diff --git a/docs/en/server/security/secgear/secgear.md b/archive/security/secgear/en/secgear.md similarity index 100% rename from docs/en/server/security/secgear/secgear.md rename to archive/security/secgear/en/secgear.md diff --git a/docs/zh/server/security/secgear/secgear.md b/archive/security/secgear/zh/secgear.md similarity index 100% rename from docs/zh/server/security/secgear/secgear.md rename to archive/security/secgear/zh/secgear.md diff --git a/docs/zh/server/maintenance/kernel_live_upgrade/faqs_and_solutions.md b/archive/server/maintenance/kernel_live_upgrade-ch/faqs_and_solutions.md similarity index 100% rename from docs/zh/server/maintenance/kernel_live_upgrade/faqs_and_solutions.md rename to archive/server/maintenance/kernel_live_upgrade-ch/faqs_and_solutions.md diff --git a/docs/zh/server/maintenance/kernel_live_upgrade/kernel_live_upgrade.md b/archive/server/maintenance/kernel_live_upgrade-ch/kernel_live_upgrade.md similarity index 100% rename from docs/zh/server/maintenance/kernel_live_upgrade/kernel_live_upgrade.md rename to archive/server/maintenance/kernel_live_upgrade-ch/kernel_live_upgrade.md diff --git a/docs/en/server/maintenance/kernel_live_upgrade/faqs_and_solutions.md b/archive/server/maintenance/kernel_live_upgrade-en/faqs_and_solutions.md similarity index 100% rename from docs/en/server/maintenance/kernel_live_upgrade/faqs_and_solutions.md rename to archive/server/maintenance/kernel_live_upgrade-en/faqs_and_solutions.md diff --git a/docs/en/server/maintenance/kernel_live_upgrade/kernel_live_upgrade.md b/archive/server/maintenance/kernel_live_upgrade-en/kernel_live_upgrade.md similarity index 100% rename from docs/en/server/maintenance/kernel_live_upgrade/kernel_live_upgrade.md rename to archive/server/maintenance/kernel_live_upgrade-en/kernel_live_upgrade.md diff --git a/docs/en/server/maintenance/syscare/faqs_and_solutions.md b/archive/server/maintenance/syscare/en/faqs_and_solutions.md similarity index 100% rename from docs/en/server/maintenance/syscare/faqs_and_solutions.md rename to archive/server/maintenance/syscare/en/faqs_and_solutions.md diff --git a/docs/en/server/maintenance/syscare/syscare_user_guide.md b/archive/server/maintenance/syscare/en/syscare_user_guide.md similarity index 100% rename from docs/en/server/maintenance/syscare/syscare_user_guide.md rename to archive/server/maintenance/syscare/en/syscare_user_guide.md diff --git a/docs/en/server/_toc.yaml b/docs/en/server/_toc.yaml index dc25e3f35961405efcf2103353887183562f25bf..3376a8e6a36f3ffebcda72b028345f184ea55eb2 100644 --- a/docs/en/server/_toc.yaml +++ b/docs/en/server/_toc.yaml @@ -31,6 +31,7 @@ sections: - href: ./security/cve_ease/_toc.yaml - href: ./security/cert_signature/_toc.yaml - href: ./security/shangmi/_toc.yaml + - href: ./security/secdetector/_toc.yaml - label: Memory and Storage sections: - href: ./memory_storage/lvm/_toc.yaml @@ -60,6 +61,8 @@ sections: sections: - href: ./development/application_dev/_toc.yaml - href: ./development/gcc/_toc.yaml + - href: ./development/ai4c/_toc.yaml + - href: ./development/fangtian/_toc.yaml - label: High Availability sections: - href: ./high_availability/ha/_toc.yaml diff --git a/docs/en/server/administration/administrator/_toc.yaml b/docs/en/server/administration/administrator/_toc.yaml index c62f86c3475c0ff3ec2ab9f7d8f6ef8dcccf0666..b9b55aa71872f2eecb148bdec3a294466a91063b 100644 --- a/docs/en/server/administration/administrator/_toc.yaml +++ b/docs/en/server/administration/administrator/_toc.yaml @@ -25,5 +25,5 @@ sections: - label: Setting Up the Database Server href: ./setting_up_the_database_server.md - label: Memory_Management - - href: ./memory_management.md + href: ./memory_management.md diff --git a/docs/en/server/administration/sysmaster/device_management.md b/docs/en/server/administration/sysmaster/device_management.md index 0000f4c4ff28be245e065065cc5cb34ced0127d3..3cf62ec4db8bd6ec09de582489b85b65613e6aed 100644 --- a/docs/en/server/administration/sysmaster/device_management.md +++ b/docs/en/server/administration/sysmaster/device_management.md @@ -5,6 +5,7 @@ The device manager is a bridge between user-mode software and underlying physica devmaster consists of a daemon, a client tool, and a dynamic library. The devmaster daemon utilizes kernel mechanisms such as netlink, inotify, and sysfs to monitor device events and trigger rule processing tasks. The `devctl` client tool and **libs** dynamic library provide a set of CLI commands and public interfaces for debugging rules, controlling daemons, and querying device status. The following figure shows the overall architecture of devmaster. **Figure 1 devmaster overall architecture** + ![devmaster_architecture](./figures/devmaster_architecture.png) devmaster is written in the Rust language to ensure memory safety. The core functions of devmaster are as follows: diff --git a/docs/en/server/development/FangTian/_toc.yaml b/docs/en/server/development/fangtian/_toc.yaml similarity index 100% rename from docs/en/server/development/FangTian/_toc.yaml rename to docs/en/server/development/fangtian/_toc.yaml diff --git a/docs/en/server/development/FangTian/fangtian_environment_configuration.md b/docs/en/server/development/fangtian/fangtian_environment_configuration.md similarity index 100% rename from docs/en/server/development/FangTian/fangtian_environment_configuration.md rename to docs/en/server/development/fangtian/fangtian_environment_configuration.md diff --git a/docs/en/server/development/FangTian/fangtian_for_linux_waylan_and_openharmony_applications.md b/docs/en/server/development/fangtian/fangtian_for_linux_waylan_and_openharmony_applications.md similarity index 100% rename from docs/en/server/development/FangTian/fangtian_for_linux_waylan_and_openharmony_applications.md rename to docs/en/server/development/fangtian/fangtian_for_linux_waylan_and_openharmony_applications.md diff --git a/docs/en/server/development/FangTian/figures/arkui_ele.png b/docs/en/server/development/fangtian/figures/arkui_ele.png similarity index 100% rename from docs/en/server/development/FangTian/figures/arkui_ele.png rename to docs/en/server/development/fangtian/figures/arkui_ele.png diff --git a/docs/en/server/development/FangTian/figures/desktop_simple_apps.png b/docs/en/server/development/fangtian/figures/desktop_simple_apps.png similarity index 100% rename from docs/en/server/development/FangTian/figures/desktop_simple_apps.png rename to docs/en/server/development/fangtian/figures/desktop_simple_apps.png diff --git a/docs/en/server/development/FangTian/figures/wayland_apps.png b/docs/en/server/development/fangtian/figures/wayland_apps.png similarity index 100% rename from docs/en/server/development/FangTian/figures/wayland_apps.png rename to docs/en/server/development/fangtian/figures/wayland_apps.png diff --git a/docs/en/server/development/FangTian/overview.md b/docs/en/server/development/fangtian/overview.md similarity index 100% rename from docs/en/server/development/FangTian/overview.md rename to docs/en/server/development/fangtian/overview.md diff --git a/docs/en/server/development/gcc/_toc.yaml b/docs/en/server/development/gcc/_toc.yaml index 6a8cfab4f34c2497934e37d0db645cbbabe088ac..c585ae38d4b219eeb72f811cbbbc436c52d0f26e 100644 --- a/docs/en/server/development/gcc/_toc.yaml +++ b/docs/en/server/development/gcc/_toc.yaml @@ -6,5 +6,7 @@ description: >- sections: - label: Kernel FDO User Guide href: ./kernel_fdo_user_guide.md + - label: Link Time Binary Library Inlining Optimization + href: ./link_time_binary_library_inlining_optimization.md - label: PIN User Guide href: ./pin_user_guide.md diff --git a/docs/en/server/development/gcc/link_time_binary_library_inlining_optimization.md b/docs/en/server/development/gcc/link_time_binary_library_inlining_optimization.md new file mode 100644 index 0000000000000000000000000000000000000000..cdde9f3955b57e33b9465a39aa26063b7beff1c7 --- /dev/null +++ b/docs/en/server/development/gcc/link_time_binary_library_inlining_optimization.md @@ -0,0 +1,3 @@ +# Link Time Binary Library Inlining Optimization + +This document is currently not available in English. diff --git a/docs/en/server/maintenance/gala/using_gala_gopher.md b/docs/en/server/maintenance/gala/using_gala_gopher.md index 85c7cbf144811f6e89eaec79ec4f0b167c896768..7972d754af79287f2c100edce097ea3d23465dd0 100644 --- a/docs/en/server/maintenance/gala/using_gala_gopher.md +++ b/docs/en/server/maintenance/gala/using_gala_gopher.md @@ -185,7 +185,7 @@ If the following information is displayed, the service is started successfully: ## How to Use -## Deployment of External Dependent Software +### Deployment of External Dependent Software ![](./figures/gopher-arch.png) @@ -193,7 +193,7 @@ As shown in the preceding figure, the green parts are external dependent compone > Note: Obtain the installation packages of Kafka and Prometheus from the official websites. -## Output Data +### Output Data - **Metric** diff --git a/docs/en/server/maintenance/kernel_live_upgrade/_toc.yaml b/docs/en/server/maintenance/kernel_live_upgrade/_toc.yaml index 9f99686c0502e0acf75339a28c552da99fd60573..1e274ea1d962aeb7dd4bd3a6d55fc1835cb2c30d 100644 --- a/docs/en/server/maintenance/kernel_live_upgrade/_toc.yaml +++ b/docs/en/server/maintenance/kernel_live_upgrade/_toc.yaml @@ -1,13 +1,8 @@ label: Kernel Live Upgrade Guide isManual: true description: User-space automation tool that facilitates rapid kernel restarts and program live migration, enabling kernel hot-swapping functionality -sections:sections: - - label: Kernel Live Upgrade Guide - href: ./kernel_live_upgrade.md - sections:sections: - - label: Installation and Deployment - href: ./installation_and_deployment.md - - label: Usage Guide - href: ./usage_guide.md - - label: Common Issues and Solutions - href: ./faqs_and_solutions.md +sections: + - label: Installation and Deployment + href: ./installation_and_deployment.md + - label: Usage Guide + href: ./usage_guide.md diff --git a/docs/en/server/maintenance/syscare/_toc.yaml b/docs/en/server/maintenance/syscare/_toc.yaml index c1a1b9545af2480b9e61b79900263954192929b3..a77f19b7c66ff72608c59a0e3dedf8ad03916b71 100644 --- a/docs/en/server/maintenance/syscare/_toc.yaml +++ b/docs/en/server/maintenance/syscare/_toc.yaml @@ -2,16 +2,11 @@ label: SysCare User Guide isManual: true description: Online hot patching sections: - - label: SysCare User Guide - href: ./syscare_user_guide.md - sections: - - label: SysCare Introduction - href: ./syscare_introduction.md - - label: SysCare Installation - href: ./installing_syscare.md - - label: SysCare Usage - href: ./using_syscare.md - - label: Constraints - href: ./constraints.md - - label: Common Issues and Solutions - href: ./faqs_and_solutions.md + - label: SysCare Introduction + href: ./syscare_introduction.md + - label: SysCare Installation + href: ./installing_syscare.md + - label: SysCare Usage + href: ./using_syscare.md + - label: Constraints + href: ./constraints.md diff --git a/docs/en/server/security/secgear/_toc.yaml b/docs/en/server/security/secgear/_toc.yaml index 9e3b3ebc580baf5f0f110ff60d28f5dfc7345dea..6acb98e2e468b7984dd26a859cb55ae8b25a0321 100644 --- a/docs/en/server/security/secgear/_toc.yaml +++ b/docs/en/server/security/secgear/_toc.yaml @@ -1,9 +1,7 @@ label: secGear Developer Guide isManual: true -Description: Build applications with secGear to safeguard data during cloud operations. +description: Build applications with secGear to safeguard data during cloud operations. sections: - - label: secGear Developer Guide - href: ./secgear.md - label: Introduction to secGear href: ./introduction_to_secgear.md - label: secGear Installation diff --git a/docs/zh/edge_computing/k3s/k3s_deployment_guide.md b/docs/zh/edge_computing/k3s/k3s_deployment_guide.md index 6671cf170d9ac19c37e8c8e8abb1bfe75e3d0166..9f25d370fb8fb659c71c7b38734917139170b31c 100644 --- a/docs/zh/edge_computing/k3s/k3s_deployment_guide.md +++ b/docs/zh/edge_computing/k3s/k3s_deployment_guide.md @@ -1,6 +1,7 @@ # K3s部署指南 -### 什么是K3s +## 什么是K3s + K3s 是一个轻量级的 Kubernetes 发行版,它针对边缘计算、物联网等场景进行了高度优化。K3s 有以下增强功能: - 打包为单个二进制文件。 - 使用基于 sqlite3 的轻量级存储后端作为默认存储机制。同时支持使用 etcd3、MySQL 和 PostgreSQL 作为存储机制。 @@ -10,7 +11,8 @@ K3s 是一个轻量级的 Kubernetes 发行版,它针对边缘计算、物联 - 所有 Kubernetes control-plane 组件的操作都封装在单个二进制文件和进程中,使 K3s 具有自动化和管理包括证书分发在内的复杂集群操作的能力。 - 最大程度减轻了外部依赖性,K3s 仅需要 kernel 和 cgroup 挂载。 -### 适用场景 +## 适用场景 + K3s 适用于以下场景: - 边缘计算-Edge @@ -22,9 +24,9 @@ K3s 适用于以下场景: 由于运行 K3s 所需的资源相对较少,所以 K3s 也适用于开发和测试场景。在这些场景中,如果开发或测试人员需要对某些功能进行验证,或对某些问题进行重现,那么使用 K3s 不仅能够缩短启动集群的时间,还能够减少集群需要消耗的资源。 -### 部署K3s +## 部署K3s -#### 准备工作: +### 准备工作: - 确保server节点及agent节点主机名不一致: @@ -38,7 +40,7 @@ K3s 适用于以下场景: ![1661830441538](./figures/yum-install.png) -#### 部署server节点 +### 部署server节点 如需在单个服务器上安装 K3s,可以在 server 节点上执行如下操作: ``` @@ -47,11 +49,11 @@ INSTALL_K3S_SKIP_DOWNLOAD=true k3s-install.sh ![1661825352724](./figures/server-install.png) -#### 检查server部署情况 +### 检查server部署情况 ![1661825403705](./figures/check-server.png) -#### 部署agent节点 +### 部署agent节点 首先查询server节点的token值,该token可在server节点的/var/lib/rancher/k3s/server/node-token查到。 @@ -73,7 +75,7 @@ INSTALL_K3S_SKIP_DOWNLOAD=true K3S_URL=https://myserver:6443 K3S_TOKEN=mynodetok ![1661829392357](./figures/agent-install.png) -#### 检查agent节点是否部署成功 +### 检查agent节点是否部署成功 安装完毕后,回到 **server** 节点,执行 `kubectl get nodes`,可以看到agent节点已注册成功。 @@ -81,6 +83,6 @@ INSTALL_K3S_SKIP_DOWNLOAD=true K3S_URL=https://myserver:6443 K3S_TOKEN=mynodetok 至此,一个基础的k3s集群搭建完成。 -#### 更多用法 +### 更多用法 K3s的更多用法可以参考K3s官网,https://rancher.com/docs/k3s/latest/en/ ,https://docs.rancher.cn/k3s/ diff --git a/docs/zh/server/administration/administrator/_toc.yaml b/docs/zh/server/administration/administrator/_toc.yaml index e30342ff75659d5ca8f0b642c777a2d5e6f9bb06..cdf1fc6be84f3307262a63bdb764b071d0b471ea 100644 --- a/docs/zh/server/administration/administrator/_toc.yaml +++ b/docs/zh/server/administration/administrator/_toc.yaml @@ -25,5 +25,5 @@ sections: - label: 搭建数据库服务器 href: ./setting_up_the_database_server.md - label: 管理内存 - - href: ./memory_management.md + href: ./memory_management.md \ No newline at end of file diff --git a/docs/zh/server/administration/sysmaster/device_management.md b/docs/zh/server/administration/sysmaster/device_management.md index 9fa6b496e474b31d090c5ff35a0679fa072b6e93..9769a692d041fe49f5112410f5233593693f2548 100644 --- a/docs/zh/server/administration/sysmaster/device_management.md +++ b/docs/zh/server/administration/sysmaster/device_management.md @@ -5,6 +5,7 @@ `devmaster`由常驻进程、客户端工具和动态库组成。常驻进程`devmaster`基于内核提供的`netlink`、`inotify`、`sysfs`等机制,监听设备事件并触发规则处理任务;客户端工具`devctl`和动态库`libs`提供一组命令行指令以及公开接口,用于调试规则、控制常驻进程、查询设备状态等等。`devmaster`的总体架构如下图所示: **图1 devMaster的总体架构** + ![devMaster的总体架构](./figures/devmaster_architecture.png) `devmaster`使用 `Rust`语言编写,能够原生消除内存安全类问题。`devmaster`的核心功能如下: diff --git a/docs/zh/server/administration/sysmaster/overview.md b/docs/zh/server/administration/sysmaster/overview.md index f6e9a47416daf2f6fe4fc45f8f4c1e4ede347042..4dabdafd410bed2b1f815baef677a2e498e3b5e5 100644 --- a/docs/zh/server/administration/sysmaster/overview.md +++ b/docs/zh/server/administration/sysmaster/overview.md @@ -14,6 +14,7 @@ • `sysmaster-exts`:使原本耦合的各组件功能独立,提供系统关键功能的组件集合(如设备管理 `devMaster`,总线通信 `busMaster`等),各组件可单独使用,可根据不同场景灵活选用。 **图1** sysMaster整体架构图 + ![sysMaster](./figures/sysMaster.png) `sysMaster`目前主要由 `sysmaster`和 `devmaster`2部分功能组成,其中 `sysmaster`负责服务的管理,`devmaster`负责设备的管理,下面将对这2部分功能进行说明。 diff --git a/docs/zh/server/maintenance/aops/deploying_aops.md b/docs/zh/server/maintenance/aops/deploying_aops.md index 8fcda4b45fd3a1694cc629eef12e0316338bb9ae..8548e1990c8d37aa6821cee4a7dad74a5af0097c 100644 --- a/docs/zh/server/maintenance/aops/deploying_aops.md +++ b/docs/zh/server/maintenance/aops/deploying_aops.md @@ -1,4 +1,6 @@ -# 一、A-Ops服务介绍 +# A-Ops用户指南 + +## 一、A-Ops服务介绍 A-Ops是用于提升主机整体安全性的服务,通过资产管理、漏洞管理、配置溯源等功能,识别并管理主机中的信息资产,监测主机中的软件漏洞、排查主机中遇到的系统故障,使得目标主机能够更加稳定和安全的运行。 @@ -15,7 +17,7 @@ A-Ops是用于提升主机整体安全性的服务,通过资产管理、漏洞 | gala-ragdoll | A-Ops配置溯源模块,通过git监测并记录配置文件的改动,默认端口:11114 | | dnf-hotpatch-plugin | dnf插件,使得dnf工具可识别热补丁信息,提供热补丁扫描及热补丁修复功能。 | -# 二、部署环境要求 +## 二、部署环境要求 建议采用4台 openEuler 24.03-LTS 机器部署,其中3台用于配置服务端,1台用于纳管(aops服务纳管的主机),**且repo中需要配置update源**([FAQ:配置update源](#Q6、配置update源)),具体用途以及部署方案如下: @@ -56,22 +58,22 @@ SELINUX=disabled 注:此SELINUX状态配置在系统重启后生效。 -# 三、服务端部署 +## 三、服务端部署 -## 3.1、 资产管理 +### 3.1、 资产管理 使用资产管理功能需部署aops-zeus、aops-hermes、mysql、redis服务。 -### 3.1.1、节点信息 +#### 3.1.1、节点信息 | 机器编号 | 配置IP|部署模块| | -------- | -------- | -------- | | 机器A | 192.168.1.1 |mysql,redis| | 机器B | 192.168.1.2 |aops-zeus,aops-hermes| -### 3.1.2、部署步骤 +#### 3.1.2、部署步骤 -#### 3.1.2.1、 部署mysql +##### 3.1.2.1、 部署mysql - 安装mysql @@ -123,7 +125,7 @@ mysql> flush privileges; -- 刷新权限 mysql> exit ``` -#### 3.1.2.2、 部署redis +##### 3.1.2.2、 部署redis - 安装redis @@ -168,7 +170,7 @@ bind 127.0.0.1 192.168.1.1 # 此处添加机器A的真实IP systemctl start redis ``` -#### 3.1.2.3、 部署prometheus +##### 3.1.2.3、 部署prometheus - 安装prometheus @@ -208,7 +210,7 @@ scrape_configs: systemctl start prometheus ``` -#### 3.1.2.4、 部署aops-zeus +##### 3.1.2.4、 部署aops-zeus - 安装aops-zeus @@ -269,7 +271,7 @@ systemctl start aops-zeus > zeus服务启动失败,且报错内容包含mysql数据库连接失败,请排查是否设置mysql密码,如果是请参阅[FAQ:密码模式下mysql服务启动失败](#Q5、mysql设置为密码模式) -#### 3.1.2.5、 初始化aops-zeus数据库 +##### 3.1.2.5、 初始化aops-zeus数据库 - 执行数据库初始化 @@ -284,7 +286,7 @@ bash aops-basedatabase.sh init zeus [FAQ:/opt/aops/scripts/deploy目录不存在](#Q7、/opt/aops/scripts/deploy目录不存在) -#### 3.1.2.6、 部署aops-hermes +##### 3.1.2.6、 部署aops-hermes - 安装aops-hermes @@ -332,13 +334,13 @@ vim /etc/nginx/aops-nginx.conf systemctl start aops-hermes ``` -## 3.2、 漏洞管理 +### 3.2、 漏洞管理 CVE管理模块在[资产管理](#31-资产管理)模块的基础上实现,在部署CVE管理模块前须完成[资产管理](#31-资产管理)模块的部署,然后再部署aops-apollo。 数据服务部分aops-apollo服务的运行需要**mysql、elasticsearch、redis**数据库的支持。 -### 3.2.1、 节点信息 +#### 3.2.1、 节点信息 | 机器编号 | 配置IP | 部署模块 | | -------- | ----------- | ------------- | @@ -349,7 +351,7 @@ CVE管理模块在[资产管理](#31-资产管理)模块的基础上实现,在 [部署步骤](#312部署步骤) -#### 3.2.2.1、 部署elasticsearch +##### 3.2.2.1、 部署elasticsearch - 生成elasticsearch的repo源 @@ -424,7 +426,7 @@ http.cors.allow-origin: "*" systemctl restart elasticsearch ``` -#### 3.2.2.2、 部署aops-apollo +##### 3.2.2.2、 部署aops-apollo - 安装aops-apollo @@ -500,7 +502,7 @@ systemctl start aops-apollo > apollo服务启动失败,且报错内容包含mysql数据库连接失败,请排查是否设置mysql密码,如果是请参阅[密码模式下mysql服务启动失败](#Q5、mysql设置为密码模式) -#### 3.2.2.3、初始化aops-apollo数据库 +##### 3.2.2.3、初始化aops-apollo数据库 - apollo数据库初始化 @@ -515,21 +517,21 @@ bash aops-basedatabase.sh init apollo [FAQ:/opt/aops/scripts/deploy目录不存在](#Q7、/opt/aops/scripts/deploy目录不存在) -## 3.3、 配置溯源 +### 3.3、 配置溯源 A-Ops配置溯源在机器管理的基础上依赖gala-ragdoll实现,同样在部署gala-ragdoll服务之前,须完成[资产管理](#31-资产管理)部分的部署。 -### 3.3.1、 节点信息 +#### 3.3.1、 节点信息 | 机器编号 | 配置IP | 部署模块 | | -------- | ----------- | ------------ | | 机器C | 192.168.1.3 | gala-ragdoll | -### 3.3.2、 部署步骤 +#### 3.3.2、 部署步骤 [部署步骤](#312部署步骤) -#### 3.3.2.1、 部署gala-ragdoll +##### 3.3.2.1、 部署gala-ragdoll - 安装gala-ragdoll @@ -576,7 +578,7 @@ port = 11114 systemctl start gala-ragdoll ``` -## 3.4、 异常检测 +### 3.4、 异常检测 异常检测模块依赖[机器管理](#31-资产管理)服务,故在部署异常检测功能前须完成[机器管理](#31-资产管理)模块部署,然后再部署aops-diana。 @@ -584,7 +586,7 @@ systemctl start gala-ragdoll 数据服务部分aops-diana服务的运行需要**mysql、elasticsearch、kafka**以及**prometheus**的支持。 -### 3.4.1、 节点信息 +#### 3.4.1、 节点信息 | 机器编号 | 配置IP | 部署模块 | | -------- | ----------- | ---------- | @@ -592,13 +594,13 @@ systemctl start gala-ragdoll | 机器B | 192.168.1.2 | aops-diana | | 机器C | 192.168.1.3 | aops-diana | -### 3.4.2、 部署步骤 +#### 3.4.2、 部署步骤 [部署步骤](#312部署步骤) [部署elasticsearch](#3221-部署elasticsearch) -#### 3.4.2.1、 部署kafka +##### 3.4.2.1、 部署kafka kafka使用zooKeeper用于管理、协调代理,在应用**kafka**服务时需要同步部署**zookeeper**服务。 @@ -650,7 +652,7 @@ nohup ./kafka-server-start.sh ../config/server.properties & tail -f ./nohup.out ``` -#### 3.4.2.2、 部署diana +##### 3.4.2.2、 部署diana - 安装aops-diana @@ -820,7 +822,7 @@ systemctl start aops-diana > diana服务启动失败,且报错内容包含mysql数据库连接失败,请排查是否设置mysql密码,如果是请参阅[FAQ:密码模式下mysql服务启动失败](#Q5、mysql设置为密码模式) -#### 3.4.2.3、初始化aops-diana数据库 +##### 3.4.2.3、初始化aops-diana数据库 - diana数据库初始化 @@ -835,41 +837,41 @@ bash aops-basedatabase.sh init diana [FAQ:/opt/aops/scripts/deploy目录不存在](#Q7、/opt/aops/scripts/deploy目录不存在) -## 3.5、客户端安装 +### 3.5、客户端安装 aops-ceres作为A-Ops模块的客户端,通过ssh协议与AOps管理中心进行数据交互,提供采集主机信息、响应并处理中心命令等功能。 -### 3.5.1、 节点信息 +#### 3.5.1、 节点信息 | 机器编号 | 配置IP | 部署模块 | | -------- | ----------- | ---------- | | 机器D | 192.168.1.4 | aops-ceres | -### 3.5.2、 部署客户端 +#### 3.5.2、 部署客户端 ```shell yum install aops-ceres dnf-hotpatch-plugin -y ``` -## FAQ +### FAQ -### Q1、最大连接数(MaxStartups) +#### Q1、最大连接数(MaxStartups) 批量添加主机接口服务执行过程中会受到aops-zeus安装所在主机sshd服务配置中最大连接数(MaxStartups)的限制,会出现部分主机不能连接的情况,如有大量添加主机的需求,可考虑临时调增该数值。关于该配置项的修改可参考[ssh文档](https://www.man7.org/linux/man-pages/man5/sshd_config.5.html)。 -### Q2、504网关超时 +#### Q2、504网关超时 部分http访问接口执行时间较长,web端可能返回504错误,可向nginx配置中添加proxy_read_timeout配置项,并适当调大该数值,可降低504问题出现概率。 -### Q3、防火墙 +#### Q3、防火墙 若防火墙不方便关闭,请设置放行服务部署过程涉及的所有接口,否则会造成服务不可访问,影响A-Ops的正常使用。 -### Q4、elasticasearch访问拒绝 +#### Q4、elasticasearch访问拒绝 elasticsearch分布式部署多节点时,需调整配置跨域部分,允许各节点访问。 -### Q5、mysql设置为密码模式 +#### Q5、mysql设置为密码模式 - **服务配置mysql链接字符串** @@ -914,7 +916,7 @@ connect = pymysql.connect(host='$mysql_ip', port=$port, database='$aops_database **注意:当服务器不是以root用户登录时,需添加user="root"或mysql允许链接的用户名** -### Q6、配置update源 +#### Q6、配置update源 ```shell echo "[update] @@ -931,7 +933,7 @@ gpgcheck=0" > /etc/yum.repos.d/openEuler-update.repo > 注意: 其中**openEuler-24.03-LTS** 根据部署的系统版本具体调整,或可直接参与openeuler官网中针对repo源配置介绍 -### Q7、/opt/aops/scripts/deploy目录不存在 +#### Q7、/opt/aops/scripts/deploy目录不存在 在执行数据库初始化时,提示不存在`/opt/aops/scripts/deploy`文件目录,执行安装aops-tools工具包 diff --git a/docs/zh/server/maintenance/gala/using_gala_gopher.md b/docs/zh/server/maintenance/gala/using_gala_gopher.md index 2028a562c270d948b8cb3babe1aff01c7aa51468..0e38e6d51f7586c9f2d309641d71edb77c4317cc 100644 --- a/docs/zh/server/maintenance/gala/using_gala_gopher.md +++ b/docs/zh/server/maintenance/gala/using_gala_gopher.md @@ -4,7 +4,7 @@ gala-gopher作为数据采集模块提供OS级的监控能力,支持动态加 本章介绍如何部署和使用gala-gopher服务。 -#### 安装 +## 安装 挂载repo源: @@ -37,9 +37,9 @@ priority=1 # yum install gala-gopher ``` -#### 配置 +## 配置 -##### 配置介绍 +### 配置介绍 gala-gopher配置文件为`/opt/gala-gopher/gala-gopher.conf`,该文件配置项说明如下(省略无需用户配置的部分)。 @@ -83,7 +83,7 @@ gala-gopher配置文件为`/opt/gala-gopher/gala-gopher.conf`,该文件配置 - start_check:switch为auto时,需要根据start_check执行结果判定探针是否需要启动。 - switch:探针是否启动,支持配置on | off | auto,auto会根据start_check判定结果决定是否启动探针。 -##### 启动参数介绍 +### 启动参数介绍 | 参数项 | 含义 | | ------ | ------------------------------------------------------------ | @@ -103,7 +103,7 @@ gala-gopher配置文件为`/opt/gala-gopher/gala-gopher.conf`,该文件配置 | -w | 筛选应用程序监控范围,如-w /opt/gala-gopher/task_whitelist.conf,用户可将需要监控的程序名写入task_whitelist.conf中,默认配置为NULL表示不筛选 | | -n | 指定某个网卡挂载tc ebpf,默认配置为NULL表示所有网卡均挂载,示例: -n eth0 | -##### 配置文件示例 +### 配置文件示例 - 配置选择数据输出通道: @@ -163,7 +163,7 @@ gala-gopher配置文件为`/opt/gala-gopher/gala-gopher.conf`,该文件配置 ); ``` -#### 启动 +## 启动 配置完成后,执行如下命令启动gala-gopher。 @@ -183,9 +183,9 @@ gala-gopher配置文件为`/opt/gala-gopher/gala-gopher.conf`,该文件配置 > 说明:gala-gopher部署和运行均需要root权限。 -#### 使用方法 +## 使用方法 -##### 外部依赖软件部署 +### 外部依赖软件部署 ![gopher软件架构图](./figures/gopher软件架构图.png) @@ -193,7 +193,7 @@ gala-gopher配置文件为`/opt/gala-gopher/gala-gopher.conf`,该文件配置 > 说明:安装kafka、prometheus软件包时,需要从官网获取安装包进行部署。 -##### 输出数据 +### 输出数据 - **指标数据metrics** diff --git a/docs/zh/server/maintenance/kernel_live_upgrade/_toc.yaml b/docs/zh/server/maintenance/kernel_live_upgrade/_toc.yaml index 5488640f57b81dd99e629274f363ac2bca24e7e8..84f6de83ebfd8f64a64ab6621dfa8a7d2bc190e2 100644 --- a/docs/zh/server/maintenance/kernel_live_upgrade/_toc.yaml +++ b/docs/zh/server/maintenance/kernel_live_upgrade/_toc.yaml @@ -2,10 +2,7 @@ label: 内核热升级指南 isManual: true description: 使用用户态自动化工具快速重启内核和程序热迁移实现内核热替换特性 sections: - - label: 内核热升级指南 - href: ./kernel_live_upgrade.md - sections: - - label: 安装与部署 - href: ./installation_and_deployment.md - - label: 使用方法 - href: ./usage_guide.md + - label: 安装与部署 + href: ./installation_and_deployment.md + - label: 使用方法 + href: ./usage_guide.md diff --git a/docs/zh/server/releasenotes/releasenotes/_toc.yaml b/docs/zh/server/releasenotes/releasenotes/_toc.yaml index 7c89d0736f3a05ad4847c8f4f3d4a1f4ca4721a6..2125decb4da06f1f8b9123c969e68b93675083b5 100644 --- a/docs/zh/server/releasenotes/releasenotes/_toc.yaml +++ b/docs/zh/server/releasenotes/releasenotes/_toc.yaml @@ -1,6 +1,6 @@ label: 发行说明 isManual: true -description: openEuler 25.03 版本的发行说明 +description: openEuler 24.03 LTS SP1 版本的发行说明 sections: - label: 简介 href: ./introduction.md diff --git a/docs/zh/server/security/secgear/_toc.yaml b/docs/zh/server/security/secgear/_toc.yaml index 09697744f9838d9d24df626c4448b3173ffddb2a..a5311baa28f9b382643154b0691a8159de0072da 100644 --- a/docs/zh/server/security/secgear/_toc.yaml +++ b/docs/zh/server/security/secgear/_toc.yaml @@ -2,8 +2,6 @@ label: secGear开发指南 isManual: true description: 使用 secGear 统一机密计算编程框架开发应用程序,保障云端数据运行时的安全性 sections: - - label: secGear开发指南 - href: ./secgear.md - label: 认识secGear href: ./introduction_to_secgear.md - label: 安装与部署