > Application scenario: To compile the source code package A, you need to install B, the compilation dependency package of A. To install B, you need to obtain all installation dependency packages of B. Therefore, before compiling the source code package A, you may need to query the compilation dependencies of A and all installation dependencies of these compilation dependencies. You can run the following command to query multiple databases based on the default priority of the platform, and to customize the database query priority. + > Application scenario: To compile the source code package A, you need to install B, the compilation dependency package of A. To install B, you need to obtain all installation dependency packages of B. Therefore, before compiling the source code package A, you need to query the compilation dependencies of A and all installation dependencies of these compilation dependencies. You can run the following command to query multiple databases based on the default priority of the platform, and to customize the database query priority. ```bash - pkgship builddep sourceName [-dbs dbName1 dbName2...] + pkgship builddep [$sourceName $sourceName1 $sourceName2..] -dbs [db1 db2 ..] [-level] $level ``` > Parameter description: -**-dbs**: Specifies the database query priority. **dbName** indicates the database name. +**sourceName**: (Mandatory) Specifies the name of the source package on which the compilation depends. Multiple packages can be queried. + > + > **-dbs:** (Optional) Specifies the priority of the database to be queried. If this parameter is not specified, the database is queried based on the default priority. + > + > **-level**: (Optional) Specifies the dependency level to be queried. If this parameter is not specified, the default value **0** is used, indicating that all levels are queried. 6. Query the self-compilation and self-installation dependencies. - Query the installation and compilation dependencies of a specified binary package (**binaryName**) or source code package (**sourceName**). In the command, **\[pkgName]** indicates the name of the binary package or source code package to be queried. When querying a binary package, you can query all installation dependencies of the binary package, and the compilation dependencies of the source code package corresponding to the binary package, as well as all installation dependencies of these compilation dependencies. When querying a source code package, you can query its compilation dependency, and all installation dependencies of these compilation dependencies, as well as all installation dependencies of the binary packages generated by the source code package. In addition, you can run this command together with the corresponding parameters to query the self-compilation dependency of a software package and the dependency of a subpackage. + Query the installation and compilation dependencies of a specified binary package (**binaryName**) or source package (**sourceName**). In the command, **\[pkgName]** indicates the name of the binary package or source package to be queried. When querying a binary package, you can query all installation dependencies of the binary package, and the compilation dependencies of the source package corresponding to the binary package, as well as all installation dependencies of these compilation dependencies. When querying a source package, you can query its compilation dependency, and all installation dependencies of the compilation dependency, as well as all installation dependencies of the binary packages generated by the source package. In addition, you can run this command together with the corresponding parameters to query the self-compilation dependency of a software package and the dependency of a subpackage. - > Application scenario: If you want to introduce a new software package based on the existing version library, you need to introduce all compilation and installation dependencies of the software package. You can run this command to query these two dependency types at the same time to know the packages introduced by the new software package, and to query binary packages and source code packages. + > Application scenario: If you want to introduce a new software package based on the existing version library, you need to introduce all compilation and installation dependencies of the software package. You can run this command to query these two dependency types at the same time to know the packages introduced by the new software package, and to query binary packages and source packages. ```bash - pkgship selfbuild [pkgName] [-dbs dbName1 dbName2 ] [-t source] [-s 1] [-w 1] + pkgship selfdepend [$pkgName1 $pkgName2 $pkgName3 ..] [-dbs] [db1 db2..] [-b] [-s] [-w] ``` - > Parameter description: -**-dbs:** Specifies the database priority. **dbName** indicates the database name. The following is an example: - - > ```bash - > pkgship selfbuild pkgName -dbs dbName1 dbName2 - > ``` - - > **-t source/binary**: Specifies whether the package **pkgName** to be queried is a source code package or a binary package. If **-t** is not added, the package is a binary package by default. -**-s**: This parameter is added to query all installation dependencies and compilation dependencies of the software package (that is, compilation dependencies of the source code package on which compilation depends), and all installation dependencies of the compilation dependencies. In the command, **0** following the **-s** indicates that the self-compilation dependency is not queried, and 1 indicates that the self-compilation dependency is queried. The default value is **0**, and you can specify the value to **1**. If the **-s** is not added, all installation dependencies, layer-1 compilation dependencies, and layer-1 compilation dependencies of the software package are queried. The following is an example of querying self-compilation dependencies: - - > ```bash - > pkgship selfbuild pkgName -t source -s 1 - > ``` - - > **-w**: When a binary package is introduced and this parameter is added, the source code package corresponding to the binary package and all binary packages generated by the source code package are displayed in the query result. In the command, **0** following **-w** indicates that the corresponding subpackage is not queried, and **1** indicates that the corresponding subpackage is queried. The default value is **0**, and you can specify the value to **1**. When **-w** is not added, only the corresponding source code package is displayed in the query result when a binary package is introduced. The following is an example of querying a subpackage: - - > ```bash - > pkgship selfbuild pkgName -w 1 - > ``` + > Parameter description: + > + > **pkgName**: (Mandatory) Specifies the name of the software package on which the installation depends. Multiple software packages can be transferred. + > + > **-dbs:** (Optional) Specifies the priority of the database to be queried. If this parameter is not specified, the database is queried based on the default priority. + > + > **-b**: (Optional) Specifies that the package to be queried is a binary package. If this parameter is not specified, the source package is queried by default. + > + > **-s**: (Optional) If **-s** is specified, all installation dependencies, compilation dependencies (that is, compilation dependencies of the source package on which compilation depends), and installation dependencies of all compilation dependencies of the software package are queried. If **-s** is not added, all installation dependencies and layer-1 compilation dependencies of the software package, as well as all installation dependencies of layer-1 compilation dependencies, are queried. + > + > **-w**: (Optional) If **-s** is specified, when a binary package is introduced, the query result displays the source package corresponding to the binary package and all binary packages generated by the source package. If **-w** is not specified, only the corresponding source package is displayed in the query result when a binary package is imported. 7. Query dependency. -Query the packages that depend on the source code package (**sourceName**) in a database (**dbName**). +Query the packages that depend on the software package (**pkgName**) in a database (**dbName**). - > Application scenario: You can run this command to query the software packages that will be affected by the upgrade or deletion of the software source code package A. This command displays the source code packages (for example, B) whose compilation depends on all binary packages generated by the source code package A, and the binary packages (for example, C1) whose installation depends on all binary packages generated by A. This command also displays the source code packages (for example, D) whose compilation depends on C1 and the binary package generated by B, and the binary packages (for example, E1) whose installation depends on C1 and the binary package generated by B, etc. Iterate the packages that depend on these binary packages. **\[-w 0/1]** is an optional parameter. The following is an example: + > Application scenario: You can run this command to query the software packages that will be affected by the upgrade or deletion of the software source package A. This command displays the source packages (for example, B) that depend on the binary packages generated by source package A (if it is a source package or the input binary package for compilation). It also displays the binary packages (for example, C1) that depend on A for installation. Then, it queries the source package (for example, D) that depend on the binary package generated by B C1 for compilation and the binary package (for example E1) for installation. This process continues until it traverses the packages that depend on the binary packages. ```bash - pkgship bedepend sourceName dbName [-w 1] + pkgship bedepend dbName [$pkgName1 $pkgName2 $pkgName3] [-w] [-b] [-install/build] ``` - > Parameter description -**-w (0/1)**: If the command does not contain configuration parameters or **\[-w 0]**, by default, the query result does not contain the subpackage of the corresponding binary package. When the command is followed by the configuration parameter or **\[-w 1]**, the dependency of the binary package C1 is queried, as well as the dependency of other binary packages (for example, C2 and C3) generated by C, the source code package corresponding to C1. + > Parameter description: + > + > **dbName**: (Mandatory) Specifies the name of the repository whose dependency needs to be queried. Only one repository can be queried each time. + > + > **pkgName**: (Mandatory) Specifies the name of the software package to be queried. Multiple software packages can be queried. + > + > **-w**: (Optional) If **-w** is not specified, the query result does not contain the subpackages of the corresponding source package by default. If **\[-w]** is specified after the command, not only the dependency of binary package C1 is queried, but also the dependency of other binary packages (such as C2 and C3) generated by source package C corresponding to C1 is queried. + > + > **-b**: (Optional) Specifies `-b` and indicates that the package to be queried is a binary package. By default, the source package is queried. + > + > **-install/build**: (Optional) `-install` indicates that installation dependencies are queried. `-build` indicates that build dependencies are queried. By default, all dependencies are queried. `-install` and `-build` are exclusive to each other. -8. Modify package information. - - > Application scenario: You can modify the information about the maintainer and maintenance level of a specified source code package. **[-Packagename]**, **\[-maintainer]**, **\[-maintainlevel]**, **\[-filefolder]**, and **\[--batch]** are optional parameters. +8. Query the database information. - You can modify the information with either of the following methods: -Method 1: Specify the source code package name (**packagename**) to modify the information about the maintainer (**Newmaintainer**) and maintenance level (**Newmaintainlevel**) of the source code package. The following is an example: + > Application scenario: Check which databases are initialized in Elasticsearch. This function returns the list of initialized databases based on the priority. - ```bash - pkgship updatepkg [-packagename packagename] [-maintainer Newmaintainer] [-maintainlevel Newmaintainlevel] - ``` - - > Parameter description: -**-packagename**: Specifies the name of the package to be maintained. -**-maintainer**: Specifies the maintainer of the update package. -**-maintainlevel**: Specifies the maintenance level of the update package. The value ranges from 1 to 4, and the default value is **1**. - - Method 2: Specify the file path, and the maintainer, and maintenance level of the batch update package. The **--batch** parameter must be added to this command. The following is an example: - - ```bash - pkgship updatepkg [--batch] [-filefolder path] - ``` - - > Parameter description: -**-filefolder**: Specifies the YAML file where the package information is stored. The specified directory can contain only the updated YAML files. -**--batch**: Specifies the update in batches. This parameter must be used together with the **\[-filefolder]** parameter. - - You can create a file named A.yaml, set the package name to A, and specify the YAML content to modify the package information. -The YAML format of the package information is as follows: - - ``` - maintainer:Newmaintainlevel - maintainlevel: Newmaintainlevel - ``` + `pkgship dbs` -9. Delete databases. +9. Obtain the version number. - > Application scenario: Delete a specified database (**dbName**). + > Application scenario: Obtain the version number of the pkgship software. - ```bash - pkgship rm dbName - ``` + `pkgship -v` + +## Viewing and Dumping Logs + +**Viewing Logs** + +When the pkgship service is running, two types of logs are generated: service logs and operation logs. + +1\. Service logs: + +Path: **/var/log/pkgship/log\_info.log**. You can customize the path through the **log\_path** field in the **package.ini** file. + +Function: This log records the internal running of the code to facilitate fault locating. + +Permission: The permissions on the path and the log file are 755 and 644, respectively. Common users can view the log file. + +2\. Operation logs: -10. Query table information. - - > Application scenario: View all data tables in the current lifecycle database. - - ```bash - pkgship tables - ``` - -11. Query issues. - - > Application scenario: View information about all issues in all source code packages. The optional parameters include **\[-packagename]**, **\[-issue\_type]**, **\[-issue\_status]**, **\[-maintainer]**, **\[-page N]**, and **\[-pagesize pageSize]**. - - ```bash - pkgship issue [-packagename pkgName],[-issue_type issueType],[-issue_status issueStatus],[-maintainer maintainer],[-page N],[-pagesize pageSize] - ``` - - > Parameter description: -**-packagename**: Specifies the package name for fuzzy query. -**-issue\_type**: Specifies the issue type for query. -**-issue\_status**: Specifies the issue status for query. -**-maintainer**: Specifies a maintainer for query. -**-page**: Specifies the data on page N to be queried. -**-pagesize**: Specifies the number of data records displayed on each page. - - ```bash - Run the following command to specify a package name for fuzzy search: - pkgship issue -packagename pkgName - ``` - - ```bash - Run the following command to specify an issue type for query: - pkgship issue -issue_type issueType - ``` - - ```bash - Run the following command to specify an issue status for query: - pkgship issue -issue_status issueStatus - ``` - - ```bash - Run the following command to specify a maintainer for query: - pkgship issue -maintainer maintainer - ``` - - ```bash - Run the following command to specify the data of page N for query: - pkgship issue -page N - ``` - - ```bash - Run the following command to specify the number of data items of each page for query: - pkgship issue -pagesize pageSize - ``` - -12. Update the lifecycle of the software package. - - > Application scenario: Update the information about the issue, maintainer, and maintenance level of all software packages in the lifecycle table. The optional parameters include **\[--issue]** and **\[--package]**. - - ```bash - pkgship update [--issue] [--package] - ``` - - > Parameter description: -**--issue**: Updates the issue information of all software packages in the lifecycle table. Based on the software package names in the lifecycle table, the system crawls the issue information corresponding to the software package. -**--package**: Updates the information about the lifecycle, maintainer, and maintenance level of all software packages in the lifecycle table. - - ```bash - Run the following command to update the issue information of all software packages in the lifecycle table: - pkgship update --issue - ``` - - ```bash - Run the following command to update the lifecycles, maintainers, and maintenance levels of all software packages in the lifecycle table: - pkgship update --package - ``` \ No newline at end of file +Path: **/var/log/pkgship-operation/uwsgi.log**. You can customize the path through the **daemonize** field in the **package.ini** file. + +Function: This log records user operation information, including the IP address, access time, URL, and result, to facilitate subsequent queries and record attacker information. + +Permission: The permissions on the path and the log file are 700 and 644, respectively. Only the **root** and **pkgshipuser** users can view the log file. + +**Dumping Logs** + +1\. Service log dumping: + +- Dumping mechanism + + Use the dumping mechanism of the logging built-in function of Python to back up logs based on the log size. + +> The items are used to configure the capacity and number of backups of each log in the **package.ini** file. +> +> ```ini +> ; Maximum capacity of each file, the unit is byte, default is 30M +> max_bytes=31457280 +> +> ; Number of old logs to keep;default is 30 +> backup_count=30 +> ``` + +- Dumping process + + After a log is written, if the size of the log file exceeds the configured log capacity, the log file is automatically compressed and dumped. The compressed file name is **log\_info.log.***x***.gz**, where *x* is a number. A smaller number indicates a later backup. + + When the number of backup log files reaches the threshold, the earliest backup log file is deleted and the latest compressed log file is backed up. + +2\. Operation log dumping: + +- Dumping mechanism + + A script is used to dump data by time. Data is dumped once a day and is retained for 30 days. Customized configuration is not supported. + + > The script is stored in **/etc/pkgship/uwsgi\_logrotate.sh**. + +- Dumping process + + When the pkgship is started, the script for dumping data runs in the background. From the startup, dumping and compression are performed every other day. A total of 30 compressed files are retained. The compressed file name is **uwsgi.log-20201010***x***.zip**, where *x* indicates the hour when the file is compressed. + + After the pkgship is stopped, the script for dumping data is stopped and data is not dumped . When the pkgship is started again, the script for dumping data is executed again. \ No newline at end of file diff --git a/docs/en/menu/index.md b/docs/en/menu/index.md index 9f990b8ef7e9b6349da491b8f399719fe7c0e2fa..bc34631ed03adffced68ebf323ad488dac5ba5d8 100644 --- a/docs/en/menu/index.md +++ b/docs/en/menu/index.md @@ -146,9 +146,6 @@ headless: true - [Third-Party Software Deployment Guide]({{< relref "./docs/thirdparty_migration/thidrparty.md" >}}) - [OpenStack Victoria Deployment Guide]({{< relref "./docs/thirdparty_migration/OpenStack-victoria.md" >}}) - [Installing and Deploying an HA Cluster]({{< relref "./docs/thirdparty_migration/installha.md" >}}) -- [Toolset User Guide]({{< relref "./docs/userguide/overview.md" >}}) - - [patch-tracking]({{< relref "./docs/userguide/patch-tracking.md" >}}) - - [pkgship]({{< relref "./docs/userguide/pkgship.md" >}}) - [Desktop Environment User Guide]({{< relref "./docs/desktop/desktop.md" >}}) - [UKUI]({{< relref "./docs/desktop/ukui.md" >}}) - [Installation UKUI]({{< relref "./docs/desktop/install-UKUI.md" >}}) @@ -158,4 +155,7 @@ headless: true - [DDE User Guide]({{< relref "./docs/desktop/DDE-User-Manual.md" >}}) - [XFCE]({{< relref "./docs/desktop/xfce.md" >}}) - [Xfce Installation Guide]({{< relref "./docs/desktop/Install_XFCE.md" >}}) - \ No newline at end of file + - [Xfce User Guide]({{< relref "./docs/desktop/Xfce_userguide.md" >}}) +- [Toolset User Guide]({{< relref "./docs/userguide/overview.md" >}}) + - [patch-tracking]({{< relref "./docs/userguide/patch-tracking.md" >}}) + - [pkgship]({{< relref "./docs/userguide/pkgship.md" >}}) \ No newline at end of file diff --git a/docs/zh/docs/Administration/memory-management.md b/docs/zh/docs/Administration/memory-management.md index 6f012b2ea58f265d8f03d96e957e9a901be898ac..6ab5946b20f593f11524d614ccf008c072358a0f 100644 --- a/docs/zh/docs/Administration/memory-management.md +++ b/docs/zh/docs/Administration/memory-management.md @@ -1,9 +1,9 @@ -# etmem内存管理 +# etmem内存分级扩展 ## 介绍 随着CPU算力的发展,尤其是ARM核成本的降低,内存成本和内存容量成为约束业务成本和性能的核心痛点,因此如何节省内存成本,如何扩大内存容量成为存储迫切要解决的问题。 -etmem内存垂直扩展技术,通过DRAM+内存压缩/高性能存储新介质形成多级内存存储,对内存数据进行分级,将分级后的内存冷数据从内存介质迁移到高性能存储介质中,达到内存容量扩展的目的,从而实现内存成本下降。 +etmem内存分级扩展技术,通过DRAM+内存压缩/高性能存储新介质形成多级内存存储,对内存数据进行分级,将分级后的内存冷数据从内存介质迁移到高性能存储介质中,达到内存容量扩展的目的,从而实现内存成本下降。 ## 软件架构 ![](./figures/etmem-system-architecture.png) @@ -11,21 +11,23 @@ etmem内存垂直扩展技术,通过DRAM+内存压缩/高性能存储新介质 etmem客户端通过socket通信机制与服务端进行交互,下发创建/删除工程、启动/停止工程、查询工程的命令,服务端通过客户端下发的配置文件,读取project管理配置信息,以及engine配置信息,并执行客户端下发的操作。启动工程之后,服务端会对业务进程进行扫描,并根据扫描统计结果以及淘汰策略,对页面进行分级淘汰,实现节省内存的目标。 -## 安装教程 +## 编译教程 1. 下载etmem源码 ``` # git clone https://gitee.com/src-openeuler/etmem.git ``` +2. 编译和运行依赖 -2. 编译安装 +etmem的编译和运行依赖于libboundscheck组件。 + +3. 编译 ``` # cd etmem # mkdir build # cd build # cmake .. # make - # make install ``` ## 使用说明 @@ -56,7 +58,7 @@ options: 在运行etmem进程之前,需要管理员预先规划哪些进程需要做内存扩展,将进程信息配置到etmem配置文件中,并配置内存扫描的周期、扫描次数、内存冷热阈值等信息。 -配置文件的示例文件在安装etmem软件包后,放置在/etc/etmem/example_conf.yaml,示例内容为: +配置文件的示例文件在源码包中,放置在源码根目录的conf/example_conf.yaml,建议在使用时放置在/etc/etmem/目录下,示例内容为: ``` options: @@ -100,7 +102,7 @@ options: #### 使用方法 -通过etmem二进制执行工程创建/删除/查询操作,前提是服务端已经成功运行,并且配置文件/etc/etmem/example_conf.yaml内容正确。 +通过etmem二进制执行工程创建/删除/查询操作,前提是服务端已经成功运行,并且配置文件(e.g. /etc/etmem/example_conf.yaml)内容正确。 添加工程: ``` @@ -173,7 +175,7 @@ show命令: #### 使用方法 -通过etmem二进制执行任务启动/停止操作,前提是服务端已经成功运行,配置文件/etc/etmem/example_conf.yaml内容正确,且etmem工程已经创建。 +通过etmem二进制执行任务启动/停止操作,前提是服务端已经成功运行,配置文件(e.g. /etc/etmem/example_conf.yaml)内容正确,且etmem工程已经创建。 启动工程 ``` diff --git "a/docs/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" "b/docs/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" index a72a3f687f5e955eeb32729f4449c409bf92b8b7..6e70fe44133a830ccfa30e44180b87135e900e2b 100644 --- "a/docs/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" +++ "b/docs/zh/docs/Container/isula-build\346\236\204\345\273\272\345\267\245\345\205\267.md" @@ -21,10 +21,17 @@ * [rm: 删除本地持久化镜像](#rm-删除本地持久化镜像) * [save: 导出层叠镜像](#save-导出层叠镜像) * [tag: 给本地持久化镜像打标签](#tag-给本地持久化镜像打标签) + * [pull: 拉取镜像到本地](#pull-拉取镜像到本地) + * [push: 将本地镜像推送到远程仓库](#push-将本地镜像推送到远程仓库) * [info: 查看运行环境与系统信息](#info-查看运行环境与系统信息) * [login: 登录远端镜像仓库](#login-登录远端镜像仓库) * [logout: 退出远端镜像仓库](#logout-退出远端镜像仓库) * [version: 版本查询](#version-版本查询) + * [manifest: manifest列表管理(实验特性)](#manifest-manifest列表管理) + * [create: manifest列表创建](#create-manifest列表创建) + * [annotate: manifest列表更新](#annotate-manifest列表更新) + * [inspect: manifest列表查询](#inspect-manifest列表查询) + * [push: 将manifest列表推送到远程仓库](#push-将manifest列表推送到远程仓库) * [直接集成容器引擎](#直接集成容器引擎) * [与iSulad集成](#与isulad集成) * [与Docker集成](#与docker集成) @@ -77,7 +84,7 @@ isula-build采用服务端/客户端模式,其中,isula-build为客户端, **方法二:使用rpm包安装** -1. 从openEuler yum源中获取isula-build对应安装包isula-build-*.rpm。例如isula-build-0.9.3-1.oe1.x86_64.rpm。 +1. 从openEuler yum源中获取isula-build对应安装包isula-build-*.rpm。例如isula-build-0.9.5-6.oe1.x86_64.rpm。 2. 将获取的rpm软件包上传至目标服务器的任一目录,例如 /home/。 @@ -106,7 +113,8 @@ isula-build采用服务端/客户端模式,其中,isula-build为客户端, | loglevel | 可选 | 设置日志级别 | debug
info
warn
error | | run_root | 必选 | 设置运行时数据根目录 | 运行时数据根目录路径,例如/var/run/isula-build/ | | data_root | 必选 | 设置本地持久化目录 | 本地持久化目录路径,例如/var/lib/isula-build/ | -| runtime | 可选 | 设置runtime种类,目前仅支持runc。 | runc | +| runtime | 可选 | 设置runtime种类,目前仅支持runc | runc | +| group | 可选 | 设置本地套接字isula_build.sock文件属组使得加入该组的非特权用户可以操作isula-build | isula | - /etc/isula-build/storage.toml: 本地持久化存储的配置文件,包含所使用的存储驱动的配置。 @@ -134,6 +142,7 @@ isula-build采用服务端/客户端模式,其中,isula-build为客户端, > - isula-build 支持最大 1MiB 的上述配置文件。 > - isula-build 不支持将持久化工作目录 dataroot 配置在内存盘上,比如 tmpfs。 > - isula-build 目前仅支持使用overlay2为底层 graphdriver。 +> - 在设置--group参数前,需保证本地OS已经创建了对应的用户组,且非特权用户已经加入该组。重启isula-builder之后即可使该非特权用户使用isula-build功能。同时,为了保持权限一致性,isula-build的配置文件目录/etc/isula-build的数组也会被设置为--group指定的组。 @@ -182,6 +191,7 @@ sudo systemctl daemon-reload - --runroot: 运行时路径,默认为”/var/run/isula-build/“。 - --storage-driver:底层存储驱动类型。 - --storage-opt: 底层存储驱动配置。 +- --group: 设置本地套接字isula_build.sock文件属组使得加入该组的非特权用户可以操作isula-build,默认为“isula”。 >![](./public_sys-resources/icon-note.gif) **说明:** >当命令行启动参数中传递了与配置文件相同的配置选项时,优先使用命令行参数启动。 @@ -223,8 +233,10 @@ isula-build 客户端提供了一系列命令用于构建和管理容器镜像 - import,导入容器基础镜像。 - load,导入层叠镜像。 - rm,删除本地容器镜像。 - - save, 导出层叠镜像至本地磁盘。 + - save,导出层叠镜像至本地磁盘。 - tag,给本地容器镜像打tag。 + - pull,拉取镜像到本地。 + - push,推送本地镜像到远程仓库。 - info,查看isula-build的运行环境和系统信息。 - login,登录远端容器镜像仓库。 - logout,退出远端容器镜像仓库。 @@ -314,7 +326,7 @@ Build success with image id: 39b62a3342eed40b41a1bcd9cd455d77466550dfa0f0109af7a 对于容器镜像构建,isula-build支持相同的Dockerfile。如果构建环境相同,则多次构建生成的镜像内容和镜像ID相同。 -–build-static接受k=v形式的键值对选项,当前支持的选项有: +--build-static接受k=v形式的键值对选项,当前支持的选项有: - build-time:字符串类型。构建静态镜像的固定时间戳,格式为“YYYY-MM-DD HH-MM-SS”。时间戳影响diff层创建修改时间的文件属性。 @@ -351,7 +363,7 @@ $ cat testfile **\-o, --output** -目前 -o, –output 支持如下形式: +目前 -o, --output 支持如下形式: - `isulad:image:tag`:将构建成功的镜像直接推送到 iSulad。比如:`-o isulad:busybox:latest`。同时需要注意如下约束: @@ -411,6 +423,7 @@ $ sudo isula-build ctr-img build --cap-add CAP_SYS_ADMIN --cap-add CAP_SYS_PTRAC > - isula-build 的stage name最长可为64个字符。 > - isula-build 暂不支持对单次Dockerfile的构建进行资源限制。如有资源限制需求,可通过对 isula-builder 服务端配置资源限额的方式进行限制。 > - isula-build 目前不支持Dockerfile里的ADD指令提供的数据来源是远端url。 +> - isula-build 使用docker-archive类型导出的本地tar包未经压缩。如有需求,用户可以手动进行压缩。 @@ -446,13 +459,13 @@ isula-build ctr-img import [flags] ```sh $ sudo isula-build ctr-img import ./openEuler-docker.x86_64.tar.xz openeuler:21.03 -Import success with image id: 7317851cd2ab33263eb293f68efee9d724780251e4e92c0fb76bf5d3c5585e37 +Import success with image id: "aac8223a40e9c37558477671c4d66692c8ee5d37b28d947e10010911dd0549d8" $ sudo isula-build ctr-img images ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ -REPOSITORY TAG IMAGE ID CREATED SIZE ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ -openeuler 21.03 7317851cd2ab 2021-03-15 06:25:34 500 MB ----------------------------------------------- -------------------- ----------------- ------------------------ ------------ +--------------- ----------- ----------------- ------------------------ ------------ + REPOSITORY TAG IMAGE ID CREATED SIZE +--------------- ----------- ----------------- ------------------------ ------------ + openeuler 21.03 aac8223a40e9 2021-04-02 00:56:46 210 MB +--------------- ----------- ----------------- ------------------------ ------------ ``` >![](./public_sys-resources/icon-note.gif) **说明:** @@ -515,8 +528,8 @@ isula-build ctr-img rm IMAGE [IMAGE...] [FLAGS] 目前支持的 flags 为: -- -a, –all:删除所有本地持久化存储的镜像。 -- -p, –prune:删除所有没有tag的本地持久化存储的镜像。 +- -a, --all:删除所有本地持久化存储的镜像。 +- -p, --prune:删除所有没有tag的本地持久化存储的镜像。 使用示例如下: @@ -564,6 +577,27 @@ Storing signatures Save success with image: 21c3e96ac411 ``` +以下示例导出多个镜像到同一个tarball: +```sh +$ sudo isula-build ctr-img save busybox:latest nginx:latest -o all.tar +Getting image source signatures +Copying blob sha256:eb78099fbf7fdc70c65f286f4edc6659fcda510b3d1cfe1caa6452cc671427bf +Copying blob sha256:29f11c413898c5aad8ed89ad5446e89e439e8cfa217cbb404ef2dbd6e1e8d6a5 +Copying blob sha256:af5bd3938f60ece203cd76358d8bde91968e56491daf3030f6415f103de26820 +Copying config sha256:b8efb18f159bd948486f18bd8940b56fd2298b438229f5bd2bcf4cedcf037448 +Writing manifest to image destination +Storing signaturesGetting image source signatures +Copying blob sha256:e2d6930974a28887b15367769d9666116027c411b7e6c4025f7c850df1e45038 +Copying config sha256:a33de3c85292c9e65681c2e19b8298d12087749b71a504a23c576090891eedd6 +Writing manifest to image destination +Storing signatures +Save success with image: [busybox:latest nginx:latest] +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- save 导出的镜像默认格式为未压缩的tar格式,如有需求,用户可以再save之后手动压缩。 +>- 在导出镜像时,需要写明镜像的完整性,格式为IMAGE_NAME:IMAGE_TAG。 #### tag: 给本地持久化镜像打标签 @@ -593,6 +627,49 @@ alpine v1 a24bb4013296 ---------------------------------------------- ----------- ----------------- -------------------------- ------------ ``` +#### pull: 拉取镜像到本地 + +可通过pull命令拉取远程镜像仓库中的镜像到本地。命令原型如下: + +``` +isula-build ctr-img pull REPOSITORY[:TAG] +``` + +使用示例: + +```sh +$ sudo isula-build ctr-img pull example-registry/library/alpine:latest +Getting image source signatures +Copying blob sha256:8f52abd3da461b2c0c11fda7a1b53413f1a92320eb96525ddf92c0b5cde781ad +Copying config sha256:e4db68de4ff27c2adfea0c54bbb73a61a42f5b667c326de4d7d5b19ab71c6a3b +Writing manifest to image destination +Storing signatures +Pull success with image: example-registry/library/alpine:latest +``` + +#### push: 将本地镜像推送到远程仓库 + +可通过push命令将本地镜像推送到远程仓库。命令原型如下: + +``` +isula-build ctr-img push REPOSITORY[:TAG] +``` + +使用示例: + +```sh +$ sudo isula-build ctr-img push example-registry/library/mybusybox:latest +Getting image source signatures +Copying blob sha256:d2421964bad195c959ba147ad21626ccddc73a4f2638664ad1c07bd9df48a675 +Copying config sha256:f0b02e9d092d905d0d87a8455a1ae3e9bb47b4aa3dc125125ca5cd10d6441c9f +Writing manifest to image destination +Storing signatures +Push success with image: example-registry/library/mybusybox:latest +``` + +>![](./public_sys-resources/icon-note.gif) **说明:** +> +>- 推送镜像时,需要先登录对应的镜像仓库。 ### info: 查看运行环境与系统信息 @@ -605,12 +682,13 @@ alpine v1 a24bb4013296 支持如下Flags: -- -H, –human-readable 布尔值,以常用内存表示格式打印内存信息,使用1000次幂 +- -H, --human-readable 布尔值,以常用内存表示格式打印内存信息,使用1000次幂 +- -V, --verbose 布尔值,显示运行时内存占用信息 使用示例: ```sh -$ sudo isula-build info -H +$ sudo isula-build info -HV General: MemTotal: 7.63 GB MemFree: 757 MB @@ -630,6 +708,13 @@ $ sudo isula-build info -H Insecure Registries: localhost:5000 oepkgs.net + Runtime: + MemSys: 68.4 MB + HeapSys: 63.3 MB + HeapAlloc: 7.41 MB + MemHeapInUse: 8.98 MB + MemHeapIdle: 54.4 MB + MemHeapReleased: 52.1 MB ``` ### login: 登录远端镜像仓库 @@ -692,20 +777,117 @@ $ sudo isula-build info -H ```sh $ sudo isula-build version Client: - Version: 0.9.2 - Go Version: go1.13.3 - Git Commit: ccb2a13 - Built: Sat Aug 22 08:06:47 2020 + Version: 0.9.5-6 + Go Version: go1.15.7 + Git Commit: b82408f + Built: Tue Mar 30 11:08:00 2021 OS/Arch: linux/amd64 - + Server: - Version: 0.9.2 - Go Version: go1.13.3 - Git Commit: ccb2a13 - Built: Sat Aug 22 08:06:47 2020 + Version: 0.9.5 + Go Version: go1.15.5 + Git Commit: 64dbad50 + Built: Mon Apr 12 20:30:31 2021 OS/Arch: linux/amd64 ``` +### manifest: manifest列表管理 + +manifest列表包含不同系统架构对应的镜像信息,通过使用manifest列表,用户可以在不同的架构中使用相同的manifest(例如openeuler:latest)获取对应架构的镜像,manifest包含create、annotate、inspect和push子命令。 +> **说明:** +> +> - manifest为实验特性,使用时需开启客户端和服务端的实验选项,方式详见客户端总体说明和配置服务章节。 + + +#### create: manifest列表创建 + +manifest的子命令create用于创建manifest列表,命令原型为: + +``` +isula-build manifest create MANIFEST_LIST MANIFEST [MANIFEST...] +``` + +用户可以指定manifest列表的名称以及需要加入到列表中的远程镜像,若不指定任何远程镜像,则会创建一个空的manifest列表。 + +使用示例如下: + +```sh +$ sudo isula-build manifest create openeuler localhost:5000/openeuler_x86:latest localhost:5000/openeuler_aarch64:latest +``` + +#### annotate: manifest列表更新 + +manifest的子命令annotate用于更新manifest列表,命令原型为: + +``` +isula-build manifest annotate MANIFEST_LIST MANIFEST [flags] +``` + +用户可以指定需要更新的manifest列表以及其中的镜像,通过flags指定需要更新的选项,此命令也可用于添加新的镜像到列表中。 + +其中annotate包含如下flags: +- --arch: string,重写镜像适用架构 +- --os: string,重写镜像适用系统 +- --os-features: string列表,指定镜像需要的OS特性,很少使用 +- --variant: string,指定列表中记录镜像的变量 + +使用示例如下: + +```sh +$ sudo isula-build manifest annotate --os linux --arch arm64 openeuler:latest localhost:5000/openeuler_aarch64:latest +``` + +#### inspect: manifest列表查询 + +manifest子命令inspect用于查询manifest列表信息,命令原型为: + +``` +isula-build manifest inspect MANIFEST_LIST +``` + +使用示例如下: + +```sh +$ sudo isula-build manifest inspect openeuler:latest +{ + "schemaVersion": 2, + "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", + "manifests": [ + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "size": 527, + "digest": "sha256:bf510723d2cd2d4e3f5ce7e93bf1e52c8fd76831995ac3bd3f90ecc866643aff", + "platform": { + "architecture": "amd64", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.docker.distribution.manifest.v2+json", + "size": 527, + "digest": "sha256:f814888b4bb6149bd39ba8375a1932fb15071b4dbffc7f76c7b602b06abbb820", + "platform": { + "architecture": "arm64", + "os": "linux" + } + } + ] +} +``` + +#### push: 将manifest列表推送到远程仓库 + +manifest子命令push用于将manifest列表推送到远程仓库,命令原型为: + +``` +isula-build manifest push MANIFEST_LIST DESTINATION +``` + +使用示例如下: + +```sh +$ sudo isula-build manifest push openeuler:latest localhost:5000/openeuler:latest +``` ## 直接集成容器引擎 @@ -732,7 +914,7 @@ busybox 2.0 2d414a5cad6d 2020-08-01 06:41: > ![](./public_sys-resources/icon-note.gif) **说明:** > - 要求isula-build和iSulad在同一节点。 -> - 直接导出镜像到iSulad时,isula-build client端需要将构建成功的镜像暂存成 `/var/tmp/isula-build-tmp-%v.tar` 再导入至 iSulad,用户需要保证 /var/tmp/ 目录有足够磁盘空间;同时如果在导出过程中 isula-build client进程被KILL或Ctrl+C终止,需要依赖用户手动清理 `/var/tmp/isula-build-tmp-%v.tar` 文件。 +> - 直接导出镜像到iSulad时,isula-build client端需要将构建成功的镜像暂存成 `/var/lib/isula-build/tmp/[buildid]/isula-build-tmp-%v.tar` 再导入至 iSulad,用户需要保证 /var/lib/isula-build/tmp/ 目录有足够磁盘空间;同时如果在导出过程中 isula-build client进程被KILL或Ctrl+C终止,需要依赖用户手动清理 `/var/lib/isula-build/tmp/[buildid]/isula-build-tmp-%v.tar` 文件。 ### 与Docker集成 @@ -812,22 +994,24 @@ isula-build两个组件进程之间通过unix socket套接字文件进行通信 ### 文件与权限 -- isula-build 所有的操作均需要使用 root 权限。 +- isula-build 所有的操作均需要使用 root 权限。如需使用非特权用户操作,则需要配置--group参数 - isula-build 运行涉及文件权限如下表所示: | **文件路径** | **文件/文件夹权限** | **说明** | | ------------------------------------------- | ------------------- | ------------------------------------------------------------ | -| /usr/bin/isula-build | 550 | 命令行工具二进制文件。 | +| /usr/bin/isula-build | 551 | 命令行工具二进制文件。 | | /usr/bin/isula-builder | 550 | 服务端isula-builder进程二进制文件。 | | /usr/lib/systemd/system/isula-build.service | 640 | systemd配置文件,用于管理isula-build服务。 | +| /etc/isula-build | 650 | isula-builder 配置文件根目录 | | /etc/isula-build/configuration.toml | 600 | isula-builder 总配置文件,包含设置 isula-builder 日志级别、持久化目录和运行时目录、OCI runtime等。 | | /etc/isula-build/policy.json | 600 | 签名验证策略文件的语法文件。 | | /etc/isula-build/registries.toml | 600 | 针对各个镜像仓库的配置文件,含可用的镜像仓库列表、镜像仓库黑名单。 | | /etc/isula-build/storage.toml | 600 | 本地持久化存储的配置文件,包含所使用的存储驱动的配置。 | -| /var/run/isula_build.sock | 600 | 服务端isula-builder的本地套接字。 | +| /etc/isula-build/isula-build.pub | 444 | 非对称加密公钥文件 | +| /var/run/isula_build.sock | 660 | 服务端isula-builder的本地套接字。 | | /var/lib/isula-build | 700 | 本地持久化目录。 | | /var/run/isula-build | 700 | 本地运行时目录。 | -| /var/tmp/isula-build-tmp-*.tar | 600 | 镜像导出至iSulad时的本地暂存目录。 | +| /var/lib/isula-build/tmp/[buildid]/isula-build-tmp-*.tar | 644 | 镜像导出至iSulad时的本地暂存目录。 | diff --git a/docs/zh/docs/NVWA/NVWA.md b/docs/zh/docs/KernelLiveUpgrade/KernelLiveUpgrade.md similarity index 56% rename from docs/zh/docs/NVWA/NVWA.md rename to docs/zh/docs/KernelLiveUpgrade/KernelLiveUpgrade.md index cd64447b7fa2fa7a7e8882b0de49d1f1ccac2402..d82b48ce00d235fe5d7195cc190f928e47eec4bf 100644 --- a/docs/zh/docs/NVWA/NVWA.md +++ b/docs/zh/docs/KernelLiveUpgrade/KernelLiveUpgrade.md @@ -1,16 +1,16 @@ -# 内核热升级用户指南 - -本文档介绍openEuler系统内核热升级特性的安装部署和使用方法,openEuler的内核热替换特性通过快速重启内核和程序热迁移实现,我们提供了一个用户态工具 —— NVWA 以自动化这一过程。 - -本文档适用于使用openEuler系统并希望了解和使用NVWA的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备基础的Linux操作系统知识。 - -如果您想要对NVWA的工作机制有进一步了解,或者提出问题,进行代码合入,欢迎访问NVWA的[项目主页](https://gitee.com/openeuler/nvwa) - -## 使用场景 - -内核热升级的目标,是实现在秒级的端到端时延下,实现进程运行现场的保存和恢复。 - -使用场景通常符合以下两个条件: -1. 内核由于漏洞修复,版本更新等原因,需要重新启动 -2. 运行在内核之上的业务能够在内核重启后快速恢复状态 - +# 内核热升级用户指南 + +本文档介绍openEuler系统内核热升级特性的安装部署和使用方法,openEuler的内核热替换特性通过快速重启内核和程序热迁移实现,我们提供了一个用户态工具以自动化这一过程。 + +本文档适用于使用openEuler系统并希望了解和使用内核热升级的社区开发者、开源爱好者以及相关合作伙伴。使用人员需要具备基础的Linux操作系统知识。 + + + +## 使用场景 + +内核热升级的目标,是实现在秒级的端到端时延下,实现进程运行现场的保存和恢复。 + +使用场景通常符合以下两个条件: +1. 内核由于漏洞修复,版本更新等原因,需要重新启动 +2. 运行在内核之上的业务能够在内核重启后快速恢复状态 + diff --git "a/docs/zh/docs/NVWA/\344\275\277\347\224\250\346\226\271\346\263\225.md" "b/docs/zh/docs/KernelLiveUpgrade/\344\275\277\347\224\250\346\226\271\346\263\225.md" similarity index 85% rename from "docs/zh/docs/NVWA/\344\275\277\347\224\250\346\226\271\346\263\225.md" rename to "docs/zh/docs/KernelLiveUpgrade/\344\275\277\347\224\250\346\226\271\346\263\225.md" index cf74d065ee0dfbabb06969f1eb8c0ee46fd52a63..a70a6f9c792499b5944596817e9e43d8a5991d20 100644 --- "a/docs/zh/docs/NVWA/\344\275\277\347\224\250\346\226\271\346\263\225.md" +++ "b/docs/zh/docs/KernelLiveUpgrade/\344\275\277\347\224\250\346\226\271\346\263\225.md" @@ -1,107 +1,107 @@ -# NVWA使用方法 - - - -- [NVWA命令用法](#nvwa命令用法) -- [NVWA的使用限制](#nvwa的使用限制) -- [NVWA加速特性说明及使用](#nvwa加速特性说明及使用) -- [NVWA产生的日志信息](#nvwa产生的日志信息) - - -## NVWA命令用法 - -+ nvwa help - - 打印帮助信息,打印的信息如下: - ``` - NAME: - nvwa - a tool used for openEuler kernel update. - - USAGE: - nvwa [global options] command [command options] [arguments...] - - VERSION: - 0.1 - - COMMANDS: - update specify kernel version for nvwa to update - init init nvwa running environment - help, h Shows a list of commands or help for one command - - GLOBAL OPTIONS: - --help, -h show help (default: false) - --version, -v print the version (default: false) - ``` - -+ nvwa update - - 热升级到内核某一版本,nvwa会去/boot目录下寻找内核镜像和ramfs,kernel的命名格式需为vmlinuz-, rootfs命名格式需为initramfs-.img - - 需要注意的是,升级过程有可能会失败,如果失败,部分被dump的进程或者服务,将停止运行。 - -+ nvwa init - - 清除nvwa产生的现场信息以及对systemd的配置修改,用于nvwa执行前或者执行失败后,对现场进行清理 - -## NVWA的使用限制 - -1. 对于需要通过nvwa保存的service,其配置中需要设置标准输出(StandardOutput)和错误输出(StandardError),以redis为例: - - ``` - [Unit] - Description=Redis persistent key-value database - After=network.target - [Service] - ExecStart=/usr/bin/redis-server /etc/redis.conf --supervised systemd - Type=notify - User=redis - Group=redis - RuntimeDirectory=redis - RuntimeDirectoryMode=0755 - StandardOutput=file:/root/log1.log - StandardError=file:/root/log2.log - [Install] - WantedBy=multi-user.target - ``` - -2. 使用加速特性需要修改cmdline以及分配合适的内存,参见[此处](#nvwa加速特性说明及使用) - -3. NVWA运行过程中需要关闭SELINUX - - 理论上,仅需要在执行nvwa update之后和系统重启nvwa恢复现场这段时间前需要关闭。稳妥起见,建议全程关闭SELINUX。 - -## NVWA加速特性说明及使用 - -1. cpu park(加速内核重启过程) - - cpu park,是在使用kexec过程,使cpu进入一种忙等的状态,更快的响应主核发送的中断请求,减少状态的变化。 - - 使用cpu park,需要在cmdline中加入"cpuparkmem=0x200000000",其中0x200000000是一段未被其他程序使用的内存起始地址,cpuparkmem将占用从该地址开始,size为1M左右的内存空间。 - - 需要注意的是,在内存允许的情况下,此处的地址选择,建议范围在4G(0x100000000)之后,前4G通常被系统各组件预留,容易冲突。 - -2. quick kexec(加速内核启动过程) - - quick kexec,是对kexec加载镜像过程中的一种加速。 - - 使用quick kexec,需要在配置文件中使能相关选项,更多信息参考<<安装与部署>>(配置介绍) - -3. pin_memory(加速现场保存恢复过程) - - pin memory,是对criu进行现场保存恢复过程中的一种加速。 - - 使用pin memory,需要在配置文件中使能相关选项,更多信息参考<<安装与部署>>(配置介绍) - - -## NVWA产生的日志信息 - -nvwa产生的日志分为两部分: - -+ 运行过程产生的日志 - - 通过service nvwa status查看 - -+ 保留现场过程中产生的日志 - - 日志位于criu_dir指定的路径对应命名的进程/服务文件夹中 - +# 使用方法 + + + +- [命令用法](#命令用法) +- [的使用限制](#使用限制) +- [加速特性说明及使用](#加速特性说明及使用) +- [产生的日志信息](#产生的日志信息) + + +## 命令用法 + ++ nvwa help + + 打印帮助信息,打印的信息如下: + ``` + NAME: + nvwa - a tool used for openEuler kernel update. + + USAGE: + nvwa [global options] command [command options] [arguments...] + + VERSION: + 0.1 + + COMMANDS: + update specify kernel version for nvwa to update + init init nvwa running environment + help, h Shows a list of commands or help for one command + + GLOBAL OPTIONS: + --help, -h show help (default: false) + --version, -v print the version (default: false) + ``` + ++ nvwa update + + 热升级到内核某一版本,nvwa会去/boot目录下寻找内核镜像和ramfs,kernel的命名格式需为vmlinuz-, rootfs命名格式需为initramfs-.img + + 需要注意的是,升级过程有可能会失败,如果失败,部分被dump的进程或者服务,将停止运行。 + ++ nvwa init + + 清除nvwa产生的现场信息以及对systemd的配置修改,用于nvwa执行前或者执行失败后,对现场进行清理 + +## 使用限制 + +1. 对于需要通过nvwa保存的service,其配置中需要设置标准输出(StandardOutput)和错误输出(StandardError),以redis为例: + + ``` + [Unit] + Description=Redis persistent key-value database + After=network.target + [Service] + ExecStart=/usr/bin/redis-server /etc/redis.conf --supervised systemd + Type=notify + User=redis + Group=redis + RuntimeDirectory=redis + RuntimeDirectoryMode=0755 + StandardOutput=file:/root/log1.log + StandardError=file:/root/log2.log + [Install] + WantedBy=multi-user.target + ``` + +2. 使用加速特性需要修改cmdline以及分配合适的内存,参见[此处](#nvwa加速特性说明及使用) + +3. 运行过程中需要关闭SELINUX + + 理论上,仅需要在执行nvwa update之后和系统重启nvwa恢复现场这段时间前需要关闭。稳妥起见,建议全程关闭SELINUX。 + +## 加速特性说明及使用 + +1. cpu park(加速内核重启过程) + + cpu park,是在使用kexec过程,使cpu进入一种忙等的状态,更快的响应主核发送的中断请求,减少状态的变化。 + + 使用cpu park,需要在cmdline中加入"cpuparkmem=0x200000000",其中0x200000000是一段未被其他程序使用的内存起始地址,cpuparkmem将占用从该地址开始,size为1M左右的内存空间。 + + 需要注意的是,在内存允许的情况下,此处的地址选择,建议范围在4G(0x100000000)之后,前4G通常被系统各组件预留,容易冲突。 + +2. quick kexec(加速内核启动过程) + + quick kexec,是对kexec加载镜像过程中的一种加速。 + + 使用quick kexec,需要在配置文件中使能相关选项,更多信息参考<<安装与部署>>(配置介绍) + +3. pin_memory(加速现场保存恢复过程) + + pin memory,是对criu进行现场保存恢复过程中的一种加速。 + + 使用pin memory,需要在配置文件中使能相关选项,更多信息参考<<安装与部署>>(配置介绍) + + +## 产生的日志信息 + +内核热升级工具产生的日志分为两部分: + ++ 运行过程产生的日志 + + 通过service nvwa status查看 + ++ 保留现场过程中产生的日志 + + 日志位于criu_dir指定的路径对应命名的进程/服务文件夹中 + diff --git "a/docs/zh/docs/NVWA/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" "b/docs/zh/docs/KernelLiveUpgrade/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" similarity index 57% rename from "docs/zh/docs/NVWA/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" rename to "docs/zh/docs/KernelLiveUpgrade/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" index 35985b7de9cc213f44bf9f2eb6c6230a5abac087..a24e5630e09f94925fc42e66fde73bb4892bfdff 100644 --- "a/docs/zh/docs/NVWA/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" +++ "b/docs/zh/docs/KernelLiveUpgrade/\345\256\211\350\243\205\344\270\216\351\203\250\347\275\262.md" @@ -1,176 +1,177 @@ -# 安装与部署 -本章介绍如何安装和部署NVWA。 - -- [安装与部署](#安装与部署) - - [软硬件要求](#软硬件要求) - - [硬件要求](#硬件要求) - - [软件要求](#软件要求) - - [环境准备](#环境准备) - - [安装NVWA](#安装nvwa) - - [部署NVWA](#部署nvwa) - - [配置介绍](#配置介绍) - - [使能NVWA](#使能nvwa) - - -## 软硬件要求 - -### 硬件要求 - -- 当前仅支持arm64架构 - -### 软件要求 - -- 操作系统:openEuler 21.03 - -## 环境准备 - -- 安装openEuler系统,安装方法参考 《openEuler 21.03 安装指南》 - -- 安装NVWA需要使用root权限 - -## 安装NVWA - -本章介绍NVWA的安装方法 - -安装NVWA的操作步骤如下: - -1. 挂载openEuler的iso文件 - - ``` - # mount openEuler-21.03-aarch64-dvd.iso /mnt - ``` - -2. 配置本地yum源 - - ``` - # vim /etc/yum.repos.d/local.repo - ``` - - 配置内容如下所示: - - ``` - [local] - name=local - baseurl=file:///mnt - gpgcheck=1 - enabled=1 - ``` - -3. 将RPM数字签名的GPG公钥导入系统 - - ``` - # rpm --import /mnt/RPM-GPG-KEY-openEuler - ``` - - -4. 安装NVWA - - ``` - # yum install nvwa -y - ``` - -5. 验证是否安装成功。命令和回显如下表示安装成功 - - ``` - # rpm -qa | grep nvwa - nvwa-xxx - ``` - - -## 部署NVWA - -本章介绍NVWA的配置部署: - -### 配置介绍 - -NVWA的配置文件位于/etc/nvwa,配置文件包括: -- nvwa-restore.yaml - - 该配置文件用于指导NVWA在内核热升级过程中如何保存和恢复现场,具体配置如下: - - + pids - - pids用于指明nvwa热升级过程中需要保留和恢复的进程,此处的进程通过进程号(pid)进行标识,需要注意的是,nvwa管理的进程在nvwa服务启动后,会被自动恢复。 - - + services - - services用于指明nvwa热升级过程中需要保留和恢复的服务。与pids的区别在于,NVWA可以直接保存和恢复进程的状态,对于服务,NVWA则需要依赖systemd进行相关操作。此处的服务名称,应该使用systemd中使用的服务名称。需要注意的是,对于nvwa管理的服务,是否要在nvwa启动时自动恢复,取决于systemd中有没有使能该服务,且当前支持的服务类型只有notify和oneshot。 - - + restore_net - - restore_net用于指明是否需要NVWA保存和恢复网络配置,如果网络配置有误,有可能导致恢复后网络不可用,默认关闭。 - - + enable_quick_kexec - - enable_quick_kexec用于指明是否需要使能quick kexec特性,quick kexec是nvwa社区推出的,加速内核重启过程的一个特性。使用该特性,需要在cmdline中,加入"quickkexec=128M"。128指分配给quick kexec特性的内存大小,该内存将用于在升级过程中加载kernel和initramfs,因此大小需要大于升级过程中涉及到的kernel,initramfs大小之和。该特性默认关闭。 - - + enable_pin_memory - - enable_pin_memory用于指明是否需要使能pin memory特性,pin memory是nvwa社区推出的,加速进程保存恢复过程的一个特性。使用该特性,需要在cmdline中,加入"max_pin_pid_num=10 redirect_space_size=2M pinmemory=200M@0x640000000"。 - - 其中,max_pin_pid_num代表支持pin memory恢复的最大进程数目,redirect_space_size代表pin memory过程中重定向物理页所需要的预留内存空间,建议配置为pin memory总预留内存的1/100,pinmemory指明这段内存的起点和大小。从0x640000000开始的200M空间,是pin memory使用的全部内存空间,这段空间不应该被其他程序使用。 - -- nvwa-restore.yaml的配置示例 -``` -pids: - - 14109 -services: - - redis -restore_net: false -enable_quick_kexec: true -enable_pin_memory: true -``` - -- nvwa-server.yaml - - 该文件包含了NVWA运行过程中,需要使用到的配置信息,具体如下: - - + criu_dir - - 用于指明NVWA在保存现场过程中,存储产生的信息文件夹路径。需要注意的是,这些信息可能会占用较大的磁盘空间。 - - + criu_exe - - 用于指明NVWA使用的criu可执行文件路径,除非是对criu进行调测,一般不建议修改。 - - + kexec_exe - - 用于指明NVWA使用的kexec可执行文件路径,除非是对kexec进行调测,一般不建议修改。 - - + systemd_etc - - 用于指明覆盖systemd配置过程中,使用到的文件夹路径。该路径由systemd决定,一般不需要修改。 - - + log_dir - - 存放NVWA产生的log信息,log模块当前未启用。NVWA日志信息的查看,参考其他章节<<使用方法>> - -- nvwa-server.yaml的配置示例 - -``` -criu_dir: /var/nvwa/running/ -criu_exe: /usr/sbin/criu -kexec_exe: /usr/sbin/kexec -systemd_etc: /etc/systemd/system/ -log_dir: /etc/nvwa/log/ -``` - -## 使能NVWA - -NVWA的运行依赖配置文件,配置文件修改后应该重新运行NVWA程序。 - -安装成功后,可以通过systemd的相关命令来操作NVWA - -+ 使能nvwa - - systemctl enable nvwa - -+ 启动nvwa - - systemctl start nvwa - -+ 查看nvwa日志 - - service nvwa status - -+ 更多用法参考systemd用法 +# 安装与部署 +本章介绍如何安装和部署内核热升级工具。 + + +- [安装与部署](#安装与部署) + - [软硬件要求](#软硬件要求) + - [硬件要求](#硬件要求) + - [软件要求](#软件要求) + - [环境准备](#环境准备) + - [安装内核热升级工具](#安装内核热升级工具) + - [部署内核热升级工具](#部署内核热升级工具) + - [配置介绍](#配置介绍) + - [使能内核热升级工具](#使能内核热升级工具) + + +## 软硬件要求 + +### 硬件要求 + +- 当前仅支持arm64架构 + +### 软件要求 + +- 操作系统:openEuler 21.03 + +## 环境准备 + +- 安装openEuler系统,安装方法参考 《openEuler 21.03 安装指南》 + +- 安装内核热升级工具需要使用root权限 + +## 安装内核热升级工具 + +本章介绍内核热升级工具的安装方法 + +安装内核热升级工具的操作步骤如下: + +1. 挂载openEuler的iso文件 + + ``` + # mount openEuler-21.03-aarch64-dvd.iso /mnt + ``` + +2. 配置本地yum源 + + ``` + # vim /etc/yum.repos.d/local.repo + ``` + + 配置内容如下所示: + + ``` + [local] + name=local + baseurl=file:///mnt + gpgcheck=1 + enabled=1 + ``` + +3. 将RPM数字签名的GPG公钥导入系统 + + ``` + # rpm --import /mnt/RPM-GPG-KEY-openEuler + ``` + + +4. 安装内核热升级工具 + + ``` + # yum install nvwa -y + ``` + +5. 验证是否安装成功。命令和回显如下表示安装成功 + + ``` + # rpm -qa | grep nvwa + nvwa-xxx + ``` + + +## 部署内核热升级工具 + +本章介绍内核热升级工具的配置部署: + +### 配置介绍 + +内核热升级工具的配置文件位于/etc/nvwa,配置文件包括: +- nvwa-restore.yaml + + 该配置文件用于指导内核热升级工具在内核热升级过程中如何保存和恢复现场,具体配置如下: + + + pids + + pids用于指明nvwa热升级过程中需要保留和恢复的进程,此处的进程通过进程号(pid)进行标识,需要注意的是,nvwa管理的进程在nvwa服务启动后,会被自动恢复。 + + + services + + services用于指明nvwa热升级过程中需要保留和恢复的服务。与pids的区别在于,内核热升级工具可以直接保存和恢复进程的状态,对于服务,内核热升级工具则需要依赖systemd进行相关操作。此处的服务名称,应该使用systemd中使用的服务名称。需要注意的是,对于nvwa管理的服务,是否要在nvwa启动时自动恢复,取决于systemd中有没有使能该服务,且当前支持的服务类型只有notify和oneshot。 + + + restore_net + + restore_net用于指明是否需要内核热升级工具保存和恢复网络配置,如果网络配置有误,有可能导致恢复后网络不可用,默认关闭。 + + + enable_quick_kexec + + enable_quick_kexec用于指明是否需要使能quick kexec特性,quick kexec是nvwa社区推出的,加速内核重启过程的一个特性。使用该特性,需要在cmdline中,加入"quickkexec=128M"。128指分配给quick kexec特性的内存大小,该内存将用于在升级过程中加载kernel和initramfs,因此大小需要大于升级过程中涉及到的kernel,initramfs大小之和。该特性默认关闭。 + + + enable_pin_memory + + enable_pin_memory用于指明是否需要使能pin memory特性,pin memory是nvwa社区推出的,加速进程保存恢复过程的一个特性。使用该特性,需要在cmdline中,加入"max_pin_pid_num=10 redirect_space_size=2M pinmemory=200M@0x640000000"。 + + 其中,max_pin_pid_num代表支持pin memory恢复的最大进程数目,redirect_space_size代表pin memory过程中重定向物理页所需要的预留内存空间,建议配置为pin memory总预留内存的1/100,pinmemory指明这段内存的起点和大小。从0x640000000开始的200M空间,是pin memory使用的全部内存空间,这段空间不应该被其他程序使用。 + +- nvwa-restore.yaml的配置示例 +``` +pids: + - 14109 +services: + - redis +restore_net: false +enable_quick_kexec: true +enable_pin_memory: true +``` + +- nvwa-server.yaml + + 该文件包含了内核热升级工具运行过程中,需要使用到的配置信息,具体如下: + + + criu_dir + + 用于指明内核热升级工具在保存现场过程中,存储产生的信息文件夹路径。需要注意的是,这些信息可能会占用较大的磁盘空间。 + + + criu_exe + + 用于指明内核热升级工具使用的criu可执行文件路径,除非是对criu进行调测,一般不建议修改。 + + + kexec_exe + + 用于指明内核热升级工具使用的kexec可执行文件路径,除非是对kexec进行调测,一般不建议修改。 + + + systemd_etc + + 用于指明覆盖systemd配置过程中,使用到的文件夹路径。该路径由systemd决定,一般不需要修改。 + + + log_dir + + 存放内核热升级工具产生的log信息,log模块当前未启用。内核热升级工具日志信息的查看,参考其他章节<<使用方法>> + +- nvwa-server.yaml的配置示例 + +``` +criu_dir: /var/nvwa/running/ +criu_exe: /usr/sbin/criu +kexec_exe: /usr/sbin/kexec +systemd_etc: /etc/systemd/system/ +log_dir: /etc/nvwa/log/ +``` + +## 使能内核热升级工具 + +内核热升级工具的运行依赖配置文件,配置文件修改后应该重新运行内核热升级工具程序。 + +安装成功后,可以通过systemd的相关命令来操作内核热升级工具 + ++ 使能nvwa + + systemctl enable nvwa + ++ 启动nvwa + + systemctl start nvwa + ++ 查看nvwa日志 + + service nvwa status + ++ 更多用法参考systemd用法 diff --git "a/docs/zh/docs/NVWA/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" "b/docs/zh/docs/KernelLiveUpgrade/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" similarity index 94% rename from "docs/zh/docs/NVWA/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" rename to "docs/zh/docs/KernelLiveUpgrade/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" index bb3b71704cba1aed1cbc8afa89ce8ad7ec488326..1257541035305dd8c618f0c0658b80969c0350b4 100644 --- "a/docs/zh/docs/NVWA/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" +++ "b/docs/zh/docs/KernelLiveUpgrade/\345\270\270\350\247\201\351\227\256\351\242\230\344\270\216\350\247\243\345\206\263\346\226\271\346\263\225.md" @@ -1,27 +1,27 @@ -1. 执行nvwa update后未升级 - - 原因:保留现场或者内核替换过程中出现错误。 - - 解决方法:查看日志,找出错误原因。 - -2. 开启加速特性后,nvwa执行命令失败 - - 原因:nvwa提供了诸多加速特性,包括quick kexec,pin memory,cpu park等等。这些特性都涉及到cmdline的配置和内存的分配,在选取内存时,通过cat /proc/iomemory确保选取的内存没有与其他程序冲突。必要时,通过dmesg查看使能特性后是否存在错误日志。 - -3. 热升级后,相关现场未被恢复 - - 原因:首先检查nvwa服务是否运行,运行情况下,可能存在两种情况,一种是服务恢复失败,一种是进程恢复失败。 - - 解决方法:通过service nvwa status查看nvwa的日志,如果是服务启动失败,首先确认是否使能了该服务,再通过systemd查看对应服务的日志。进一步的日志,去criu_dir指定的路径对应命名的进程/服务文件夹中。其中dump.log为保存现场产生的日志,restore.log为恢复现场产生的。 - -4. 恢复失败,日志显示Can't fork for 948: File exists - - 原因:NVWA在恢复程序过程中,发现程序的pid已经被占用。 - - 解决方法:当前内核没有提供保留pid的机制,相关策略正在开发,预计会在将来的内核版本中解决这一限制,当前仅能手动重启相关进程。 - -5. 使用nvwa去保存和恢复简单程序(hello world),显示失败或者程序未在执行 - - 原因: criu使用存在诸多限制 - +1. 执行nvwa update后未升级 + + 原因:保留现场或者内核替换过程中出现错误。 + + 解决方法:查看日志,找出错误原因。 + +2. 开启加速特性后,nvwa执行命令失败 + + 原因:nvwa提供了诸多加速特性,包括quick kexec,pin memory,cpu park等等。这些特性都涉及到cmdline的配置和内存的分配,在选取内存时,通过cat /proc/iomemory确保选取的内存没有与其他程序冲突。必要时,通过dmesg查看使能特性后是否存在错误日志。 + +3. 热升级后,相关现场未被恢复 + + 原因:首先检查nvwa服务是否运行,运行情况下,可能存在两种情况,一种是服务恢复失败,一种是进程恢复失败。 + + 解决方法:通过service nvwa status查看nvwa的日志,如果是服务启动失败,首先确认是否使能了该服务,再通过systemd查看对应服务的日志。进一步的日志,去criu_dir指定的路径对应命名的进程/服务文件夹中。其中dump.log为保存现场产生的日志,restore.log为恢复现场产生的。 + +4. 恢复失败,日志显示Can't fork for 948: File exists + + 原因:内核热升级工具在恢复程序过程中,发现程序的pid已经被占用。 + + 解决方法:当前内核没有提供保留pid的机制,相关策略正在开发,预计会在将来的内核版本中解决这一限制,当前仅能手动重启相关进程。 + +5. 使用nvwa去保存和恢复简单程序(hello world),显示失败或者程序未在执行 + + 原因: criu使用存在诸多限制 + 解决办法:查看nvwa的日志,如果显示是criu相关的错误,去相应的目录下检查dump.log或者restore.log,criu相关的使用限制,可以参考[wiki](https://criu.org/What_cannot_be_checkpointed) \ No newline at end of file diff --git "a/docs/zh/docs/Kubernetes/\351\203\250\347\275\262Kubernetes\351\233\206\347\276\244.md" "b/docs/zh/docs/Kubernetes/\351\203\250\347\275\262Kubernetes\351\233\206\347\276\244.md" index fb6a6dee6d132626131b43d18a20bb8f83b67f3a..cb073849afa174b5c5e93daf7160a85e88e1bdb1 100644 --- "a/docs/zh/docs/Kubernetes/\351\203\250\347\275\262Kubernetes\351\233\206\347\276\244.md" +++ "b/docs/zh/docs/Kubernetes/\351\203\250\347\275\262Kubernetes\351\233\206\347\276\244.md" @@ -9,11 +9,11 @@ | HostName | MAC | IPv4 | | ---------- | ----------------- | ------------------ | -| k8smaster0 | 52:54:00:00:00:80 | 192.168.122.154/24 | -| k8smaster1 | 52:54:00:00:00:81 | 192.168.122.155/24 | -| k8smaster2 | 52:54:00:00:00:82 | 192.168.122.156/24 | -| k8snode1 | 52:54:00:00:00:83 | 192.168.122.157/24 | -| k8snode2 | 52:54:00:00:00:84 | 192.168.122.158/24 | -| k8snode3 | 52:54:00:00:00:85 | 192.168.122.159/24 | +| k8smaster0 | 52:54:00:00:00:80 | 192.168.122.154/24 | +| k8smaster1 | 52:54:00:00:00:81 | 192.168.122.155/24 | +| k8smaster2 | 52:54:00:00:00:82 | 192.168.122.156/24 | +| k8snode1 | 52:54:00:00:00:83 | 192.168.122.157/24 | +| k8snode2 | 52:54:00:00:00:84 | 192.168.122.158/24 | +| k8snode3 | 52:54:00:00:00:85 | 192.168.122.159/24 | diff --git "a/docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" "b/docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" index e7374faba3b76702998bd2f4e99c7679002c1887..c3940611f56669ea8f198336ce751a47bc4db6ab 100644 --- "a/docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" +++ "b/docs/zh/docs/Releasenotes/CVE\346\274\217\346\264\236.md" @@ -1,4 +1,4 @@ # CVE漏洞 -版本涉及的CVE可通过[CVE列表](https://cve.openeuler.org/#/CVE)查询。 +版本涉及的CVE可通过[CVE列表](https://openeuler.org/zh/security/cve/)查询。 diff --git "a/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" "b/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" index f1128b75e8db004d8f2b62ff3888ddfd3f1ade80..83832eeff95b15a8f8b73d21836c7f549797e95d 100644 --- "a/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" +++ "b/docs/zh/docs/Releasenotes/\345\205\263\351\224\256\347\211\271\346\200\247.md" @@ -2,38 +2,49 @@ ## 全新的5.10内核 深度优化调度、IO、内存管理,提供Arm64、x86、RISC-V等更多算力支持。 -- **调度器优化**,优化了 CFS Task 的公平性,新增 numa aware 异步调用机制,在 NVDIMM 初始化方面有明显的提升;优化 SCHED_IDLE 的调度策略,显著改善高优先级任务的调度延迟,降低对其他任务的干扰。 -- **numa balancing 机制优化**,带来更好的亲和性、更高的使用率和更少的无效迁移。 -- **CPU 隔离机制增强**,支持中断隔离,支持 unbound kthreads 隔离,增强 CPU 核的隔离性,可以更好的避免业务间的相互干扰。 -- **cgroup单线程迁移性能优化**,消除对 thread group 读写信号量的依赖;引入Time Namespaces 使容器迁移更方便。 -- **系统容器限制容器内使用文件句柄数能力支持**,文件句柄包括普通文件句柄和网络套接字,启动容器时,可以通过指定`--files-limit`参数限制容器内打开的最大句柄数。 -- **PSI 能力支持**,PSI (Pressure Stall Information)提供了一种评估系统资源如 CPU、Memory、IO 压力的方法。准确的检测方法可以帮助资源使用者确定合适的工作量,同时也可以帮助系统制定高效的资源调度策略,最大化利用系统资源,最大化改善用户体验。 -- **进程间通信优化**,pipe/epoll_wait 唤醒机制优化,解决唤醒多个等待线程的性能问题。 -- **内存管理增强**,精细化内存控制、统计,异构内存,热插拔、内存初始化等功能均有改善,并提供更有效的用户控制接口; 热点锁及信号量优化,激进内存规整和碎片整理,优化vmap/vmalloc机制,显著提升内存申请效率提升; KASAN、kmemleak、slub_debug、oom等内存维测特性增强,提升内存问题定位及解决效率。 -- **Early Departure Time模型切换**,解决了原来发包过程中TCP框架的限制,根据调度策略给数据包设置EDT时间戳,避免大的队列缓存带来的时延,带来tcp性能的较大提高。 -- **MultiPath TCP 支持**,可在移动与数据场景提升性能和可靠性,支持在负载均衡场景多条子流并行传输。 -- **日志 fast commit 方法引入**,EXT4 引入了新的、更轻量级的日志方法 `-fast commit`,可以大大加快 `fsync` 等耗时较长的操作,带来更好的性能。 -- **支持dm writecache 特性**,提升 SSD 大块顺序写性能,提高 DDR 持久性内存的性能。 -- **支持 io_uring**, io_uring 是一个新的异步IO框架和实现,支持 polling 模式,在polling模式下,性能提升显著,与spdk接近,在队列深度较高时性能更好。 -- **支持 ILP32**, 在鲲鹏920 Arm64 环境上支持 32 位的应用程序。 -- **IMA 商用增强**,在开源 IMA 方案基础上,增强安全性、提升性能、提高易用性,助力商用落地。 -- **支持 per task 栈检查**,增强对 ROP 攻击的防护能力。 -- **MPAM资源管控**,支持 Arm64架构Cache QoS 以及内存带宽控制技术。 -- **支持基于 SEDI 的 NMI 机制和基于 PMU 的 NMI 机制**,使能 hard lockup 检测;使能 perf nmi,能更精确的进行性能分析。 -- **Arm64 平台支持虚拟机 CPU 热插拔**,提高资源配置的灵活性。 -- **Arm64 kdump 增强**, 支持对 4G 以上地址的内存预留,使 kdump 能预留更多的内存空间,支持更大内存的机器。 -- **支持 Raspberry PI 系列板卡**,树莓派的支持已经合入原生的 openEuler 21.03 内核,可以直接使用 openEuler 21.03 内核源码调试。 -- **RISC-V 平台支持 KVM 虚拟化** -- **支持 1822 智能网卡** - -## 内核热升级(NVWA) -NVWA是一种 OS 漏洞修复及升级解决方案,实现内核快速热替换,业务不感知。 + +- **调度器优化**,优化了 CFS Task 的公平性,新增 numa aware 异步调用机制,在 NVDIMM 初始化方面有明显的提升;优化 SCHED_IDLE 的调度策略,显著改善高优先级任务的调度延迟,降低对其他任务的干扰。 +- **numa balancing 机制优化**,带来更好的亲和性、更高的使用率和更少的无效迁移。 +- **CPU 隔离机制增强**,支持中断隔离,支持 unbound kthreads 隔离,增强 CPU 核的隔离性,可以更好的避免业务间的相互干扰。 +- **cgroup单线程迁移性能优化**,消除对 thread group 读写信号量的依赖;引入Time Namespaces 使容器迁移更方便。 +- **系统容器限制容器内使用文件句柄数能力支持**,文件句柄包括普通文件句柄和网络套接字,启动容器时,可以通过指定`--files-limit`参数限制容器内打开的最大句柄数。 +- **PSI 能力支持**,PSI (Pressure Stall Information)提供了一种评估系统资源如 CPU、Memory、IO 压力的方法。准确的检测方法可以帮助资源使用者确定合适的工作量,同时也可以帮助系统制定高效的资源调度策略,最大化利用系统资源,最大化改善用户体验。 +- **进程间通信优化**,pipe/epoll_wait 唤醒机制优化,解决唤醒多个等待线程的性能问题。 +- **内存管理增强**,精细化内存控制、统计,异构内存,热插拔、内存初始化等功能均有改善,并提供更有效的用户控制接口; 热点锁及信号量优化,激进内存规整和碎片整理,优化vmap/vmalloc机制,显著提升内存申请效率提升; KASAN、kmemleak、slub_debug、oom等内存维测特性增强,提升内存问题定位及解决效率。 +- **Early Departure Time模型切换**,解决了原来发包过程中TCP框架的限制,根据调度策略给数据包设置EDT时间戳,避免大的队列缓存带来的时延,带来tcp性能的较大提高。 +- **MultiPath TCP 支持**,可在移动与数据场景提升性能和可靠性,支持在负载均衡场景多条子流并行传输。 +- **日志 fast commit 方法引入**,EXT4 引入了新的、更轻量级的日志方法 `-fast commit`,可以大大加快 `fsync` 等耗时较长的操作,带来更好的性能。 +- **支持dm writecache 特性**,提升 SSD 大块顺序写性能,提高 DDR 持久性内存的性能。 +- **支持 io_uring**, io_uring 是一个新的异步IO框架和实现,支持 polling 模式,在polling模式下,性能提升显著,与spdk接近,在队列深度较高时性能更好。 +- **支持 ILP32**, 在鲲鹏920 Arm64 环境上支持 32 位的应用程序。 +- **IMA 商用增强**,在开源 IMA 方案基础上,增强安全性、提升性能、提高易用性,助力商用落地。 +- **支持 per task 栈检查**,增强对 ROP 攻击的防护能力。 +- **MPAM资源管控**,支持 Arm64架构Cache QoS 以及内存带宽控制技术。 +- **支持基于 SEDI 的 NMI 机制和基于 PMU 的 NMI 机制**,使能 hard lockup 检测;使能 perf nmi,能更精确的进行性能分析。 +- **Arm64 平台支持虚拟机 CPU 热插拔**,提高资源配置的灵活性。 +- **Arm64 kdump 增强**, 支持对 4G 以上地址的内存预留,使 kdump 能预留更多的内存空间,支持更大内存的机器。 +- **支持 Raspberry PI 系列板卡**,树莓派的支持已经合入原生的 openEuler 21.03 内核,可以直接使用 openEuler 21.03 内核源码调试。 +- **RISC-V 平台支持 KVM 虚拟化** +- **支持 1822 智能网卡** + +## 内核热升级 +内核热升级是一种 OS 漏洞修复及升级解决方案,实现内核快速热替换,业务不感知。 + - **Cpu Park、Quick Kexec 特性**加速系统启停,减少宕机时间,增加系统可用性。 - **Pin Memory、Pmem 特性**保证业务进程快速准确恢复,提升业务韧性。 -- **NVWA控制器**提供 gRPC 通信接口,容易使用。 +- **内核热升级控制器**提供 gRPC 通信接口,容易使用。 + +## 内存分级扩展 +支持多种内存、存储介质统一管理,系统容量平滑扩展。 + +- **冷热页面识别**,通过内核态的内存页面忙闲统计机制,精确识别进程内存页面访问冷热分布。 +- **淘汰策略可配置**,提供配置接口,可定制内存页面冷热分级策略。 +- **平滑扩展**,冷页面自动换出到扩展内存,部署在其上的软件不需要改变和适配编程方式的情况下兼容的运行。 +- **多介质扩展支持**,支持SCM、XL Flash、NVMe SSD等多种介质作为扩展内存,根据介质自身访问速度指定内存冷热分层方案,达到扩展内存并减少性能损失的目的。 ## 虚拟化功能和可维测能力增强 增加热迁移 Pro 能力扩展,提升可维可测能力。 + - **热迁移Pro特性**,增强热迁移 multifd 支持 TLS,保障迁移过程数据安全;支持热迁移数据并行压缩,提升迁移性能;增加数据页面访问频率统计,支撑热迁移数据提前预测。 - **性能调试工具(vmtop)**, 可以实时动态查看虚拟机的资源使用情况,包括CPU使用率,内存使用率等信息。新增扩展支持x86_64架构。 - **IO悬挂支持**,IO发生错误时默认自动重试,超时会上报告警。 @@ -41,20 +52,15 @@ NVWA是一种 OS 漏洞修复及升级解决方案,实现内核快速热替换 ## 轻量虚拟运行时(Stratovirt) 增加弹性内存、大页功能、系统调用过滤功能,增强IO子系统提升性能和稳定性。 + - **弹性内存支持**,根据工作负载的内存需求,实现内存的分配和回收, virtio-balloon内存回收速度达3GB/秒。 - **大页支持**,在轻量级框架下提供大页的支持,可为轻量级虚拟机提供连续的物理内存页面,提高虚拟机内存访问效率。 - **系统调用过滤**,简化设备模型,增加系统调用过滤支持,最简配置下仅需使用35个系统调用,有效减小系统攻击面。 - **IO子系统增强**,支持多通道并发IO能力支持,提升性能;支持IO-QOS能力,提升虚拟机IO流量管理的灵活性和稳定性。 -## 分级内存管理框架(etMem) -支持多种内存、存储介质扩展系统内存容量,降低内存使用成本。 -- **冷热页面识别**,通过内核态的内存页面忙闲统计机制,精确识别进程内存页面访问冷热分布。 -- **淘汰策略可配置**,提供配置接口,可定制内存页面冷热分级策略。 -- **平滑扩展**,冷页面自动换出到扩展内存,部署在其上的软件不需要改变和适配编程方式的情况下兼容的运行。 -- **多介质扩展支持**,支持SCM、XL Flash、NVMe SSD等多种介质作为扩展内存,根据介质自身访问速度指定内存冷热分层方案,达到扩展内存并减少性能损失的目的。 - ## OpenStack Victoria集成 简单、可大规模扩展、丰富、标准统一的云管理操作系统。更多特性,请参考OpenStack Victoria官方发行说明。 + - **集成openStack Vicoria版本**,使能基础设施即服务(IaaS)解决方案。 - **增强块存储服务能力**,增加容量扩展、快照和虚拟机镜像克隆等高级功能。 - **增强容器化部署和网络能力**,与容器能更好的集成。 @@ -62,6 +68,7 @@ NVWA是一种 OS 漏洞修复及升级解决方案,实现内核快速热替换 ## Kubernetes 1.20 集成 用于自动部署,扩展和管理容器化应用程序的云原生操作系统它更多特性,请参考Kubernetes 1.20官方发行说明。 + - **自动上线和回滚**,Kubernetes 会自动将应用或其配置的更改后的实例上线,同时监视应用程序运行状况,失败就会回滚之前所作更改。 - **服务发现和负载均衡**,服务发现和基于容器IP和DNS名称的负载均衡机支持。 - **存储编排**,支持多种存储后端的自动挂载,如本地存储、NFS、iSCSI、Gluster、Ceph等网络存储系统。 @@ -69,15 +76,17 @@ NVWA是一种 OS 漏洞修复及升级解决方案,实现内核快速热替换 ## HA 高可用集群方案 麒麟软件贡献的高可用集群方案,故障秒级切换,为用户提供业务连续性保障、数据持续保护、灾难恢复的高可用环境。 + - **支持多种保护模式**,双机热备、双机互备、多机备份(N+M)等多种保护模式支持,满足业务应用各种保护需求。 - **物理机场景和云场景双支持**,既可以在虚拟机池中进行配置高可用,也可以对物理服务器节点进行高可用保护。 - **支持网络(包括单心跳和双心跳模式)等心跳方式**,全方位监控共享数据资源,在极端情况下保障数据的一致性。 -- **资源损耗低**,可在线部署,同时确保被保护应用的资源使用安全。 +- **资源损耗低**,软件消耗的系统资源少,对应用部署和资源使用安全影响小。 - **支持主流系统服务及应用软件**,如nginx、httpd、mariaDB等,支持二次开发。 - **支持HA-WEB人机交互接口**,如用户登录、集群状态展示、资源控制等。 -- **支持HA-API机机交互接口**,如后端集群控制、资源管理、集群状态监控、资源状态监控等。 +- **支持HA-API集群控制REST接口**,如后端集群控制、资源管理、集群状态监控、资源状态监控等。 ## 更多桌面环境的支持 提供更多的开发桌面选择,更好的开发体验。 + - **Xfce桌面支持**,Xfce是一款轻量级 Linux 桌面,与主流UI相比对资源占用小。 - **DDE桌面支持**,是统信软件旗下的一款linux桌面环境,具有美观,易用,高效等特点。 diff --git "a/docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" "b/docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" index ba43d4adf9454a49ef1b39b5b01b98899c82a6ea..3184d0e46a41a31313d93a617a159d4268b66f28 100644 --- "a/docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" +++ "b/docs/zh/docs/Releasenotes/\345\217\202\344\270\216\350\264\241\347\214\256.md" @@ -6,7 +6,7 @@ openEuler将拥有共同兴趣的人们聚在一起,组成了不同的特别兴趣小组(SIG)。当前已有的SIG请参见[SIG列表](https://openeuler.org/zh/sig/sig-list/)。 -我们欢迎并鼓励你加入已有的SIG或创建新的SIG,创建方法请参见[SIG管理指南](https://gitee.com/openeuler/community/blob/master/zh/technical-committee/governance/README.md)。 +我们欢迎并鼓励你加入已有的SIG或创建新的SIG,创建方法请参见[SIG管理指南](https://gitee.com/openeuler/community/blob/master/zh/technical-committee/governance/)。 ## 邮件列表和任务 @@ -18,5 +18,5 @@ openEuler将拥有共同兴趣的人们聚在一起,组成了不同的特别 ## IRC -openEuler也在IRC开辟了频道,作为提供社区支持和交互的额外渠道。详情请参见[openEuler IRC](https://gitee.com/openeuler/community/blob/master/zh/communication/IRCs.md)。 +openEuler也在IRC开辟了频道,作为提供社区支持和交互的额外渠道。详情请参见[openEuler IRC](https://gitee.com/openeuler/community/blob/master/zh/communication/)。 diff --git "a/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" "b/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" index 292b484cc9650839224eb7ceef0de3f548b23825..54862386b629305f59bd22dc8746eac0c972cc45 100644 --- "a/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" +++ "b/docs/zh/docs/Releasenotes/\345\267\262\347\237\245\351\227\256\351\242\230.md" @@ -3,8 +3,8 @@ | ISSUE |问题描述 | |:--- |:---- | | [I39AN0](https://gitee.com/openeuler/community/issues/I26ZLO?from=project-issue) | 【21.03】arm物理机出现内核报错ACPI CPPC: Failed to find PCC channel for subspace 0 | -| [I39I7C](https://gitee.com/open_euler/dashboard?issue_id=I29P84) | 【21.03】arm理机出现内核报错The BMC does not support , but the BMC needs to be fixed | | [I39MQQ](https://gitee.com/open_euler/dashboard?issue_id=I39MQQ) | 【21.03】RC1版本 字符界面login处使用上下方向键后导致输入异常,无法正常进行用户登录| -| [I3A52C](https://gitee.com/open_euler/dashboard?issue_id=I3A52C) | 【21.03】samba服务启动失败 | +| [I3A8YY](https://gitee.com/open_euler/dashboard?issue_id=I3A8YY) | 【21.03】nfs-blkmap服务停止状态failed | | [I3AB65](https://gitee.com/open_euler/dashboard?issue_id=I3AB65) | 【21.03】SCAP Security guide 不支持对opss(通用操作系统保护配置文件)的检查 | -| [I3A8YY](https://gitee.com/open_euler/dashboard?issue_id=I3A8YY) | 【21.03】nfs-blkmap服务停止状态failed | \ No newline at end of file +| [I3A52C](https://gitee.com/open_euler/dashboard?issue_id=I3A52C) | 【21.03】samba服务启动失败 | +| [I3EAS1](https://gitee.com/open_euler/dashboard?issue_id=I3EAS1) | 【21.03】arm/x86 的megaraid卡类型物理机上echo c > /proc/sysrq-trigger后kdump无法生成vmcore | \ No newline at end of file diff --git "a/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" "b/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" index 9eb41b74329032ca7eb532ef2ef2f8ac87515d1f..b68a071ef01b07719a80f0f021dbbf54ece39751 100644 --- "a/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" +++ "b/docs/zh/docs/SecHarden/SELinux\351\205\215\347\275\256.md" @@ -63,4 +63,8 @@ openEuler默认开启SELinux,且默认模式为enforcing,用户可以通过 Max kernel policy version: 31 ``` +## SELinux策略约束 +SELinux是一个策略集中式的强制访问控制安全机制,selinux-policy会为操作系统中常用软件指定规则,因此部分软件的使用会受到一些约束,对于这些受到约束的软件,用户可以在关闭SELinux的情况下使用,如果需要在开启SELinux的情况下使用,可能需要进行规则适配。例如: + +- 使用freeradius连接sqlite,SELinux策略限制了sqlite数据库文件需要位于/var/lib/radiusd目录下,且SELinux标签为radiusd_var_lib_t。如果用户想将数据库文件放在其他位置,需要自行适配规则。 diff --git a/docs/zh/docs/desktop/Install_XFCE.md b/docs/zh/docs/desktop/Install_XFCE.md index 55725c7858134a053325b7df724ca9e477f9c9df..1163a39c84dfcc1ebe3f15af53397b558ef08d52 100644 --- a/docs/zh/docs/desktop/Install_XFCE.md +++ b/docs/zh/docs/desktop/Install_XFCE.md @@ -1,5 +1,5 @@ # 在 openEuler 上安装 XFCE -XFCE是一款轻量级 Linux 桌面,当前版本已经将所有不见从 GTK2 更新到 GTK3,从D-Dbus Glib更新到GDBus,大部分组件支持Object Introspection(简称 GI,用于产生与解析 C 程序库 API 元信息,以便于动态语言(或托管语言)绑定基于 C + GObject 的程序库)。优化用户体验,加入新特性,并修补大量BUG。与其它UI界面(GNOME、KDE)相比,XFCE占用的内存和CPU使用量非常小,给用户带来亲切和高效的使用体验。 +XFCE是一款轻量级 Linux 桌面,当前版本已经将所有部件从 GTK2 更新到 GTK3,从D-Dbus Glib更新到GDBus,大部分组件支持Object Introspection(简称 GI,用于产生与解析 C 程序库 API 元信息,以便于动态语言(或托管语言)绑定基于 C + GObject 的程序库)。优化用户体验,加入新特性,并修补大量BUG。与其它UI界面(GNOME、KDE)相比,XFCE占用的内存和CPU使用量非常小,给用户带来亲切和高效的使用体验。 XFCE支持x86_64和aarch64两种架构。 diff --git "a/docs/zh/docs/secGear/\344\275\277\347\224\250secGear\345\267\245\345\205\267.md" "b/docs/zh/docs/secGear/\344\275\277\347\224\250secGear\345\267\245\345\205\267.md" index 79c0733204a855d655e48c77386fee1cb082f5fc..6c969c15baa9b24478dacf8e4eb7f9c279e698ed 100644 --- "a/docs/zh/docs/secGear/\344\275\277\347\224\250secGear\345\267\245\345\205\267.md" +++ "b/docs/zh/docs/secGear/\344\275\277\347\224\250secGear\345\267\245\345\205\267.md" @@ -44,7 +44,7 @@ ARM 架构: #### **参数说明** -各参数含义如下:【安全侧、非安全测、可信区、非可信区,差异,统一用哪个。前面没有给出这个内容介绍,需要补充下】 +各参数含义如下: | **参数** | 是否可选 | 参数含义 | | ---------------------- | -------- | ------------------------------------------------------------ | @@ -158,4 +158,4 @@ $ sign_tool.sh –d sign –x sgx –i test.enclave -k private_test.pem –o sig $ sign_tool.sh –d sign –x sgx–i input –p pub.pem –s signature –o signed.enclave ``` -说明:为发布 Intel SGX 支持的正式版本应用,需要申请 Intel 白名单。流程请参考 Intel 文档:https://software.intel.com/content/www/us/en/develop/download/overview-on-signing-and-whitelisting-for-intel-software-guard-extensions-enclaves.html \ No newline at end of file +说明:为发布 Intel SGX 支持的正式版本应用,需要申请 Intel 白名单。流程请参考 Intel 文档:https://software.intel.com/content/www/us/en/develop/download/overview-on-signing-and-whitelisting-for-intel-software-guard-extensions-enclaves.html diff --git a/docs/zh/menu/index.md b/docs/zh/menu/index.md index 8f6d1d4a7340c1597fab2f0044d7d2d1b02f6bad..83547cc2789de1cc145151550ad71be75937d4c0 100644 --- a/docs/zh/menu/index.md +++ b/docs/zh/menu/index.md @@ -133,10 +133,10 @@ headless: true - [使用方法]({{< relref "./docs/A-Tune/使用方法.md" >}}) - [常见问题与解决方法]({{< relref "./docs/A-Tune/常见问题与解决方法.md" >}}) - [附录]({{< relref "./docs/A-Tune/附录.md" >}}) -- [内核热升级用户指南]({{< relref "./docs/NVWA/NVWA.md" >}}) - - [安装与部署]({{< relref "./docs/NVWA/安装与部署.md" >}}) - - [使用方法]({{< relref "./docs/NVWA/使用方法.md" >}}) - - [常见问题与解决方法]({{< relref "./docs/NVWA/常见问题与解决方法.md" >}}) +- [内核热升级指南]({{< relref "./docs/KernelLiveUpgrade/KernelLiveUpgrade.md" >}}) + - [安装与部署]({{< relref "./docs/KernelLiveUpgrade/安装与部署.md" >}}) + - [使用方法]({{< relref "./docs/KernelLiveUpgrade/使用方法.md" >}}) + - [常见问题与解决方法]({{< relref "./docs/KernelLiveUpgrade/常见问题与解决方法.md" >}}) - [附录]({{< relref "./docs/A-Tune/附录.md" >}}) - [应用开发指南]({{< relref "./docs/ApplicationDev/application-development.md" >}}) - [开发环境准备]({{< relref "./docs/ApplicationDev/开发环境准备.md" >}})